diff --git a/.gitignore b/.gitignore index 95677ec70..cc78e6c4d 100644 --- a/.gitignore +++ b/.gitignore @@ -14,6 +14,7 @@ src/validations/report src/validations/src/ssp.xsl src/validations/target utils +/node_modules # XSpec reports (from OxygenXML XSpec use) src/validations/test/rules/poam-result.html @@ -31,3 +32,4 @@ src/validations/test/rules/rev5/ssp-result.html src/validations/test/rules/rev4/ssp-result.html src/validations/test/rules/rev5/poam-result.html src/validations/test/rules/rev5/sar-result.html + diff --git a/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog-min.json b/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog-min.json index 2f169f69c..89c9005f0 100644 --- a/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog-min.json +++ b/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog-min.json @@ -1,11 +1,11 @@ { "catalog": { - "uuid": "552b6976-bcf9-4e3e-b078-e05cfefe86c3", + "uuid": "68275f5d-6150-4f90-aa61-b0479aabe6f0", "metadata": { "title": "FedRAMP Rev 5 High Baseline", "published": "2023-08-31T00:00:00Z", - "last-modified": "2024-01-19T14:49:42.881594-05:00", - "version": "5.1.1+fedramp-20240111-0", + "last-modified": "2024-02-06T11:17:03.015838-05:00", + "version": "5.1.1+20231218-1", "oscal-version": "1.1.1", "links": [ { @@ -205,6 +205,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-01", + "class": "zero-padded" + }, { "name": "label", "value": "AC-1" @@ -284,12 +289,6 @@ "id": "ac-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -349,11 +348,6 @@ "id": "ac-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -365,12 +359,6 @@ "id": "ac-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -435,23 +423,6 @@ "id": "ac-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[01]", @@ -470,23 +441,6 @@ "id": "ac-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[02]", @@ -505,17 +459,6 @@ "id": "ac-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[03]", @@ -534,17 +477,6 @@ "id": "ac-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[04]", @@ -574,17 +506,6 @@ "id": "ac-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.01(a)", @@ -730,17 +651,6 @@ "id": "ac-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.01(b)", @@ -775,23 +685,6 @@ "id": "ac-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01b.", @@ -821,23 +714,6 @@ "id": "ac-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01c.01", @@ -893,23 +769,6 @@ "id": "ac-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01c.02", @@ -1141,9 +1000,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02", + "class": "zero-padded" }, { "name": "label", @@ -1299,11 +1158,6 @@ "id": "ac-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -1315,11 +1169,6 @@ "id": "ac-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -1331,11 +1180,6 @@ "id": "ac-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -1347,11 +1191,6 @@ "id": "ac-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -1398,11 +1237,6 @@ "id": "ac-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -1414,11 +1248,6 @@ "id": "ac-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -1430,11 +1259,6 @@ "id": "ac-2_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -1446,11 +1270,6 @@ "id": "ac-2_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -1497,11 +1316,6 @@ "id": "ac-2_smt.i", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "i." @@ -1548,11 +1362,6 @@ "id": "ac-2_smt.j", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "j." @@ -1564,11 +1373,6 @@ "id": "ac-2_smt.k", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "k." @@ -1580,11 +1384,6 @@ "id": "ac-2_smt.l", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "l." @@ -1625,17 +1424,6 @@ "id": "ac-2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-02a.[01]", @@ -1654,17 +1442,6 @@ "id": "ac-2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-02a.[02]", @@ -1691,23 +1468,6 @@ "id": "ac-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02b.", @@ -1726,23 +1486,6 @@ "id": "ac-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02c.", @@ -1761,17 +1504,6 @@ "id": "ac-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-02d.", @@ -1882,23 +1614,6 @@ "id": "ac-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02e.", @@ -1917,23 +1632,6 @@ "id": "ac-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02f.", @@ -2043,23 +1741,6 @@ "id": "ac-2_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02g.", @@ -2078,23 +1759,6 @@ "id": "ac-2_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02h.", @@ -2179,23 +1843,6 @@ "id": "ac-2_obj.i.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02i.01", @@ -2214,23 +1861,6 @@ "id": "ac-2_obj.i.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02i.02", @@ -2249,23 +1879,6 @@ "id": "ac-2_obj.i.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02i.03", @@ -2292,23 +1905,6 @@ "id": "ac-2_obj.j", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02j.", @@ -2338,23 +1934,6 @@ "id": "ac-2_obj.k-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02k.[01]", @@ -2373,23 +1952,6 @@ "id": "ac-2_obj.k-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02k.[02]", @@ -2416,23 +1978,6 @@ "id": "ac-2_obj.l", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02l.", @@ -2577,9 +2122,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(01)", + "class": "zero-padded" }, { "name": "label", @@ -2610,13 +2155,6 @@ { "id": "ac-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Support the management of system accounts using {{ insert: param, ac-02.01_odp }}." }, { @@ -2628,23 +2166,6 @@ "id": "ac-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(01)", @@ -2763,9 +2284,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(02)", + "class": "zero-padded" }, { "name": "label", @@ -2796,13 +2317,6 @@ { "id": "ac-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Automatically {{ insert: param, ac-02.02_odp.01 }} temporary and emergency accounts after {{ insert: param, ac-02.02_odp.02 }}." }, { @@ -2814,17 +2328,6 @@ "id": "ac-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(02)", @@ -2943,9 +2446,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(03)", + "class": "zero-padded" }, { "name": "label", @@ -2982,11 +2485,6 @@ "id": "ac-2.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -2998,11 +2496,6 @@ "id": "ac-2.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -3014,11 +2507,6 @@ "id": "ac-2.3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -3030,11 +2518,6 @@ "id": "ac-2.3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -3104,23 +2587,6 @@ "id": "ac-2.3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(03)(a)", @@ -3139,23 +2605,6 @@ "id": "ac-2.3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(03)(b)", @@ -3174,23 +2623,6 @@ "id": "ac-2.3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(03)(c)", @@ -3209,23 +2641,6 @@ "id": "ac-2.3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(03)(d)", @@ -3322,9 +2737,9 @@ "title": "Automated Audit Actions", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(04)", + "class": "zero-padded" }, { "name": "label", @@ -3363,41 +2778,17 @@ { "id": "ac-2.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Automatically audit account creation, modification, enabling, disabling, and removal actions." }, { "id": "ac-2.4_gdn", "name": "guidance", - "prose": "Account management audit records are defined in accordance with [AU-2](#au-2) and reviewed, analyzed, and reported in accordance with [AU-6](#au-6)." + "prose": "Account management audit records are defined in accordance with [AU-02](#au-2) and reviewed, analyzed, and reported in accordance with [AU-06](#au-6)." }, { "id": "ac-2.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(04)", @@ -3593,9 +2984,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(05)", + "class": "zero-padded" }, { "name": "label", @@ -3635,13 +3026,6 @@ { "id": "ac-2.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require that users log out when {{ insert: param, ac-02.05_odp }}.", "parts": [ { @@ -3673,23 +3057,6 @@ "id": "ac-2.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(05)", @@ -3767,9 +3134,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(07)", + "class": "zero-padded" }, { "name": "label", @@ -3805,11 +3172,6 @@ "id": "ac-2.7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -3821,11 +3183,6 @@ "id": "ac-2.7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -3837,11 +3194,6 @@ "id": "ac-2.7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -3853,11 +3205,6 @@ "id": "ac-2.7_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -3887,23 +3234,6 @@ "id": "ac-2.7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(07)(a)", @@ -3922,23 +3252,6 @@ "id": "ac-2.7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(07)(b)", @@ -3957,23 +3270,6 @@ "id": "ac-2.7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(07)(c)", @@ -3992,23 +3288,6 @@ "id": "ac-2.7_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(07)(d)", @@ -4121,9 +3400,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(09)", + "class": "zero-padded" }, { "name": "label", @@ -4154,13 +3433,6 @@ { "id": "ac-2.9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Only permit the use of shared and group accounts that meet {{ insert: param, ac-02.09_odp }}.", "parts": [ { @@ -4192,23 +3464,6 @@ "id": "ac-2.9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(09)", @@ -4317,9 +3572,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(11)", + "class": "zero-padded" }, { "name": "label", @@ -4350,13 +3605,6 @@ { "id": "ac-2.11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Enforce {{ insert: param, ac-02.11_odp.01 }} for {{ insert: param, ac-02.11_odp.02 }}." }, { @@ -4368,23 +3616,6 @@ "id": "ac-2.11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(11)", @@ -4498,9 +3729,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(12)", + "class": "zero-padded" }, { "name": "label", @@ -4561,11 +3792,6 @@ "id": "ac-2.12_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -4577,11 +3803,6 @@ "id": "ac-2.12_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -4640,23 +3861,6 @@ "id": "ac-2.12_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(12)(a)", @@ -4675,23 +3879,6 @@ "id": "ac-2.12_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(12)(b)", @@ -4813,9 +4000,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(13)", + "class": "zero-padded" }, { "name": "label", @@ -4854,13 +4041,6 @@ { "id": "ac-2.13_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Disable accounts of individuals within {{ insert: param, ac-02.13_odp.01 }} of discovery of {{ insert: param, ac-02.13_odp.02 }}." }, { @@ -4872,23 +4052,6 @@ "id": "ac-2.13_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(13)", @@ -4979,9 +4142,9 @@ "title": "Access Enforcement", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-03", + "class": "zero-padded" }, { "name": "label", @@ -5216,13 +4379,6 @@ { "id": "ac-3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies." }, { @@ -5234,23 +4390,6 @@ "id": "ac-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-03", @@ -5349,6 +4488,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-04", + "class": "zero-padded" + }, { "name": "label", "value": "AC-4" @@ -5458,13 +4602,6 @@ { "id": "ac-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Enforce approved authorizations for controlling the flow of information within the system and between connected systems based on {{ insert: param, ac-04_odp }}." }, { @@ -5476,23 +4613,6 @@ "id": "ac-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-04", @@ -5617,6 +4737,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-04(04)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-4(4)" @@ -5650,13 +4775,6 @@ { "id": "ac-4.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent encrypted information from bypassing {{ insert: param, ac-04.04_odp.01 }} by {{ insert: param, ac-04.04_odp.02 }}.", "parts": [ { @@ -5688,23 +4806,6 @@ "id": "ac-4.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-04(04)", @@ -5825,6 +4926,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-04(21)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-4(21)" @@ -5863,13 +4969,6 @@ { "id": "ac-4.21_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Separate information flows logically or physically using {{ insert: param, ac-4.21_prm_1 }} to accomplish {{ insert: param, ac-04.21_odp.03 }}." }, { @@ -5881,23 +4980,6 @@ "id": "ac-4.21_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-04(21)", @@ -6035,6 +5117,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-05", + "class": "zero-padded" + }, { "name": "label", "value": "AC-5" @@ -6129,11 +5216,6 @@ "id": "ac-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -6145,11 +5227,6 @@ "id": "ac-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -6197,17 +5274,6 @@ "id": "ac-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-05a.", @@ -6226,17 +5292,6 @@ "id": "ac-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-05b.", @@ -6333,9 +5388,9 @@ "title": "Least Privilege", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06", + "class": "zero-padded" }, { "name": "label", @@ -6410,13 +5465,6 @@ { "id": "ac-6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks." }, { @@ -6428,23 +5476,6 @@ "id": "ac-6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06", @@ -6593,6 +5624,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-06(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-6(1)" @@ -6648,11 +5684,6 @@ "id": "ac-6.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -6664,11 +5695,6 @@ "id": "ac-6.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -6698,23 +5724,6 @@ "id": "ac-6.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(01)(a)", @@ -6788,23 +5797,6 @@ "id": "ac-6.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(01)(b)", @@ -6917,9 +5909,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06(02)", + "class": "zero-padded" }, { "name": "label", @@ -6966,13 +5958,6 @@ { "id": "ac-6.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require that users of system accounts (or roles) with access to {{ insert: param, ac-06.02_odp }} use non-privileged accounts or roles, when accessing nonsecurity functions.", "parts": [ { @@ -7004,23 +5989,6 @@ "id": "ac-6.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(02)", @@ -7134,9 +6102,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06(03)", + "class": "zero-padded" }, { "name": "label", @@ -7179,13 +6147,6 @@ { "id": "ac-6.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Authorize network access to {{ insert: param, ac-06.03_odp.01 }} only for {{ insert: param, ac-06.03_odp.02 }} and document the rationale for such access in the security plan for the system." }, { @@ -7208,23 +6169,6 @@ "id": "ac-6.3_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(03)[01]", @@ -7243,17 +6187,6 @@ "id": "ac-6.3_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(03)[02]", @@ -7361,9 +6294,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06(05)", + "class": "zero-padded" }, { "name": "label", @@ -7406,13 +6339,6 @@ { "id": "ac-6.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Restrict privileged accounts on the system to {{ insert: param, ac-06.05_odp }}." }, { @@ -7424,23 +6350,6 @@ "id": "ac-6.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(05)", @@ -7558,6 +6467,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-06(07)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-6(7)" @@ -7596,11 +6510,6 @@ "id": "ac-6.7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -7612,11 +6521,6 @@ "id": "ac-6.7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -7646,23 +6550,6 @@ "id": "ac-6.7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(07)(a)", @@ -7681,23 +6568,6 @@ "id": "ac-6.7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(07)(b)", @@ -7810,9 +6680,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06(08)", + "class": "zero-padded" }, { "name": "label", @@ -7843,13 +6713,6 @@ { "id": "ac-6.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent the following software from executing at higher privilege levels than users executing the software: {{ insert: param, ac-06.08_odp }}." }, { @@ -7861,23 +6724,6 @@ "id": "ac-6.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(08)", @@ -7965,6 +6811,11 @@ "class": "SP800-53-enhancement", "title": "Log Use of Privileged Functions", "props": [ + { + "name": "label", + "value": "AC-06(09)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-6(9)" @@ -8006,13 +6857,6 @@ { "id": "ac-6.9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Log the execution of privileged functions." }, { @@ -8024,23 +6868,6 @@ "id": "ac-6.9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(09)", @@ -8129,9 +6956,9 @@ "title": "Prohibit Non-privileged Users from Executing Privileged Functions", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06(10)", + "class": "zero-padded" }, { "name": "label", @@ -8162,13 +6989,6 @@ { "id": "ac-6.10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent non-privileged users from executing privileged functions." }, { @@ -8180,23 +7000,6 @@ "id": "ac-6.10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(10)", @@ -8346,6 +7149,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-07", + "class": "zero-padded" + }, { "name": "label", "value": "AC-7" @@ -8404,11 +7212,6 @@ "id": "ac-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -8420,11 +7223,6 @@ "id": "ac-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -8472,23 +7270,6 @@ "id": "ac-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-07a.", @@ -8507,23 +7288,6 @@ "id": "ac-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-07b.", @@ -8649,6 +7413,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-08", + "class": "zero-padded" + }, { "name": "label", "value": "AC-8" @@ -8696,11 +7465,6 @@ "id": "ac-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -8758,11 +7522,6 @@ "id": "ac-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -8774,11 +7533,6 @@ "id": "ac-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -8894,23 +7648,6 @@ "id": "ac-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.", @@ -8923,17 +7660,6 @@ "id": "ac-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.01", @@ -8952,17 +7678,6 @@ "id": "ac-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.02", @@ -8981,17 +7696,6 @@ "id": "ac-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.03", @@ -9010,17 +7714,6 @@ "id": "ac-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.04", @@ -9047,23 +7740,6 @@ "id": "ac-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-08b.", @@ -9082,17 +7758,6 @@ "id": "ac-8_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08c.", @@ -9268,6 +7933,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-10", + "class": "zero-padded" + }, { "name": "label", "value": "AC-10" @@ -9297,13 +7967,6 @@ { "id": "ac-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Limit the number of concurrent sessions for each {{ insert: param, ac-10_odp.01 }} to {{ insert: param, ac-10_odp.02 }}." }, { @@ -9315,23 +7978,6 @@ "id": "ac-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-10", @@ -9445,6 +8091,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-11", + "class": "zero-padded" + }, { "name": "label", "value": "AC-11" @@ -9491,11 +8142,6 @@ "id": "ac-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -9507,11 +8153,6 @@ "id": "ac-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -9541,23 +8182,6 @@ "id": "ac-11_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-11a.", @@ -9576,23 +8200,6 @@ "id": "ac-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-11b.", @@ -9688,6 +8295,11 @@ "class": "SP800-53-enhancement", "title": "Pattern-hiding Displays", "props": [ + { + "name": "label", + "value": "AC-11(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-11(1)" @@ -9717,13 +8329,6 @@ { "id": "ac-11.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Conceal, via the device lock, information previously visible on the display with a publicly viewable image." }, { @@ -9735,23 +8340,6 @@ "id": "ac-11.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-11(01)", @@ -9852,6 +8440,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-12", + "class": "zero-padded" + }, { "name": "label", "value": "AC-12" @@ -9889,13 +8482,6 @@ { "id": "ac-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Automatically terminate a user session after {{ insert: param, ac-12_odp }}." }, { @@ -9907,23 +8493,6 @@ "id": "ac-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-12", @@ -10022,6 +8591,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-14", + "class": "zero-padded" + }, { "name": "label", "value": "AC-14" @@ -10064,11 +8638,6 @@ "id": "ac-14_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -10080,11 +8649,6 @@ "id": "ac-14_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -10114,23 +8678,6 @@ "id": "ac-14_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-14a.", @@ -10149,17 +8696,6 @@ "id": "ac-14_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-14b.", @@ -10270,6 +8806,11 @@ "class": "SP800-53", "title": "Remote Access", "props": [ + { + "name": "label", + "value": "AC-17", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17" @@ -10400,11 +8941,6 @@ "id": "ac-17_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -10416,11 +8952,6 @@ "id": "ac-17_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -10450,23 +8981,6 @@ "id": "ac-17_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-17a.", @@ -10540,23 +9054,6 @@ "id": "ac-17_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17b.", @@ -10652,6 +9149,11 @@ "class": "SP800-53-enhancement", "title": "Monitoring and Control", "props": [ + { + "name": "label", + "value": "AC-17(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17(1)" @@ -10702,13 +9204,6 @@ { "id": "ac-17.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ automated mechanisms to monitor and control remote access methods." }, { @@ -10720,23 +9215,6 @@ "id": "ac-17.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(01)", @@ -10862,9 +9340,9 @@ "title": "Protection of Confidentiality and Integrity Using Encryption", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-17(02)", + "class": "zero-padded" }, { "name": "label", @@ -10907,13 +9385,6 @@ { "id": "ac-17.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to protect the confidentiality and integrity of remote access sessions." }, { @@ -10925,23 +9396,6 @@ "id": "ac-17.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(02)", @@ -11029,6 +9483,11 @@ "class": "SP800-53-enhancement", "title": "Managed Access Control Points", "props": [ + { + "name": "label", + "value": "AC-17(03)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17(3)" @@ -11062,13 +9521,6 @@ { "id": "ac-17.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Route remote accesses through authorized and managed network access control points." }, { @@ -11080,23 +9532,6 @@ "id": "ac-17.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(03)", @@ -11208,6 +9643,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-17(04)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17(4)" @@ -11254,11 +9694,6 @@ "id": "ac-17.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -11270,11 +9705,6 @@ "id": "ac-17.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -11315,23 +9745,6 @@ "id": "ac-17.4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(a)[01]", @@ -11350,23 +9763,6 @@ "id": "ac-17.4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(a)[02]", @@ -11385,23 +9781,6 @@ "id": "ac-17.4_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(a)[03]", @@ -11420,23 +9799,6 @@ "id": "ac-17.4_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(a)[04]", @@ -11463,17 +9825,6 @@ "id": "ac-17.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(b)", @@ -11571,6 +9922,11 @@ "class": "SP800-53", "title": "Wireless Access", "props": [ + { + "name": "label", + "value": "AC-18", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18" @@ -11661,11 +10017,6 @@ "id": "ac-18_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -11677,11 +10028,6 @@ "id": "ac-18_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -11711,23 +10057,6 @@ "id": "ac-18_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-18a.", @@ -11801,23 +10130,6 @@ "id": "ac-18_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18b.", @@ -11925,6 +10237,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-18(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18(1)" @@ -11966,13 +10283,6 @@ { "id": "ac-18.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect wireless access to the system using authentication of {{ insert: param, ac-18.01_odp }} and encryption." }, { @@ -11995,23 +10305,6 @@ "id": "ac-18.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18(01)[01]", @@ -12030,23 +10323,6 @@ "id": "ac-18.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18(01)[02]", @@ -12142,6 +10418,11 @@ "class": "SP800-53-enhancement", "title": "Disable Wireless Networking", "props": [ + { + "name": "label", + "value": "AC-18(03)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18(3)" @@ -12176,13 +10457,6 @@ { "id": "ac-18.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Disable, when not intended for use, wireless networking capabilities embedded within system components prior to issuance and deployment." }, { @@ -12194,23 +10468,6 @@ "id": "ac-18.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18(03)", @@ -12298,6 +10555,11 @@ "class": "SP800-53-enhancement", "title": "Restrict Configurations by Users", "props": [ + { + "name": "label", + "value": "AC-18(04)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18(4)" @@ -12335,13 +10597,6 @@ { "id": "ac-18.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify and explicitly authorize users allowed to independently configure wireless networking capabilities." }, { @@ -12353,23 +10608,6 @@ "id": "ac-18.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-18(04)", @@ -12494,6 +10732,11 @@ "class": "SP800-53-enhancement", "title": "Antennas and Transmission Power Levels", "props": [ + { + "name": "label", + "value": "AC-18(05)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18(5)" @@ -12527,13 +10770,6 @@ { "id": "ac-18.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Select radio antennas and calibrate transmission power levels to reduce the probability that signals from wireless access points can be received outside of organization-controlled boundaries." }, { @@ -12556,23 +10792,6 @@ "id": "ac-18.5_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18(05)[01]", @@ -12591,23 +10810,6 @@ "id": "ac-18.5_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18(05)[02]", @@ -12705,6 +10907,11 @@ "class": "SP800-53", "title": "Access Control for Mobile Devices", "props": [ + { + "name": "label", + "value": "AC-19", + "class": "zero-padded" + }, { "name": "label", "value": "AC-19" @@ -12831,11 +11038,6 @@ "id": "ac-19_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -12847,11 +11049,6 @@ "id": "ac-19_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -12881,23 +11078,6 @@ "id": "ac-19_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-19a.", @@ -12971,23 +11151,6 @@ "id": "ac-19_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-19b.", @@ -13103,6 +11266,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-19(05)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-19(5)" @@ -13144,13 +11312,6 @@ { "id": "ac-19.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ {{ insert: param, ac-19.05_odp.01 }} to protect the confidentiality and integrity of information on {{ insert: param, ac-19.05_odp.02 }}." }, { @@ -13162,23 +11323,6 @@ "id": "ac-19.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-19(05)", @@ -13307,6 +11451,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-20", + "class": "zero-padded" + }, { "name": "label", "value": "AC-20" @@ -13385,11 +11534,6 @@ "id": "ac-20_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -13425,11 +11569,6 @@ "id": "ac-20_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -13477,23 +11616,6 @@ "id": "ac-20_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-20a.", @@ -13549,23 +11671,6 @@ "id": "ac-20_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-20b.", @@ -13661,6 +11766,11 @@ "class": "SP800-53-enhancement", "title": "Limits on Authorized Use", "props": [ + { + "name": "label", + "value": "AC-20(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-20(1)" @@ -13700,11 +11810,6 @@ "id": "ac-20.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -13716,11 +11821,6 @@ "id": "ac-20.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -13750,23 +11850,6 @@ "id": "ac-20.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-20(01)(a)", @@ -13785,23 +11868,6 @@ "id": "ac-20.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-20(01)(b)", @@ -13908,6 +11974,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-20(02)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-20(2)" @@ -13945,13 +12016,6 @@ { "id": "ac-20.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Restrict the use of organization-controlled portable storage devices by authorized individuals on external systems using {{ insert: param, ac-20.02_odp }}." }, { @@ -13963,23 +12027,6 @@ "id": "ac-20.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-20(02)", @@ -14089,6 +12136,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-21", + "class": "zero-padded" + }, { "name": "label", "value": "AC-21" @@ -14159,11 +12211,6 @@ "id": "ac-21_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -14175,11 +12222,6 @@ "id": "ac-21_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -14209,23 +12251,6 @@ "id": "ac-21_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-21a.", @@ -14244,23 +12269,6 @@ "id": "ac-21_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-21b.", @@ -14372,6 +12380,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-22", + "class": "zero-padded" + }, { "name": "label", "value": "AC-22" @@ -14422,11 +12435,6 @@ "id": "ac-22_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -14438,11 +12446,6 @@ "id": "ac-22_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -14454,11 +12457,6 @@ "id": "ac-22_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -14470,11 +12468,6 @@ "id": "ac-22_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -14504,23 +12497,6 @@ "id": "ac-22_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-22a.", @@ -14539,23 +12515,6 @@ "id": "ac-22_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-22b.", @@ -14574,23 +12533,6 @@ "id": "ac-22_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-22c.", @@ -14609,23 +12551,6 @@ "id": "ac-22_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-22d.", @@ -14860,6 +12785,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-01", + "class": "zero-padded" + }, { "name": "label", "value": "AT-1" @@ -14931,12 +12861,6 @@ "id": "at-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -14996,11 +12920,6 @@ "id": "at-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -15012,12 +12931,6 @@ "id": "at-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -15082,23 +12995,6 @@ "id": "at-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[01]", @@ -15117,23 +13013,6 @@ "id": "at-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[02]", @@ -15152,17 +13031,6 @@ "id": "at-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[03]", @@ -15181,17 +13049,6 @@ "id": "at-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[04]", @@ -15221,17 +13078,6 @@ "id": "at-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.01(a)", @@ -15377,17 +13223,6 @@ "id": "at-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.01(b)", @@ -15422,23 +13257,6 @@ "id": "at-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01b.", @@ -15468,23 +13286,6 @@ "id": "at-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01c.01", @@ -15540,23 +13341,6 @@ "id": "at-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01c.02", @@ -15758,6 +13542,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-02", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2" @@ -15881,11 +13670,6 @@ "id": "at-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -15921,11 +13705,6 @@ "id": "at-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -15937,11 +13716,6 @@ "id": "at-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -15953,11 +13727,6 @@ "id": "at-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -16009,23 +13778,6 @@ "id": "at-2_obj.a.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[01]", @@ -16044,23 +13796,6 @@ "id": "at-2_obj.a.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[02]", @@ -16079,23 +13814,6 @@ "id": "at-2_obj.a.1-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[03]", @@ -16114,23 +13832,6 @@ "id": "at-2_obj.a.1-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[04]", @@ -16157,23 +13858,6 @@ "id": "at-2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.02", @@ -16237,17 +13921,6 @@ "id": "at-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AT-02b.", @@ -16266,23 +13939,6 @@ "id": "at-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02c.", @@ -16338,23 +13994,6 @@ "id": "at-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02d.", @@ -16450,6 +14089,11 @@ "class": "SP800-53-enhancement", "title": "Insider Threat", "props": [ + { + "name": "label", + "value": "AT-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2(2)" @@ -16488,13 +14132,6 @@ { "id": "at-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide literacy training on recognizing and reporting potential indicators of insider threat." }, { @@ -16506,23 +14143,6 @@ "id": "at-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02(02)", @@ -16625,6 +14245,11 @@ "class": "SP800-53-enhancement", "title": "Social Engineering and Mining", "props": [ + { + "name": "label", + "value": "AT-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2(3)" @@ -16659,13 +14284,6 @@ { "id": "at-2.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide literacy training on recognizing and reporting potential and actual instances of social engineering and social mining." }, { @@ -16677,23 +14295,6 @@ "id": "at-2.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02(03)", @@ -16895,6 +14496,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-03", + "class": "zero-padded" + }, { "name": "label", "value": "AT-3" @@ -17030,11 +14636,6 @@ "id": "at-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -17070,11 +14671,6 @@ "id": "at-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -17086,11 +14682,6 @@ "id": "at-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -17131,23 +14722,6 @@ "id": "at-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-03a.01", @@ -17239,23 +14813,6 @@ "id": "at-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-03a.02", @@ -17319,17 +14876,6 @@ "id": "at-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AT-03b.", @@ -17385,23 +14931,6 @@ "id": "at-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-03c.", @@ -17513,6 +15042,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-04", + "class": "zero-padded" + }, { "name": "label", "value": "AT-4" @@ -17576,11 +15110,6 @@ "id": "at-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -17592,11 +15121,6 @@ "id": "at-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -17626,23 +15150,6 @@ "id": "at-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-04a.", @@ -17698,17 +15205,6 @@ "id": "at-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AT-04b.", @@ -17906,6 +15402,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-01", + "class": "zero-padded" + }, { "name": "label", "value": "AU-1" @@ -17969,12 +15470,6 @@ "id": "au-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -18034,11 +15529,6 @@ "id": "au-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -18050,12 +15540,6 @@ "id": "au-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -18120,23 +15604,6 @@ "id": "au-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[01]", @@ -18155,23 +15622,6 @@ "id": "au-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[02]", @@ -18190,17 +15640,6 @@ "id": "au-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[03]", @@ -18219,17 +15658,6 @@ "id": "au-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[04]", @@ -18259,17 +15687,6 @@ "id": "au-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.01(a)", @@ -18415,17 +15832,6 @@ "id": "au-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.01(b)", @@ -18460,23 +15866,6 @@ "id": "au-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01b.", @@ -18506,23 +15895,6 @@ "id": "au-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01c.01", @@ -18578,23 +15950,6 @@ "id": "au-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01c.02", @@ -18771,9 +16126,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-02", + "class": "zero-padded" }, { "name": "label", @@ -18949,11 +16304,6 @@ "id": "au-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -18965,11 +16315,6 @@ "id": "au-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -18981,11 +16326,6 @@ "id": "au-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -18997,11 +16337,6 @@ "id": "au-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -19013,11 +16348,6 @@ "id": "au-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -19076,23 +16406,6 @@ "id": "au-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02a.", @@ -19111,23 +16424,6 @@ "id": "au-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02b.", @@ -19157,23 +16453,6 @@ "id": "au-2_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02c.[01]", @@ -19192,17 +16471,6 @@ "id": "au-2_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-02c.[02]", @@ -19229,23 +16497,6 @@ "id": "au-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02d.", @@ -19264,17 +16515,6 @@ "id": "au-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-02e.", @@ -19371,9 +16611,9 @@ "title": "Content of Audit Records", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-03", + "class": "zero-padded" }, { "name": "label", @@ -19450,11 +16690,6 @@ "id": "au-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -19466,11 +16701,6 @@ "id": "au-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -19482,11 +16712,6 @@ "id": "au-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -19498,11 +16723,6 @@ "id": "au-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -19514,11 +16734,6 @@ "id": "au-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -19530,11 +16745,6 @@ "id": "au-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -19553,23 +16763,6 @@ "id": "au-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-03", @@ -19783,9 +16976,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-03(01)", + "class": "zero-padded" }, { "name": "label", @@ -19816,13 +17009,6 @@ { "id": "au-3.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Generate audit records containing the following additional information: {{ insert: param, au-03.01_odp }}.", "parts": [ { @@ -19854,23 +17040,6 @@ "id": "au-3.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-03(01)", @@ -19972,9 +17141,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-04", + "class": "zero-padded" }, { "name": "label", @@ -20042,13 +17211,6 @@ { "id": "au-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Allocate audit log storage capacity to accommodate {{ insert: param, au-04_odp }}." }, { @@ -20060,23 +17222,6 @@ "id": "au-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-04", @@ -20199,9 +17344,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-05", + "class": "zero-padded" }, { "name": "label", @@ -20269,11 +17414,6 @@ "id": "au-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -20285,11 +17425,6 @@ "id": "au-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -20319,23 +17454,6 @@ "id": "au-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-05a.", @@ -20354,23 +17472,6 @@ "id": "au-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-05b.", @@ -20501,9 +17602,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-05(01)", + "class": "zero-padded" }, { "name": "label", @@ -20534,13 +17635,6 @@ { "id": "au-5.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide a warning to {{ insert: param, au-05.01_odp.01 }} within {{ insert: param, au-05.01_odp.02 }} when allocated audit log storage volume reaches {{ insert: param, au-05.01_odp.03 }} of repository maximum audit log storage capacity." }, { @@ -20552,23 +17646,6 @@ "id": "au-5.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-05(01)", @@ -20701,9 +17778,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-05(02)", + "class": "zero-padded" }, { "name": "label", @@ -20734,13 +17811,6 @@ { "id": "au-5.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide an alert within {{ insert: param, au-05.02_odp.01 }} to {{ insert: param, au-05.02_odp.02 }} when the following audit failure events occur: {{ insert: param, au-05.02_odp.03 }}." }, { @@ -20752,23 +17822,6 @@ "id": "au-5.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-05(02)", @@ -20871,9 +17924,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06", + "class": "zero-padded" }, { "name": "label", @@ -21038,11 +18091,6 @@ "id": "au-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -21054,11 +18102,6 @@ "id": "au-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -21070,11 +18113,6 @@ "id": "au-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -21122,23 +18160,6 @@ "id": "au-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06a.", @@ -21157,23 +18178,6 @@ "id": "au-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06b.", @@ -21192,23 +18196,6 @@ "id": "au-6_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06c.", @@ -21294,9 +18281,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06(01)", + "class": "zero-padded" }, { "name": "label", @@ -21336,13 +18323,6 @@ { "id": "au-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Integrate audit record review, analysis, and reporting processes using {{ insert: param, au-06.01_odp }}." }, { @@ -21354,23 +18334,6 @@ "id": "au-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06(01)", @@ -21459,9 +18422,9 @@ "title": "Correlate Audit Record Repositories", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06(03)", + "class": "zero-padded" }, { "name": "label", @@ -21505,13 +18468,6 @@ { "id": "au-6.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Analyze and correlate audit records across different repositories to gain organization-wide situational awareness." }, { @@ -21523,23 +18479,6 @@ "id": "au-6.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06(03)", @@ -21628,9 +18567,9 @@ "title": "Central Review and Analysis", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06(04)", + "class": "zero-padded" }, { "name": "label", @@ -21674,13 +18613,6 @@ { "id": "au-6.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide and implement the capability to centrally review and analyze audit records from multiple components within the system." }, { @@ -21692,23 +18624,6 @@ "id": "au-6.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06(04)", @@ -21862,9 +18777,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06(05)", + "class": "zero-padded" }, { "name": "label", @@ -21908,13 +18823,6 @@ { "id": "au-6.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Integrate analysis of audit records with analysis of {{ insert: param, au-06.05_odp.01 }} to further enhance the ability to identify inappropriate or unusual activity." }, { @@ -21926,23 +18834,6 @@ "id": "au-6.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06(05)", @@ -22031,9 +18922,9 @@ "title": "Correlation with Physical Monitoring", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06(06)", + "class": "zero-padded" }, { "name": "label", @@ -22069,13 +18960,6 @@ { "id": "au-6.6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Correlate information from audit records with information obtained from monitoring physical access to further enhance the ability to identify suspicious, inappropriate, unusual, or malevolent activity.", "parts": [ { @@ -22107,23 +18991,6 @@ "id": "au-6.6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06(06)", @@ -22230,9 +19097,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06(07)", + "class": "zero-padded" }, { "name": "label", @@ -22268,13 +19135,6 @@ { "id": "au-6.7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Specify the permitted actions for each {{ insert: param, au-06.07_odp }} associated with the review, analysis, and reporting of audit record information." }, { @@ -22286,23 +19146,6 @@ "id": "au-6.7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-06(07)", @@ -22392,6 +19235,11 @@ "class": "SP800-53", "title": "Audit Record Reduction and Report Generation", "props": [ + { + "name": "label", + "value": "AU-07", + "class": "zero-padded" + }, { "name": "label", "value": "AU-7" @@ -22480,11 +19328,6 @@ "id": "au-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -22496,11 +19339,6 @@ "id": "au-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -22530,29 +19368,6 @@ "id": "au-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-07a.", @@ -22608,23 +19423,6 @@ "id": "au-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-07b.", @@ -22768,6 +19566,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-07(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AU-7(1)" @@ -22802,13 +19605,6 @@ { "id": "au-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide and implement the capability to process, sort, and search audit records for events of interest based on the following content: {{ insert: param, au-07.01_odp }}." }, { @@ -22820,23 +19616,6 @@ "id": "au-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-07(01)", @@ -22980,9 +19759,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-08", + "class": "zero-padded" }, { "name": "label", @@ -23030,11 +19809,6 @@ "id": "au-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -23046,11 +19820,6 @@ "id": "au-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -23080,23 +19849,6 @@ "id": "au-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-08a.", @@ -23115,23 +19867,6 @@ "id": "au-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-08b.", @@ -23238,6 +19973,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-09", + "class": "zero-padded" + }, { "name": "label", "value": "AU-9" @@ -23336,11 +20076,6 @@ "id": "au-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -23352,11 +20087,6 @@ "id": "au-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -23386,23 +20116,6 @@ "id": "au-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09a.", @@ -23421,23 +20134,6 @@ "id": "au-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09b.", @@ -23549,6 +20245,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-09(02)", + "class": "zero-padded" + }, { "name": "label", "value": "AU-9(2)" @@ -23586,13 +20287,6 @@ { "id": "au-9.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Store audit records {{ insert: param, au-09.02_odp }} in a repository that is part of a physically different system or system component than the system or component being audited." }, { @@ -23604,23 +20298,6 @@ "id": "au-9.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09(02)", @@ -23708,6 +20385,11 @@ "class": "SP800-53-enhancement", "title": "Cryptographic Protection", "props": [ + { + "name": "label", + "value": "AU-09(03)", + "class": "zero-padded" + }, { "name": "label", "value": "AU-9(3)" @@ -23749,13 +20431,6 @@ { "id": "au-9.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to protect the integrity of audit information and audit tools.", "parts": [ { @@ -23787,23 +20462,6 @@ "id": "au-9.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09(03)", @@ -23902,6 +20560,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-09(04)", + "class": "zero-padded" + }, { "name": "label", "value": "AU-9(4)" @@ -23935,13 +20598,6 @@ { "id": "au-9.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Authorize access to management of audit logging functionality to only {{ insert: param, au-09.04_odp }}." }, { @@ -23953,23 +20609,6 @@ "id": "au-9.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09(04)", @@ -24076,9 +20715,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-10", + "class": "zero-padded" }, { "name": "label", @@ -24166,13 +20805,6 @@ { "id": "au-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide irrefutable evidence that an individual (or process acting on behalf of an individual) has performed {{ insert: param, au-10_odp }}." }, { @@ -24184,23 +20816,6 @@ "id": "au-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-10", @@ -24305,9 +20920,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-11", + "class": "zero-padded" }, { "name": "label", @@ -24374,13 +20989,6 @@ { "id": "au-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Retain audit records for {{ insert: param, au-11_odp }} to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.", "parts": [ { @@ -24434,23 +21042,6 @@ "id": "au-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-11", @@ -24542,9 +21133,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-12", + "class": "zero-padded" }, { "name": "label", @@ -24652,11 +21243,6 @@ "id": "au-12_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -24668,11 +21254,6 @@ "id": "au-12_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -24684,11 +21265,6 @@ "id": "au-12_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -24718,23 +21294,6 @@ "id": "au-12_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-12a.", @@ -24753,23 +21312,6 @@ "id": "au-12_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-12b.", @@ -24788,17 +21330,6 @@ "id": "au-12_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-12c.", @@ -24920,9 +21451,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-12(01)", + "class": "zero-padded" }, { "name": "label", @@ -24961,13 +21492,6 @@ { "id": "au-12.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Compile audit records from {{ insert: param, au-12.01_odp.01 }} into a system-wide (logical or physical) audit trail that is time-correlated to within {{ insert: param, au-12.01_odp.02 }}." }, { @@ -24979,23 +21503,6 @@ "id": "au-12.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-12(01)", @@ -25132,9 +21639,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-12(03)", + "class": "zero-padded" }, { "name": "label", @@ -25169,13 +21676,6 @@ { "id": "au-12.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide and implement the capability for {{ insert: param, au-12.03_odp.01 }} to change the logging to be performed on {{ insert: param, au-12.03_odp.02 }} based on {{ insert: param, au-12.03_odp.03 }} within {{ insert: param, au-12.03_odp.04 }}." }, { @@ -25187,23 +21687,6 @@ "id": "au-12.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-12(03)", @@ -25432,6 +21915,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-01", + "class": "zero-padded" + }, { "name": "label", "value": "CA-1" @@ -25519,12 +22007,6 @@ "id": "ca-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -25584,11 +22066,6 @@ "id": "ca-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -25600,12 +22077,6 @@ "id": "ca-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -25670,23 +22141,6 @@ "id": "ca-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[01]", @@ -25705,23 +22159,6 @@ "id": "ca-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[02]", @@ -25740,17 +22177,6 @@ "id": "ca-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[03]", @@ -25769,17 +22195,6 @@ "id": "ca-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[04]", @@ -25809,17 +22224,6 @@ "id": "ca-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.01(a)", @@ -25965,17 +22369,6 @@ "id": "ca-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.01(b)", @@ -26010,23 +22403,6 @@ "id": "ca-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01b.", @@ -26056,23 +22432,6 @@ "id": "ca-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01c.01", @@ -26128,23 +22487,6 @@ "id": "ca-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01c.02", @@ -26293,6 +22635,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-02", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2" @@ -26420,11 +22767,6 @@ "id": "ca-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -26436,11 +22778,6 @@ "id": "ca-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -26487,11 +22824,6 @@ "id": "ca-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -26503,11 +22835,6 @@ "id": "ca-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -26519,11 +22846,6 @@ "id": "ca-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -26535,11 +22857,6 @@ "id": "ca-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -26587,17 +22904,6 @@ "id": "ca-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-02a.", @@ -26627,23 +22933,6 @@ "id": "ca-2_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02b.01", @@ -26662,23 +22951,6 @@ "id": "ca-2_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02b.02", @@ -26697,23 +22969,6 @@ "id": "ca-2_obj.b.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02b.03", @@ -26795,23 +23050,6 @@ "id": "ca-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02c.", @@ -26830,23 +23068,6 @@ "id": "ca-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02d.", @@ -26902,17 +23123,6 @@ "id": "ca-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-02e.", @@ -26931,17 +23141,6 @@ "id": "ca-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-02f.", @@ -27037,6 +23236,11 @@ "class": "SP800-53-enhancement", "title": "Independent Assessors", "props": [ + { + "name": "label", + "value": "CA-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2(1)" @@ -27071,13 +23275,6 @@ { "id": "ca-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ independent assessors or assessment teams to conduct control assessments.", "parts": [ { @@ -27109,23 +23306,6 @@ "id": "ca-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02(01)", @@ -27242,6 +23422,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2(2)" @@ -27284,13 +23469,6 @@ { "id": "ca-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Include as part of control assessments, {{ insert: param, ca-02.02_odp.01 }}, {{ insert: param, ca-02.02_odp.02 }}, {{ insert: param, ca-02.02_odp.03 }}.", "parts": [ { @@ -27322,23 +23500,6 @@ "id": "ca-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02(02)", @@ -27465,6 +23626,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2(3)" @@ -27503,13 +23669,6 @@ { "id": "ca-2.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Leverage the results of control assessments performed by {{ insert: param, ca-02.03_odp.01 }} on {{ insert: param, ca-02.03_odp.02 }} when the assessment meets {{ insert: param, ca-02.03_odp.03 }}." }, { @@ -27521,23 +23680,6 @@ "id": "ca-2.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02(03)", @@ -27645,6 +23787,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-03", + "class": "zero-padded" + }, { "name": "label", "value": "CA-3" @@ -27740,11 +23887,6 @@ "id": "ca-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -27756,11 +23898,6 @@ "id": "ca-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -27772,11 +23909,6 @@ "id": "ca-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -27806,23 +23938,6 @@ "id": "ca-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-03a.", @@ -27841,17 +23956,6 @@ "id": "ca-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-03b.", @@ -27979,23 +24083,6 @@ "id": "ca-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-03c.", @@ -28069,6 +24156,11 @@ "class": "SP800-53-enhancement", "title": "Transfer Authorizations", "props": [ + { + "name": "label", + "value": "CA-03(06)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-3(6)" @@ -28120,13 +24212,6 @@ { "id": "ca-3.6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Verify that individuals or systems transferring data between interconnecting systems have the requisite authorizations (i.e., write permissions or privileges) prior to accepting such data." }, { @@ -28138,23 +24223,6 @@ "id": "ca-3.6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-03(06)", @@ -28260,6 +24328,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-05", + "class": "zero-padded" + }, { "name": "label", "value": "CA-5" @@ -28331,11 +24404,6 @@ "id": "ca-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -28347,11 +24415,6 @@ "id": "ca-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -28410,23 +24473,6 @@ "id": "ca-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-05a.", @@ -28445,23 +24491,6 @@ "id": "ca-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-05b.", @@ -28573,6 +24602,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-06", + "class": "zero-padded" + }, { "name": "label", "value": "CA-6" @@ -28652,11 +24686,6 @@ "id": "ca-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -28668,11 +24697,6 @@ "id": "ca-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -28684,11 +24708,6 @@ "id": "ca-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -28724,11 +24743,6 @@ "id": "ca-6_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -28740,11 +24754,6 @@ "id": "ca-6_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -28792,23 +24801,6 @@ "id": "ca-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06a.", @@ -28827,23 +24819,6 @@ "id": "ca-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06b.", @@ -28873,23 +24848,6 @@ "id": "ca-6_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06c.01", @@ -28908,23 +24866,6 @@ "id": "ca-6_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06c.02", @@ -28951,23 +24892,6 @@ "id": "ca-6_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06d.", @@ -28986,17 +24910,6 @@ "id": "ca-6_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-06e.", @@ -29170,6 +25083,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-07", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7" @@ -29442,11 +25360,6 @@ "id": "ca-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -29458,11 +25371,6 @@ "id": "ca-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -29474,11 +25382,6 @@ "id": "ca-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -29490,11 +25393,6 @@ "id": "ca-7_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -29506,11 +25404,6 @@ "id": "ca-7_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -29522,11 +25415,6 @@ "id": "ca-7_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -29538,11 +25426,6 @@ "id": "ca-7_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -29612,23 +25495,6 @@ "id": "ca-7_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07[01]", @@ -29647,23 +25513,6 @@ "id": "ca-7_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07[02]", @@ -29682,23 +25531,6 @@ "id": "ca-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07a.", @@ -29717,23 +25549,6 @@ "id": "ca-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07b.", @@ -29789,23 +25604,6 @@ "id": "ca-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07c.", @@ -29824,23 +25622,6 @@ "id": "ca-7_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07d.", @@ -29859,23 +25640,6 @@ "id": "ca-7_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07e.", @@ -29894,23 +25658,6 @@ "id": "ca-7_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07f.", @@ -29929,23 +25676,6 @@ "id": "ca-7_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07g.", @@ -30078,6 +25808,11 @@ "class": "SP800-53-enhancement", "title": "Independent Assessment", "props": [ + { + "name": "label", + "value": "CA-07(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7(1)" @@ -30112,13 +25847,6 @@ { "id": "ca-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ independent assessors or assessment teams to monitor the controls in the system on an ongoing basis." }, { @@ -30130,23 +25858,6 @@ "id": "ca-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(01)", @@ -30212,6 +25923,11 @@ "class": "SP800-53-enhancement", "title": "Risk Monitoring", "props": [ + { + "name": "label", + "value": "CA-07(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7(4)" @@ -30257,11 +25973,6 @@ "id": "ca-7.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -30273,11 +25984,6 @@ "id": "ca-7.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -30289,11 +25995,6 @@ "id": "ca-7.4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -30312,23 +26013,6 @@ "id": "ca-7.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)", @@ -30341,23 +26025,6 @@ "id": "ca-7.4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)(a)", @@ -30376,23 +26043,6 @@ "id": "ca-7.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)(b)", @@ -30411,23 +26061,6 @@ "id": "ca-7.4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)(c)", @@ -30550,6 +26183,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-08", + "class": "zero-padded" + }, { "name": "label", "value": "CA-8" @@ -30600,13 +26238,6 @@ { "id": "ca-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Conduct penetration testing {{ insert: param, ca-08_odp.01 }} on {{ insert: param, ca-08_odp.02 }}.", "parts": [ { @@ -30638,23 +26269,6 @@ "id": "ca-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-08", @@ -30742,6 +26356,11 @@ "class": "SP800-53-enhancement", "title": "Independent Penetration Testing Agent or Team", "props": [ + { + "name": "label", + "value": "CA-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-8(1)" @@ -30780,13 +26399,6 @@ { "id": "ca-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ an independent penetration testing agent or team to perform penetration testing on the system or system components." }, { @@ -30798,23 +26410,6 @@ "id": "ca-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-08(01)", @@ -30892,9 +26487,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CA-08(02)", + "class": "zero-padded" }, { "name": "label", @@ -30930,19 +26525,12 @@ { "id": "ca-8.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ the following red-team exercises to simulate attempts by adversaries to compromise organizational systems in accordance with applicable rules of engagement: {{ insert: param, ca-08.02_odp }}.", "parts": [ { "id": "ca-8.2_fr", "name": "item", - "title": "CA-8(2) Additional FedRAMP Requirements and Guidance", + "title": "CM-2 Additional FedRAMP Requirements and Guidance", "parts": [ { "id": "ca-8.2_fr_gdn.1", @@ -30968,23 +26556,6 @@ "id": "ca-8.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-08(02)", @@ -31108,6 +26679,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-09", + "class": "zero-padded" + }, { "name": "label", "value": "CA-9" @@ -31183,11 +26759,6 @@ "id": "ca-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -31199,11 +26770,6 @@ "id": "ca-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -31215,11 +26781,6 @@ "id": "ca-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -31231,11 +26792,6 @@ "id": "ca-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -31265,23 +26821,6 @@ "id": "ca-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-09a.", @@ -31300,17 +26839,6 @@ "id": "ca-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-09b.", @@ -31402,23 +26930,6 @@ "id": "ca-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-09c.", @@ -31437,23 +26948,6 @@ "id": "ca-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-09d.", @@ -31651,6 +27145,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-01", + "class": "zero-padded" + }, { "name": "label", "value": "CM-1" @@ -31722,12 +27221,6 @@ "id": "cm-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -31787,11 +27280,6 @@ "id": "cm-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -31803,12 +27291,6 @@ "id": "cm-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -31873,23 +27355,6 @@ "id": "cm-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[01]", @@ -31908,23 +27373,6 @@ "id": "cm-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[02]", @@ -31943,17 +27391,6 @@ "id": "cm-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[03]", @@ -31972,17 +27409,6 @@ "id": "cm-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[04]", @@ -32012,17 +27438,6 @@ "id": "cm-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.01(a)", @@ -32168,17 +27583,6 @@ "id": "cm-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.01(b)", @@ -32213,23 +27617,6 @@ "id": "cm-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01b.", @@ -32259,23 +27646,6 @@ "id": "cm-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01c.01", @@ -32331,23 +27701,6 @@ "id": "cm-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01c.02", @@ -32496,6 +27849,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2" @@ -32615,11 +27973,6 @@ "id": "cm-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -32631,11 +27984,6 @@ "id": "cm-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -32718,17 +28066,6 @@ "id": "cm-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-02a.", @@ -32795,23 +28132,6 @@ "id": "cm-2_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02b.01", @@ -32830,23 +28150,6 @@ "id": "cm-2_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02b.02", @@ -32865,23 +28168,6 @@ "id": "cm-2_obj.b.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02b.03", @@ -32996,6 +28282,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2(2)" @@ -33042,13 +28333,6 @@ { "id": "cm-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain the currency, completeness, accuracy, and availability of the baseline configuration of the system using {{ insert: param, cm-02.02_odp }}." }, { @@ -33060,23 +28344,6 @@ "id": "cm-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02(02)", @@ -33253,6 +28520,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2(3)" @@ -33287,13 +28559,6 @@ { "id": "cm-2.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Retain {{ insert: param, cm-02.03_odp }} of previous versions of baseline configurations of the system to support rollback." }, { @@ -33305,17 +28570,6 @@ "id": "cm-2.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-02(03)", @@ -33432,6 +28686,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02(07)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2(7)" @@ -33479,11 +28738,6 @@ "id": "cm-2.7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -33495,11 +28749,6 @@ "id": "cm-2.7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -33529,23 +28778,6 @@ "id": "cm-2.7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02(07)(a)", @@ -33564,23 +28796,6 @@ "id": "cm-2.7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02(07)(b)", @@ -33726,6 +28941,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-03", + "class": "zero-padded" + }, { "name": "label", "value": "CM-3" @@ -33865,11 +29085,6 @@ "id": "cm-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -33881,11 +29096,6 @@ "id": "cm-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -33897,11 +29107,6 @@ "id": "cm-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -33913,11 +29118,6 @@ "id": "cm-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -33929,11 +29129,6 @@ "id": "cm-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -33945,11 +29140,6 @@ "id": "cm-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -33961,11 +29151,6 @@ "id": "cm-3_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -34024,23 +29209,6 @@ "id": "cm-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03a.", @@ -34059,23 +29227,6 @@ "id": "cm-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03b.", @@ -34131,23 +29282,6 @@ "id": "cm-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03c.", @@ -34166,17 +29300,6 @@ "id": "cm-3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-03d.", @@ -34195,17 +29318,6 @@ "id": "cm-3_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-03e.", @@ -34224,23 +29336,6 @@ "id": "cm-3_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03f.", @@ -34307,23 +29402,6 @@ "id": "cm-3_obj.g-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03g.[01]", @@ -34342,23 +29420,6 @@ "id": "cm-3_obj.g-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03g.[02]", @@ -34510,6 +29571,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-03(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-3(1)" @@ -34550,11 +29616,6 @@ "id": "cm-3.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -34566,11 +29627,6 @@ "id": "cm-3.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -34582,11 +29638,6 @@ "id": "cm-3.1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -34598,11 +29649,6 @@ "id": "cm-3.1_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -34614,11 +29660,6 @@ "id": "cm-3.1_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(e)" @@ -34630,11 +29671,6 @@ "id": "cm-3.1_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(f)" @@ -34664,23 +29700,6 @@ "id": "cm-3.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(01)(a)", @@ -34699,23 +29718,6 @@ "id": "cm-3.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(01)(b)", @@ -34734,23 +29736,6 @@ "id": "cm-3.1_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(01)(c)", @@ -34769,23 +29754,6 @@ "id": "cm-3.1_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(01)(d)", @@ -34804,23 +29772,6 @@ "id": "cm-3.1_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(01)(e)", @@ -34839,23 +29790,6 @@ "id": "cm-3.1_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(01)(f)", @@ -34951,6 +29885,11 @@ "class": "SP800-53-enhancement", "title": "Testing, Validation, and Documentation of Changes", "props": [ + { + "name": "label", + "value": "CM-03(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-3(2)" @@ -34985,13 +29924,6 @@ { "id": "cm-3.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Test, validate, and document changes to the system before finalizing the implementation of the changes." }, { @@ -35003,23 +29935,6 @@ "id": "cm-3.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(02)", @@ -35200,6 +30115,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-03(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-3(4)" @@ -35229,13 +30149,6 @@ { "id": "cm-3.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require {{ insert: param, cm-3.4_prm_1 }} to be members of the {{ insert: param, cm-03.04_odp.03 }}." }, { @@ -35247,23 +30160,6 @@ "id": "cm-3.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(04)", @@ -35404,6 +30300,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-03(06)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-3(6)" @@ -35437,13 +30338,6 @@ { "id": "cm-3.6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Ensure that cryptographic mechanisms used to provide the following controls are under configuration management: {{ insert: param, cm-03.06_odp }}." }, { @@ -35455,23 +30349,6 @@ "id": "cm-3.6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(06)", @@ -35561,6 +30438,11 @@ "class": "SP800-53", "title": "Impact Analyses", "props": [ + { + "name": "label", + "value": "CM-04", + "class": "zero-padded" + }, { "name": "label", "value": "CM-4" @@ -35643,13 +30525,6 @@ { "id": "cm-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Analyze changes to the system to determine potential security and privacy impacts prior to change implementation." }, { @@ -35661,23 +30536,6 @@ "id": "cm-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04", @@ -35802,6 +30660,11 @@ "class": "SP800-53-enhancement", "title": "Separate Test Environments", "props": [ + { + "name": "label", + "value": "CM-04(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-4(1)" @@ -35844,13 +30707,6 @@ { "id": "cm-4.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Analyze changes to the system in a separate test environment before implementation in an operational environment, looking for security and privacy impacts due to flaws, weaknesses, incompatibility, or intentional malice." }, { @@ -35873,23 +30729,6 @@ "id": "cm-4.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(01)[01]", @@ -35908,23 +30747,6 @@ "id": "cm-4.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(01)[02]", @@ -35943,23 +30765,6 @@ "id": "cm-4.1_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(01)[03]", @@ -35978,23 +30783,6 @@ "id": "cm-4.1_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(01)[04]", @@ -36013,23 +30801,6 @@ "id": "cm-4.1_obj-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(01)[05]", @@ -36048,23 +30819,6 @@ "id": "cm-4.1_obj-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(01)[06]", @@ -36083,23 +30837,6 @@ "id": "cm-4.1_obj-7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(01)[07]", @@ -36118,23 +30855,6 @@ "id": "cm-4.1_obj-8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(01)[08]", @@ -36153,23 +30873,6 @@ "id": "cm-4.1_obj-9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(01)[09]", @@ -36265,6 +30968,11 @@ "class": "SP800-53-enhancement", "title": "Verification of Controls", "props": [ + { + "name": "label", + "value": "CM-04(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-4(2)" @@ -36311,13 +31019,6 @@ { "id": "cm-4.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "After system changes, verify that the impacted controls are implemented correctly, operating as intended, and producing the desired outcome with regard to meeting the security and privacy requirements for the system." }, { @@ -36329,23 +31030,6 @@ "id": "cm-4.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(02)", @@ -36545,9 +31229,9 @@ "title": "Access Restrictions for Change", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-05", + "class": "zero-padded" }, { "name": "label", @@ -36622,13 +31306,6 @@ { "id": "cm-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system." }, { @@ -36640,23 +31317,6 @@ "id": "cm-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-05", @@ -36864,6 +31524,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-5(1)" @@ -36926,11 +31591,6 @@ "id": "cm-5.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -36942,11 +31602,6 @@ "id": "cm-5.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -36976,17 +31631,6 @@ "id": "cm-5.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-05(01)(a)", @@ -37005,23 +31649,6 @@ "id": "cm-5.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-05(01)(b)", @@ -37146,6 +31773,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-05(05)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-5(5)" @@ -37184,11 +31816,6 @@ "id": "cm-5.5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -37200,11 +31827,6 @@ "id": "cm-5.5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -37234,17 +31856,6 @@ "id": "cm-5.5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-05(05)(a)", @@ -37300,23 +31911,6 @@ "id": "cm-5.5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-05(05)(b)", @@ -37481,9 +32075,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-06", + "class": "zero-padded" }, { "name": "label", @@ -37656,11 +32250,6 @@ "id": "cm-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -37672,11 +32261,6 @@ "id": "cm-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -37688,11 +32272,6 @@ "id": "cm-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -37704,11 +32283,6 @@ "id": "cm-6_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -37752,7 +32326,7 @@ "value": "Guidance:" } ], - "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP's Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." + "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP\u2019s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." } ] } @@ -37778,17 +32352,6 @@ "id": "cm-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-06a.", @@ -37807,23 +32370,6 @@ "id": "cm-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06b.", @@ -37842,23 +32388,6 @@ "id": "cm-6_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06c.", @@ -37914,23 +32443,6 @@ "id": "cm-6_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06d.", @@ -38106,9 +32618,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-06(01)", + "class": "zero-padded" }, { "name": "label", @@ -38143,13 +32655,6 @@ { "id": "cm-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Manage, apply, and verify configuration settings for {{ insert: param, cm-06.01_odp.01 }} using {{ insert: param, cm-6.1_prm_2 }}." }, { @@ -38161,17 +32666,6 @@ "id": "cm-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-06(01)", @@ -38335,9 +32829,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-06(02)", + "class": "zero-padded" }, { "name": "label", @@ -38380,13 +32874,6 @@ { "id": "cm-6.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Take the following actions in response to unauthorized changes to {{ insert: param, cm-06.02_odp.02 }}: {{ insert: param, cm-06.02_odp.01 }}." }, { @@ -38398,23 +32885,6 @@ "id": "cm-6.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06(02)", @@ -38565,9 +33035,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-07", + "class": "zero-padded" }, { "name": "label", @@ -38692,11 +33162,6 @@ "id": "cm-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -38708,11 +33173,6 @@ "id": "cm-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -38760,23 +33220,6 @@ "id": "cm-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07a.", @@ -38795,17 +33238,6 @@ "id": "cm-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-07b.", @@ -39058,9 +33490,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-07(01)", + "class": "zero-padded" }, { "name": "label", @@ -39105,11 +33537,6 @@ "id": "cm-7.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -39121,11 +33548,6 @@ "id": "cm-7.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -39155,23 +33577,6 @@ "id": "cm-7.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(01)(a)", @@ -39190,23 +33595,6 @@ "id": "cm-7.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(01)(b)", @@ -39415,9 +33803,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-07(02)", + "class": "zero-padded" }, { "name": "label", @@ -39468,13 +33856,6 @@ { "id": "cm-7.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent program execution in accordance with {{ insert: param, cm-07.02_odp.01 }}.", "parts": [ { @@ -39506,17 +33887,6 @@ "id": "cm-7.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(02)", @@ -39630,9 +34000,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-07(05)", + "class": "zero-padded" }, { "name": "label", @@ -39709,11 +34079,6 @@ "id": "cm-7.5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -39725,11 +34090,6 @@ "id": "cm-7.5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -39741,11 +34101,6 @@ "id": "cm-7.5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -39775,23 +34130,6 @@ "id": "cm-7.5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(05)(a)", @@ -39810,17 +34148,6 @@ "id": "cm-7.5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(05)(b)", @@ -39839,23 +34166,6 @@ "id": "cm-7.5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(05)(c)", @@ -39979,9 +34289,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-08", + "class": "zero-padded" }, { "name": "label", @@ -40114,11 +34424,6 @@ "id": "cm-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -40187,11 +34492,6 @@ "id": "cm-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -40250,23 +34550,6 @@ "id": "cm-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.01", @@ -40285,23 +34568,6 @@ "id": "cm-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.02", @@ -40320,23 +34586,6 @@ "id": "cm-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.03", @@ -40355,23 +34604,6 @@ "id": "cm-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.04", @@ -40390,23 +34622,6 @@ "id": "cm-8_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.05", @@ -40433,23 +34648,6 @@ "id": "cm-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08b.", @@ -40545,6 +34743,11 @@ "class": "SP800-53-enhancement", "title": "Updates During Installation and Removal", "props": [ + { + "name": "label", + "value": "CM-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-8(1)" @@ -40583,13 +34786,6 @@ { "id": "cm-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Update the inventory of system components as part of component installations, removals, and system updates." }, { @@ -40601,23 +34797,6 @@ "id": "cm-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08(01)", @@ -40802,6 +34981,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-08(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-8(2)" @@ -40836,13 +35020,6 @@ { "id": "cm-8.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain the currency, completeness, accuracy, and availability of the inventory of system components using {{ insert: param, cm-8.2_prm_1 }}." }, { @@ -40854,23 +35031,6 @@ "id": "cm-8.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08(02)", @@ -41103,6 +35263,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-08(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-8(3)" @@ -41178,11 +35343,6 @@ "id": "cm-8.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -41194,11 +35354,6 @@ "id": "cm-8.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -41228,17 +35383,6 @@ "id": "cm-8.3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-08(03)(a)", @@ -41312,17 +35456,6 @@ "id": "cm-8.3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-08(03)(b)", @@ -41491,6 +35624,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-08(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-8(4)" @@ -41529,13 +35667,6 @@ { "id": "cm-8.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Include in the system component inventory information, a means for identifying by {{ insert: param, cm-08.04_odp }} , individuals responsible and accountable for administering those components." }, { @@ -41547,23 +35678,6 @@ "id": "cm-8.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08(04)", @@ -41664,6 +35778,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-09", + "class": "zero-padded" + }, { "name": "label", "value": "CM-9" @@ -41735,11 +35854,6 @@ "id": "cm-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -41751,11 +35865,6 @@ "id": "cm-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -41767,11 +35876,6 @@ "id": "cm-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -41783,11 +35887,6 @@ "id": "cm-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -41799,11 +35898,6 @@ "id": "cm-9_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -41833,17 +35927,6 @@ "id": "cm-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09", @@ -41891,17 +35974,6 @@ "id": "cm-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09a.", @@ -41986,23 +36058,6 @@ "id": "cm-9_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-09b.[01]", @@ -42021,17 +36076,6 @@ "id": "cm-9_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09b.[02]", @@ -42069,17 +36113,6 @@ "id": "cm-9_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09c.[01]", @@ -42098,17 +36131,6 @@ "id": "cm-9_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09c.[02]", @@ -42135,23 +36157,6 @@ "id": "cm-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-09d.", @@ -42170,17 +36175,6 @@ "id": "cm-9_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-09e.", @@ -42313,6 +36307,11 @@ "class": "SP800-53", "title": "Software Usage Restrictions", "props": [ + { + "name": "label", + "value": "CM-10", + "class": "zero-padded" + }, { "name": "label", "value": "CM-10" @@ -42367,11 +36366,6 @@ "id": "cm-10_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -42383,11 +36377,6 @@ "id": "cm-10_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -42399,11 +36388,6 @@ "id": "cm-10_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -42433,23 +36417,6 @@ "id": "cm-10_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-10a.", @@ -42468,23 +36435,6 @@ "id": "cm-10_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-10b.", @@ -42503,23 +36453,6 @@ "id": "cm-10_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-10c.", @@ -42649,6 +36582,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-11", + "class": "zero-padded" + }, { "name": "label", "value": "CM-11" @@ -42723,11 +36661,6 @@ "id": "cm-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -42739,11 +36672,6 @@ "id": "cm-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -42755,11 +36683,6 @@ "id": "cm-11_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -42789,23 +36712,6 @@ "id": "cm-11_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-11a.", @@ -42824,23 +36730,6 @@ "id": "cm-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-11b.", @@ -42859,17 +36748,6 @@ "id": "cm-11_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-11c.", @@ -42976,6 +36854,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-12", + "class": "zero-padded" + }, { "name": "label", "value": "CM-12" @@ -43087,11 +36970,6 @@ "id": "cm-12_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -43103,11 +36981,6 @@ "id": "cm-12_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -43119,11 +36992,6 @@ "id": "cm-12_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -43182,23 +37050,6 @@ "id": "cm-12_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12a.[01]", @@ -43217,23 +37068,6 @@ "id": "cm-12_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12a.[02]", @@ -43252,23 +37086,6 @@ "id": "cm-12_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12a.[03]", @@ -43295,23 +37112,6 @@ "id": "cm-12_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12b.", @@ -43367,23 +37167,6 @@ "id": "cm-12_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12c.", @@ -43541,6 +37324,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-12(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-12(1)" @@ -43575,13 +37363,6 @@ { "id": "cm-12.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Use automated tools to identify {{ insert: param, cm-12.01_odp.01 }} on {{ insert: param, cm-12.01_odp.02 }} to ensure controls are in place to protect organizational information and individual privacy.", "parts": [ { @@ -43613,17 +37394,6 @@ "id": "cm-12.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-12(01)", @@ -43737,6 +37507,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-14", + "class": "zero-padded" + }, { "name": "label", "value": "CM-14" @@ -43792,13 +37567,6 @@ { "id": "cm-14_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent the installation of {{ insert: param, cm-14_prm_1 }} without verification that the component has been digitally signed using a certificate that is recognized and approved by the organization.", "parts": [ { @@ -43823,23 +37591,6 @@ "id": "cm-14_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-14", @@ -44066,6 +37817,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-01", + "class": "zero-padded" + }, { "name": "label", "value": "CP-1" @@ -44137,12 +37893,6 @@ "id": "cp-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -44202,11 +37952,6 @@ "id": "cp-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -44218,12 +37963,6 @@ "id": "cp-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -44288,23 +38027,6 @@ "id": "cp-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[01]", @@ -44323,23 +38045,6 @@ "id": "cp-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[02]", @@ -44358,17 +38063,6 @@ "id": "cp-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[03]", @@ -44387,17 +38081,6 @@ "id": "cp-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[04]", @@ -44427,17 +38110,6 @@ "id": "cp-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.01(a)", @@ -44583,17 +38255,6 @@ "id": "cp-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.01(b)", @@ -44628,23 +38289,6 @@ "id": "cp-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01b.", @@ -44674,23 +38318,6 @@ "id": "cp-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01c.01", @@ -44746,23 +38373,6 @@ "id": "cp-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01c.02", @@ -44963,6 +38573,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-02", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2" @@ -45101,11 +38716,6 @@ "id": "cp-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -45196,11 +38806,6 @@ "id": "cp-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -45212,11 +38817,6 @@ "id": "cp-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -45228,11 +38828,6 @@ "id": "cp-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -45244,11 +38839,6 @@ "id": "cp-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -45260,11 +38850,6 @@ "id": "cp-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -45276,11 +38861,6 @@ "id": "cp-2_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -45292,11 +38872,6 @@ "id": "cp-2_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -45366,17 +38941,6 @@ "id": "cp-2_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.01", @@ -45395,17 +38959,6 @@ "id": "cp-2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.02", @@ -45479,17 +39032,6 @@ "id": "cp-2_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.03", @@ -45563,17 +39105,6 @@ "id": "cp-2_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.04", @@ -45592,17 +39123,6 @@ "id": "cp-2_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.05", @@ -45621,17 +39141,6 @@ "id": "cp-2_obj.a.6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.06", @@ -45650,17 +39159,6 @@ "id": "cp-2_obj.a.7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.07", @@ -45735,23 +39233,6 @@ "id": "cp-2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02b.[01]", @@ -45770,23 +39251,6 @@ "id": "cp-2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02b.[02]", @@ -45813,23 +39277,6 @@ "id": "cp-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02c.", @@ -45848,23 +39295,6 @@ "id": "cp-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02d.", @@ -45894,23 +39324,6 @@ "id": "cp-2_obj.e-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02e.[01]", @@ -45929,23 +39342,6 @@ "id": "cp-2_obj.e-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02e.[02]", @@ -45972,23 +39368,6 @@ "id": "cp-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02f.", @@ -46044,29 +39423,6 @@ "id": "cp-2_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-02g.", @@ -46122,29 +39478,6 @@ "id": "cp-2_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-02h.", @@ -46277,6 +39610,11 @@ "class": "SP800-53-enhancement", "title": "Coordinate with Related Plans", "props": [ + { + "name": "label", + "value": "CP-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2(1)" @@ -46306,13 +39644,6 @@ { "id": "cp-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Coordinate contingency plan development with organizational elements responsible for related plans." }, { @@ -46324,23 +39655,6 @@ "id": "cp-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02(01)", @@ -46406,6 +39720,11 @@ "class": "SP800-53-enhancement", "title": "Capacity Planning", "props": [ + { + "name": "label", + "value": "CP-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2(2)" @@ -46459,13 +39778,6 @@ { "id": "cp-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Conduct capacity planning so that necessary capacity for information processing, telecommunications, and environmental support exists during contingency operations." }, { @@ -46477,29 +39789,6 @@ "id": "cp-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-02(02)", @@ -46650,6 +39939,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2(3)" @@ -46679,13 +39973,6 @@ { "id": "cp-2.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Plan for the resumption of {{ insert: param, cp-02.03_odp.01 }} mission and business functions within {{ insert: param, cp-02.03_odp.02 }} of contingency plan activation." }, { @@ -46697,23 +39984,6 @@ "id": "cp-2.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02(03)", @@ -46817,6 +40087,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-02(05)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2(5)" @@ -46846,13 +40121,6 @@ { "id": "cp-2.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Plan for the continuance of {{ insert: param, cp-02.05_odp }} mission and business functions with minimal or no loss of operational continuity and sustains that continuity until full system restoration at primary processing and/or storage sites." }, { @@ -46875,29 +40143,6 @@ "id": "cp-2.5_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-02(05)[01]", @@ -46916,29 +40161,6 @@ "id": "cp-2.5_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-02(05)[02]", @@ -47045,6 +40267,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-02(08)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2(8)" @@ -47082,13 +40309,6 @@ { "id": "cp-2.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify critical system assets supporting {{ insert: param, cp-02.08_odp }} mission and business functions." }, { @@ -47100,23 +40320,6 @@ "id": "cp-2.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02(08)", @@ -47237,6 +40440,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-03", + "class": "zero-padded" + }, { "name": "label", "value": "CP-3" @@ -47312,11 +40520,6 @@ "id": "cp-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -47363,11 +40566,6 @@ "id": "cp-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -47426,23 +40624,6 @@ "id": "cp-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-03a.01", @@ -47461,23 +40642,6 @@ "id": "cp-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03a.02", @@ -47496,23 +40660,6 @@ "id": "cp-3_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03a.03", @@ -47550,23 +40697,6 @@ "id": "cp-3_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03b.[01]", @@ -47585,23 +40715,6 @@ "id": "cp-3_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03b.[02]", @@ -47705,6 +40818,11 @@ "class": "SP800-53-enhancement", "title": "Simulated Events", "props": [ + { + "name": "label", + "value": "CP-03(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-3(1)" @@ -47739,13 +40857,6 @@ { "id": "cp-3.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Incorporate simulated events into contingency training to facilitate effective response by personnel in crisis situations." }, { @@ -47757,29 +40868,6 @@ "id": "cp-3.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03(01)", @@ -47913,9 +41001,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CP-04", + "class": "zero-padded" }, { "name": "label", @@ -48008,11 +41096,6 @@ "id": "cp-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -48024,11 +41107,6 @@ "id": "cp-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -48040,11 +41118,6 @@ "id": "cp-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -48114,29 +41187,6 @@ "id": "cp-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04a.[01]", @@ -48155,29 +41205,6 @@ "id": "cp-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04a.[02]", @@ -48196,29 +41223,6 @@ "id": "cp-4_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04a.[03]", @@ -48245,23 +41249,6 @@ "id": "cp-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04b.", @@ -48280,23 +41267,6 @@ "id": "cp-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04c.", @@ -48392,6 +41362,11 @@ "class": "SP800-53-enhancement", "title": "Coordinate with Related Plans", "props": [ + { + "name": "label", + "value": "CP-04(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-4(1)" @@ -48434,13 +41409,6 @@ { "id": "cp-4.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Coordinate contingency plan testing with organizational elements responsible for related plans." }, { @@ -48452,29 +41420,6 @@ "id": "cp-4.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04(01)", @@ -48540,6 +41485,11 @@ "class": "SP800-53-enhancement", "title": "Alternate Processing Site", "props": [ + { + "name": "label", + "value": "CP-04(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-4(2)" @@ -48584,11 +41534,6 @@ "id": "cp-4.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -48600,11 +41545,6 @@ "id": "cp-4.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -48634,29 +41574,6 @@ "id": "cp-4.2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04(02)(a)", @@ -48675,29 +41592,6 @@ "id": "cp-4.2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04(02)(b)", @@ -48795,6 +41689,11 @@ "class": "SP800-53", "title": "Alternate Storage Site", "props": [ + { + "name": "label", + "value": "CP-06", + "class": "zero-padded" + }, { "name": "label", "value": "CP-6" @@ -48869,11 +41768,6 @@ "id": "cp-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -48885,11 +41779,6 @@ "id": "cp-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -48930,29 +41819,6 @@ "id": "cp-6_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-06a.[01]", @@ -48971,29 +41837,6 @@ "id": "cp-6_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-06a.[02]", @@ -49020,29 +41863,6 @@ "id": "cp-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-06b.", @@ -49138,6 +41958,11 @@ "class": "SP800-53-enhancement", "title": "Separation from Primary Site", "props": [ + { + "name": "label", + "value": "CP-06(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-6(1)" @@ -49171,13 +41996,6 @@ { "id": "cp-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify an alternate storage site that is sufficiently separated from the primary storage site to reduce susceptibility to the same threats." }, { @@ -49189,29 +42007,6 @@ "id": "cp-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-06(01)", @@ -49277,6 +42072,11 @@ "class": "SP800-53-enhancement", "title": "Recovery Time and Recovery Point Objectives", "props": [ + { + "name": "label", + "value": "CP-06(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-6(2)" @@ -49306,13 +42106,6 @@ { "id": "cp-6.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Configure the alternate storage site to facilitate recovery operations in accordance with recovery time and recovery point objectives." }, { @@ -49324,29 +42117,6 @@ "id": "cp-6.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-06(02)", @@ -49471,6 +42241,11 @@ "class": "SP800-53-enhancement", "title": "Accessibility", "props": [ + { + "name": "label", + "value": "CP-06(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-6(3)" @@ -49504,13 +42279,6 @@ { "id": "cp-6.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outline explicit mitigation actions." }, { @@ -49533,23 +42301,6 @@ "id": "cp-6.3_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-06(03)[01]", @@ -49568,23 +42319,6 @@ "id": "cp-6.3_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-06(03)[02]", @@ -49680,6 +42414,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-07", + "class": "zero-padded" + }, { "name": "label", "value": "CP-7" @@ -49762,11 +42501,6 @@ "id": "cp-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -49778,11 +42512,6 @@ "id": "cp-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -49794,11 +42523,6 @@ "id": "cp-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -49846,29 +42570,6 @@ "id": "cp-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-07a.", @@ -49898,29 +42599,6 @@ "id": "cp-7_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-07b.[01]", @@ -49939,29 +42617,6 @@ "id": "cp-7_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-07b.[02]", @@ -49988,29 +42643,6 @@ "id": "cp-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-07c.", @@ -50106,6 +42738,11 @@ "class": "SP800-53-enhancement", "title": "Separation from Primary Site", "props": [ + { + "name": "label", + "value": "CP-07(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-7(1)" @@ -50139,13 +42776,6 @@ { "id": "cp-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats.", "parts": [ { @@ -50177,23 +42807,6 @@ "id": "cp-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-07(01)", @@ -50259,6 +42872,11 @@ "class": "SP800-53-enhancement", "title": "Accessibility", "props": [ + { + "name": "label", + "value": "CP-07(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-7(2)" @@ -50292,13 +42910,6 @@ { "id": "cp-7.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify potential accessibility problems to alternate processing sites in the event of an area-wide disruption or disaster and outlines explicit mitigation actions." }, { @@ -50321,23 +42932,6 @@ "id": "cp-7.2_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-07(02)[01]", @@ -50356,23 +42950,6 @@ "id": "cp-7.2_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-07(02)[02]", @@ -50446,6 +43023,11 @@ "class": "SP800-53-enhancement", "title": "Priority of Service", "props": [ + { + "name": "label", + "value": "CP-07(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-7(3)" @@ -50475,13 +43057,6 @@ { "id": "cp-7.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Develop alternate processing site agreements that contain priority-of-service provisions in accordance with availability requirements (including recovery time objectives)." }, { @@ -50493,23 +43068,6 @@ "id": "cp-7.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-07(03)", @@ -50575,6 +43133,11 @@ "class": "SP800-53-enhancement", "title": "Preparation for Use", "props": [ + { + "name": "label", + "value": "CP-07(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-7(4)" @@ -50616,13 +43179,6 @@ { "id": "cp-7.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prepare the alternate processing site so that the site can serve as the operational site supporting essential mission and business functions." }, { @@ -50634,29 +43190,6 @@ "id": "cp-7.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-07(04)", @@ -50766,6 +43299,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-08", + "class": "zero-padded" + }, { "name": "label", "value": "CP-8" @@ -50815,13 +43353,6 @@ { "id": "cp-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish alternate telecommunications services, including necessary agreements to permit the resumption of {{ insert: param, cp-08_odp.01 }} for essential mission and business functions within {{ insert: param, cp-08_odp.02 }} when the primary telecommunications capabilities are unavailable at either the primary or alternate processing or storage sites.", "parts": [ { @@ -50853,29 +43384,6 @@ "id": "cp-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-08", @@ -50963,6 +43471,11 @@ "class": "SP800-53-enhancement", "title": "Priority of Service Provisions", "props": [ + { + "name": "label", + "value": "CP-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-8(1)" @@ -50997,11 +43510,6 @@ "id": "cp-8.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -51013,11 +43521,6 @@ "id": "cp-8.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -51047,29 +43550,6 @@ "id": "cp-8.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(01)(a)", @@ -51125,29 +43605,6 @@ "id": "cp-8.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(01)(b)", @@ -51243,6 +43700,11 @@ "class": "SP800-53-enhancement", "title": "Single Points of Failure", "props": [ + { + "name": "label", + "value": "CP-08(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-8(2)" @@ -51272,13 +43734,6 @@ { "id": "cp-8.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Obtain alternate telecommunications services to reduce the likelihood of sharing a single point of failure with primary telecommunications services." }, { @@ -51290,23 +43745,6 @@ "id": "cp-8.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(02)", @@ -51372,6 +43810,11 @@ "class": "SP800-53-enhancement", "title": "Separation of Primary and Alternate Providers", "props": [ + { + "name": "label", + "value": "CP-08(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-8(3)" @@ -51401,13 +43844,6 @@ { "id": "cp-8.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Obtain alternate telecommunications services from providers that are separated from primary service providers to reduce susceptibility to the same threats." }, { @@ -51419,23 +43855,6 @@ "id": "cp-8.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(03)", @@ -51530,6 +43949,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-08(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-8(4)" @@ -51572,11 +43996,6 @@ "id": "cp-8.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -51588,11 +44007,6 @@ "id": "cp-8.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -51604,11 +44018,6 @@ "id": "cp-8.4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -51638,23 +44047,6 @@ "id": "cp-8.4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(04)(a)", @@ -51710,23 +44102,6 @@ "id": "cp-8.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(04)(b)", @@ -51745,23 +44120,6 @@ "id": "cp-8.4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(04)(c)", @@ -51927,6 +44285,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9" @@ -52017,11 +44380,6 @@ "id": "cp-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -52033,11 +44391,6 @@ "id": "cp-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -52049,11 +44402,6 @@ "id": "cp-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -52065,11 +44413,6 @@ "id": "cp-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -52150,29 +44493,6 @@ "id": "cp-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09a.", @@ -52191,29 +44511,6 @@ "id": "cp-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09b.", @@ -52232,29 +44529,6 @@ "id": "cp-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09c.", @@ -52273,23 +44547,6 @@ "id": "cp-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09d.", @@ -52469,6 +44726,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9(1)" @@ -52502,13 +44764,6 @@ { "id": "cp-9.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Test backup information {{ insert: param, cp-9.1_prm_1 }} to verify media reliability and information integrity." }, { @@ -52520,29 +44775,6 @@ "id": "cp-9.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09(01)", @@ -52667,6 +44899,11 @@ "class": "SP800-53-enhancement", "title": "Test Restoration Using Sampling", "props": [ + { + "name": "label", + "value": "CP-09(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9(2)" @@ -52700,13 +44937,6 @@ { "id": "cp-9.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Use a sample of backup information in the restoration of selected system functions as part of contingency plan testing." }, { @@ -52718,23 +44948,6 @@ "id": "cp-9.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09(02)", @@ -52833,6 +45046,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9(3)" @@ -52874,13 +45092,6 @@ { "id": "cp-9.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Store backup copies of {{ insert: param, cp-09.03_odp }} in a separate facility or in a fire rated container that is not collocated with the operational system." }, { @@ -52892,29 +45103,6 @@ "id": "cp-9.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09(03)", @@ -53009,6 +45197,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09(05)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9(5)" @@ -53054,13 +45247,6 @@ { "id": "cp-9.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Transfer system backup information to the alternate storage site {{ insert: param, cp-9.5_prm_1 }}." }, { @@ -53083,29 +45269,6 @@ "id": "cp-9.5_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09(05)[01]", @@ -53124,29 +45287,6 @@ "id": "cp-9.5_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09(05)[02]", @@ -53258,6 +45398,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09(08)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9(8)" @@ -53299,13 +45444,6 @@ { "id": "cp-9.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of {{ insert: param, cp-09.08_odp }}.", "parts": [ { @@ -53337,29 +45475,6 @@ "id": "cp-9.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09(08)", @@ -53473,6 +45588,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-10", + "class": "zero-padded" + }, { "name": "label", "value": "CP-10" @@ -53538,13 +45658,6 @@ { "id": "cp-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide for the recovery and reconstitution of the system to a known state within {{ insert: param, cp-10_prm_1 }} after a disruption, compromise, or failure." }, { @@ -53556,29 +45669,6 @@ "id": "cp-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-10", @@ -53703,6 +45793,11 @@ "class": "SP800-53-enhancement", "title": "Transaction Recovery", "props": [ + { + "name": "label", + "value": "CP-10(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-10(2)" @@ -53732,13 +45827,6 @@ { "id": "cp-10.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement transaction recovery for systems that are transaction-based." }, { @@ -53750,29 +45838,6 @@ "id": "cp-10.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-10(02)", @@ -53876,6 +45941,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-10(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-10(4)" @@ -53913,13 +45983,6 @@ { "id": "cp-10.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide the capability to restore system components within {{ insert: param, cp-10.04_odp }} from configuration-controlled and integrity-protected information representing a known, operational state for the components." }, { @@ -53931,29 +45994,6 @@ "id": "cp-10.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-10(04)", @@ -54145,6 +46185,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-01", + "class": "zero-padded" + }, { "name": "label", "value": "IA-1" @@ -54240,12 +46285,6 @@ "id": "ia-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -54305,11 +46344,6 @@ "id": "ia-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -54321,12 +46355,6 @@ "id": "ia-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -54391,23 +46419,6 @@ "id": "ia-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[01]", @@ -54426,23 +46437,6 @@ "id": "ia-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[02]", @@ -54461,17 +46455,6 @@ "id": "ia-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[03]", @@ -54490,17 +46473,6 @@ "id": "ia-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[04]", @@ -54530,17 +46502,6 @@ "id": "ia-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.01(a)", @@ -54686,17 +46647,6 @@ "id": "ia-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.01(b)", @@ -54731,23 +46681,6 @@ "id": "ia-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01b.", @@ -54777,23 +46710,6 @@ "id": "ia-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01c.01", @@ -54849,23 +46765,6 @@ "id": "ia-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01c.02", @@ -54985,9 +46884,9 @@ "title": "Identification and Authentication (Organizational Users)", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02", + "class": "zero-padded" }, { "name": "label", @@ -55159,13 +47058,6 @@ { "id": "ia-2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.", "parts": [ { @@ -55241,29 +47133,6 @@ "id": "ia-2_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02[01]", @@ -55282,29 +47151,6 @@ "id": "ia-2_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02[02]", @@ -55401,9 +47247,9 @@ "title": "Multi-factor Authentication to Privileged Accounts", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(01)", + "class": "zero-padded" }, { "name": "label", @@ -55442,13 +47288,6 @@ { "id": "ia-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement multi-factor authentication for access to privileged accounts.", "parts": [ { @@ -55502,17 +47341,6 @@ "id": "ia-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(01)", @@ -55601,9 +47429,9 @@ "title": "Multi-factor Authentication to Non-privileged Accounts", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(02)", + "class": "zero-padded" }, { "name": "label", @@ -55638,13 +47466,6 @@ { "id": "ia-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement multi-factor authentication for access to non-privileged accounts.", "parts": [ { @@ -55698,17 +47519,6 @@ "id": "ia-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(02)", @@ -55797,9 +47607,9 @@ "title": "Individual Authentication with Group Authentication", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(05)", + "class": "zero-padded" }, { "name": "label", @@ -55835,13 +47645,6 @@ { "id": "ia-2.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "When shared accounts or authenticators are employed, require users to be individually authenticated before granting access to the shared accounts or resources." }, { @@ -55853,17 +47656,6 @@ "id": "ia-2.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(05)", @@ -55999,9 +47791,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(06)", + "class": "zero-padded" }, { "name": "label", @@ -56042,11 +47834,6 @@ "id": "ia-2.6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -56058,11 +47845,6 @@ "id": "ia-2.6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -56121,23 +47903,6 @@ "id": "ia-2.6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(06)(a)", @@ -56156,23 +47921,6 @@ "id": "ia-2.6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(06)(b)", @@ -56286,9 +48034,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(08)", + "class": "zero-padded" }, { "name": "label", @@ -56319,13 +48067,6 @@ { "id": "ia-2.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement replay-resistant authentication mechanisms for access to {{ insert: param, ia-02.08_odp }}." }, { @@ -56337,23 +48078,6 @@ "id": "ia-2.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(08)", @@ -56442,9 +48166,9 @@ "title": "Acceptance of PIV Credentials", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(12)", + "class": "zero-padded" }, { "name": "label", @@ -56475,13 +48199,6 @@ { "id": "ia-2.12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Accept and electronically verify Personal Identity Verification-compliant credentials.", "parts": [ { @@ -56513,23 +48230,6 @@ "id": "ia-2.12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(12)", @@ -56641,6 +48341,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-03", + "class": "zero-padded" + }, { "name": "label", "value": "IA-3" @@ -56714,13 +48419,6 @@ { "id": "ia-3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Uniquely identify and authenticate {{ insert: param, ia-03_odp.01 }} before establishing a {{ insert: param, ia-03_odp.02 }} connection." }, { @@ -56732,23 +48430,6 @@ "id": "ia-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-03", @@ -56867,9 +48548,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-04", + "class": "zero-padded" }, { "name": "label", @@ -56990,11 +48671,6 @@ "id": "ia-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -57006,11 +48682,6 @@ "id": "ia-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -57022,11 +48693,6 @@ "id": "ia-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -57038,11 +48704,6 @@ "id": "ia-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -57072,23 +48733,6 @@ "id": "ia-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04a.", @@ -57107,23 +48751,6 @@ "id": "ia-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04b.", @@ -57142,23 +48769,6 @@ "id": "ia-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04c.", @@ -57177,23 +48787,6 @@ "id": "ia-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04d.", @@ -57305,6 +48898,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-04(04)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-4(4)" @@ -57334,13 +48932,6 @@ { "id": "ia-4.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Manage individual identifiers by uniquely identifying each individual as {{ insert: param, ia-04.04_odp }}." }, { @@ -57352,23 +48943,6 @@ "id": "ia-4.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04(04)", @@ -57479,9 +49053,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-05", + "class": "zero-padded" }, { "name": "label", @@ -57623,11 +49197,6 @@ "id": "ia-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -57639,11 +49208,6 @@ "id": "ia-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -57655,11 +49219,6 @@ "id": "ia-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -57671,11 +49230,6 @@ "id": "ia-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -57687,11 +49241,6 @@ "id": "ia-5_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -57703,11 +49252,6 @@ "id": "ia-5_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -57719,11 +49263,6 @@ "id": "ia-5_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -57735,11 +49274,6 @@ "id": "ia-5_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -57751,11 +49285,6 @@ "id": "ia-5_smt.i", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "i." @@ -57814,23 +49343,6 @@ "id": "ia-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05a.", @@ -57849,23 +49361,6 @@ "id": "ia-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05b.", @@ -57884,23 +49379,6 @@ "id": "ia-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05c.", @@ -57919,23 +49397,6 @@ "id": "ia-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05d.", @@ -57954,23 +49415,6 @@ "id": "ia-5_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05e.", @@ -57989,23 +49433,6 @@ "id": "ia-5_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05f.", @@ -58024,23 +49451,6 @@ "id": "ia-5_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05g.", @@ -58070,23 +49480,6 @@ "id": "ia-5_obj.h-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05h.[01]", @@ -58105,23 +49498,6 @@ "id": "ia-5_obj.h-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05h.[02]", @@ -58148,23 +49524,6 @@ "id": "ia-5_obj.i", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05i.", @@ -58280,6 +49639,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(1)" @@ -58324,11 +49688,6 @@ "id": "ia-5.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -58340,11 +49699,6 @@ "id": "ia-5.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -58356,11 +49710,6 @@ "id": "ia-5.1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -58372,11 +49721,6 @@ "id": "ia-5.1_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -58388,11 +49732,6 @@ "id": "ia-5.1_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(e)" @@ -58404,11 +49743,6 @@ "id": "ia-5.1_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(f)" @@ -58420,11 +49754,6 @@ "id": "ia-5.1_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(g)" @@ -58436,11 +49765,6 @@ "id": "ia-5.1_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(h)" @@ -58473,7 +49797,7 @@ "value": "(h) Requirement:" } ], - "prose": "For cases where technology doesn't allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." + "prose": "For cases where technology doesn\u2019t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." }, { "id": "ia-5.1_fr_gdn.1", @@ -58510,23 +49834,6 @@ "id": "ia-5.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(a)", @@ -58545,23 +49852,6 @@ "id": "ia-5.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(b)", @@ -58580,17 +49870,6 @@ "id": "ia-5.1_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(c)", @@ -58609,17 +49888,6 @@ "id": "ia-5.1_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(d)", @@ -58638,17 +49906,6 @@ "id": "ia-5.1_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(e)", @@ -58667,17 +49924,6 @@ "id": "ia-5.1_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(f)", @@ -58696,17 +49942,6 @@ "id": "ia-5.1_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(g)", @@ -58725,23 +49960,6 @@ "id": "ia-5.1_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(h)", @@ -58837,6 +50055,11 @@ "class": "SP800-53-enhancement", "title": "Public Key-based Authentication", "props": [ + { + "name": "label", + "value": "IA-05(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(2)" @@ -58879,11 +50102,6 @@ "id": "ia-5.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -58919,11 +50137,6 @@ "id": "ia-5.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -58988,17 +50201,6 @@ "id": "ia-5.2_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(02)(a)(01)", @@ -59017,17 +50219,6 @@ "id": "ia-5.2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(02)(a)(02)", @@ -59065,17 +50256,6 @@ "id": "ia-5.2_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(02)(b)(01)", @@ -59094,17 +50274,6 @@ "id": "ia-5.2_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(02)(b)(02)", @@ -59208,6 +50377,11 @@ "class": "SP800-53-enhancement", "title": "Protection of Authenticators", "props": [ + { + "name": "label", + "value": "IA-05(06)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(6)" @@ -59241,13 +50415,6 @@ { "id": "ia-5.6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect authenticators commensurate with the security category of the information to which use of the authenticator permits access." }, { @@ -59259,17 +50426,6 @@ "id": "ia-5.6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(06)", @@ -59357,6 +50513,11 @@ "class": "SP800-53-enhancement", "title": "No Embedded Unencrypted Static Authenticators", "props": [ + { + "name": "label", + "value": "IA-05(07)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(7)" @@ -59386,13 +50547,6 @@ { "id": "ia-5.7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Ensure that unencrypted static authenticators are not embedded in applications or other forms of static storage.", "parts": [ { @@ -59424,17 +50578,6 @@ "id": "ia-5.7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(07)", @@ -59538,6 +50681,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-05(08)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(8)" @@ -59571,13 +50719,6 @@ { "id": "ia-5.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement {{ insert: param, ia-05.08_odp }} to manage the risk of compromise due to individuals having accounts on multiple systems.", "parts": [ { @@ -59609,23 +50750,6 @@ "id": "ia-5.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(08)", @@ -59724,6 +50848,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-05(13)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(13)" @@ -59753,13 +50882,6 @@ { "id": "ia-5.13_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prohibit the use of cached authenticators after {{ insert: param, ia-05.13_odp }}.", "parts": [ { @@ -59791,23 +50913,6 @@ "id": "ia-5.13_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(13)", @@ -59897,6 +51002,11 @@ "class": "SP800-53", "title": "Authentication Feedback", "props": [ + { + "name": "label", + "value": "IA-06", + "class": "zero-padded" + }, { "name": "label", "value": "IA-6" @@ -59926,13 +51036,6 @@ { "id": "ia-6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals." }, { @@ -59944,17 +51047,6 @@ "id": "ia-6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-06", @@ -60042,6 +51134,11 @@ "class": "SP800-53", "title": "Cryptographic Module Authentication", "props": [ + { + "name": "label", + "value": "IA-07", + "class": "zero-padded" + }, { "name": "label", "value": "IA-7" @@ -60091,13 +51188,6 @@ { "id": "ia-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication." }, { @@ -60109,29 +51199,6 @@ "id": "ia-7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-07", @@ -60219,6 +51286,11 @@ "class": "SP800-53", "title": "Identification and Authentication (Non-organizational Users)", "props": [ + { + "name": "label", + "value": "IA-08", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8" @@ -60336,13 +51408,6 @@ { "id": "ia-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users." }, { @@ -60354,17 +51419,6 @@ "id": "ia-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08", @@ -60452,6 +51506,11 @@ "class": "SP800-53-enhancement", "title": "Acceptance of PIV Credentials from Other Agencies", "props": [ + { + "name": "label", + "value": "IA-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(1)" @@ -60485,13 +51544,6 @@ { "id": "ia-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Accept and electronically verify Personal Identity Verification-compliant credentials from other federal agencies." }, { @@ -60503,17 +51555,6 @@ "id": "ia-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(01)", @@ -60638,6 +51679,11 @@ "class": "SP800-53-enhancement", "title": "Acceptance of External Authenticators", "props": [ + { + "name": "label", + "value": "IA-08(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(2)" @@ -60672,11 +51718,6 @@ "id": "ia-8.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -60688,11 +51729,6 @@ "id": "ia-8.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -60722,17 +51758,6 @@ "id": "ia-8.2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(02)(a)", @@ -60751,23 +51776,6 @@ "id": "ia-8.2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(02)(b)", @@ -60911,6 +51919,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-08(04)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(4)" @@ -60940,13 +51953,6 @@ { "id": "ia-8.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Conform to the following profiles for identity management {{ insert: param, ia-08.04_odp }}." }, { @@ -60958,29 +51964,6 @@ "id": "ia-8.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(04)", @@ -61081,6 +52064,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-11", + "class": "zero-padded" + }, { "name": "label", "value": "IA-11" @@ -61135,13 +52123,6 @@ { "id": "ia-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require users to re-authenticate when {{ insert: param, ia-11_odp }}.", "parts": [ { @@ -61173,29 +52154,6 @@ "id": "ia-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-11", @@ -61283,6 +52241,11 @@ "class": "SP800-53", "title": "Identity Proofing", "props": [ + { + "name": "label", + "value": "IA-12", + "class": "zero-padded" + }, { "name": "label", "value": "IA-12" @@ -61365,11 +52328,6 @@ "id": "ia-12_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -61381,11 +52339,6 @@ "id": "ia-12_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -61397,11 +52350,6 @@ "id": "ia-12_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -61449,29 +52397,6 @@ "id": "ia-12_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12a.", @@ -61490,23 +52415,6 @@ "id": "ia-12_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12b.", @@ -61525,23 +52433,6 @@ "id": "ia-12_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12c.", @@ -61692,6 +52583,11 @@ "class": "SP800-53-enhancement", "title": "Identity Evidence", "props": [ + { + "name": "label", + "value": "IA-12(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-12(2)" @@ -61721,13 +52617,6 @@ { "id": "ia-12.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require evidence of individual identification be presented to the registration authority." }, { @@ -61739,23 +52628,6 @@ "id": "ia-12.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12(02)", @@ -61854,6 +52726,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-12(03)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-12(3)" @@ -61883,13 +52760,6 @@ { "id": "ia-12.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require that the presented identity evidence be validated and verified through {{ insert: param, ia-12.03_odp }}." }, { @@ -61901,29 +52771,6 @@ "id": "ia-12.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12(03)", @@ -62011,6 +52858,11 @@ "class": "SP800-53-enhancement", "title": "In-person Validation and Verification", "props": [ + { + "name": "label", + "value": "IA-12(04)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-12(4)" @@ -62040,13 +52892,6 @@ { "id": "ia-12.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require that the validation and verification of identity evidence be conducted in person before a designated registration authority." }, { @@ -62058,23 +52903,6 @@ "id": "ia-12.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12(04)", @@ -62173,6 +53001,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-12(05)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-12(5)" @@ -62206,13 +53039,6 @@ { "id": "ia-12.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require that a {{ insert: param, ia-12.05_odp }} be delivered through an out-of-band channel to verify the users address (physical or digital) of record.", "parts": [ { @@ -62244,23 +53070,6 @@ "id": "ia-12.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12(05)", @@ -62452,6 +53261,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-01", + "class": "zero-padded" + }, { "name": "label", "value": "IR-1" @@ -62531,12 +53345,6 @@ "id": "ir-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -62596,11 +53404,6 @@ "id": "ir-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -62612,12 +53415,6 @@ "id": "ir-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -62682,23 +53479,6 @@ "id": "ir-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[01]", @@ -62717,23 +53497,6 @@ "id": "ir-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[02]", @@ -62752,17 +53515,6 @@ "id": "ir-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[03]", @@ -62781,17 +53533,6 @@ "id": "ir-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[04]", @@ -62821,17 +53562,6 @@ "id": "ir-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.01(a)", @@ -62977,17 +53707,6 @@ "id": "ir-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.01(b)", @@ -63022,23 +53741,6 @@ "id": "ir-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01b.", @@ -63068,23 +53770,6 @@ "id": "ir-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01c.01", @@ -63140,23 +53825,6 @@ "id": "ir-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01c.02", @@ -63328,6 +53996,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-02", + "class": "zero-padded" + }, { "name": "label", "value": "IR-2" @@ -63403,11 +54076,6 @@ "id": "ir-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -63454,11 +54122,6 @@ "id": "ir-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -63499,23 +54162,6 @@ "id": "ir-2_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02a.01", @@ -63534,23 +54180,6 @@ "id": "ir-2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02a.02", @@ -63569,23 +54198,6 @@ "id": "ir-2_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02a.03", @@ -63623,23 +54235,6 @@ "id": "ir-2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02b.[01]", @@ -63658,23 +54253,6 @@ "id": "ir-2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02b.[02]", @@ -63756,6 +54334,11 @@ "class": "SP800-53-enhancement", "title": "Simulated Events", "props": [ + { + "name": "label", + "value": "IR-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-2(1)" @@ -63790,13 +54373,6 @@ { "id": "ir-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Incorporate simulated events into incident response training to facilitate the required response by personnel in crisis situations." }, { @@ -63808,23 +54384,6 @@ "id": "ir-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02(01)", @@ -63923,6 +54482,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-2(2)" @@ -63957,13 +54521,6 @@ { "id": "ir-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide an incident response training environment using {{ insert: param, ir-02.02_odp }}." }, { @@ -63975,17 +54532,6 @@ "id": "ir-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-02(02)", @@ -64101,9 +54647,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-03", + "class": "zero-padded" }, { "name": "label", @@ -64171,13 +54717,6 @@ { "id": "ir-3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Test the effectiveness of the incident response capability for the system {{ insert: param, ir-03_odp.01 }} using the following tests: {{ insert: param, ir-03_odp.02 }}.", "parts": [ { @@ -64209,23 +54748,6 @@ "id": "ir-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-03", @@ -64291,6 +54813,11 @@ "class": "SP800-53-enhancement", "title": "Coordination with Related Plans", "props": [ + { + "name": "label", + "value": "IR-03(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-3(2)" @@ -64325,13 +54852,6 @@ { "id": "ir-3.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Coordinate incident response testing with organizational elements responsible for related plans." }, { @@ -64343,23 +54863,6 @@ "id": "ir-3.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-03(02)", @@ -64428,9 +54931,9 @@ "title": "Incident Handling", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-04", + "class": "zero-padded" }, { "name": "label", @@ -64586,11 +55089,6 @@ "id": "ir-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -64602,11 +55100,6 @@ "id": "ir-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -64618,11 +55111,6 @@ "id": "ir-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -64634,11 +55122,6 @@ "id": "ir-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -64708,23 +55191,6 @@ "id": "ir-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04a.[01]", @@ -64743,23 +55209,6 @@ "id": "ir-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04a.[02]", @@ -64858,23 +55307,6 @@ "id": "ir-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04b.", @@ -64904,23 +55336,6 @@ "id": "ir-4_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04c.[01]", @@ -64939,23 +55354,6 @@ "id": "ir-4_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04c.[02]", @@ -64982,23 +55380,6 @@ "id": "ir-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04d.", @@ -65179,9 +55560,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-04(01)", + "class": "zero-padded" }, { "name": "label", @@ -65212,13 +55593,6 @@ { "id": "ir-4.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Support the incident handling process using {{ insert: param, ir-04.01_odp }}." }, { @@ -65230,23 +55604,6 @@ "id": "ir-4.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04(01)", @@ -65360,9 +55717,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-04(02)", + "class": "zero-padded" }, { "name": "label", @@ -65405,13 +55762,6 @@ { "id": "ir-4.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Include the following types of dynamic reconfiguration for {{ insert: param, ir-04.02_odp.02 }} as part of the incident response capability: {{ insert: param, ir-04.02_odp.01 }}." }, { @@ -65423,23 +55773,6 @@ "id": "ir-4.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04(02)", @@ -65528,9 +55861,9 @@ "title": "Information Correlation", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-04(04)", + "class": "zero-padded" }, { "name": "label", @@ -65561,13 +55894,6 @@ { "id": "ir-4.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Correlate incident information and individual incident responses to achieve an organization-wide perspective on incident awareness and response." }, { @@ -65579,23 +55905,6 @@ "id": "ir-4.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04(04)", @@ -65684,9 +55993,9 @@ "title": "Insider Threats", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-04(06)", + "class": "zero-padded" }, { "name": "label", @@ -65717,13 +56026,6 @@ { "id": "ir-4.6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement an incident handling capability for incidents involving insider threats." }, { @@ -65735,23 +56037,6 @@ "id": "ir-4.6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-04(06)", @@ -65850,6 +56135,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-04(11)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-4(11)" @@ -65883,13 +56173,6 @@ { "id": "ir-4.11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish and maintain an integrated incident response team that can be deployed to any location identified by the organization in {{ insert: param, ir-04.11_odp }}." }, { @@ -65912,23 +56195,6 @@ "id": "ir-4.11_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-04(11)[01]", @@ -65947,23 +56213,6 @@ "id": "ir-4.11_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-04(11)[02]", @@ -66039,6 +56288,11 @@ "class": "SP800-53", "title": "Incident Monitoring", "props": [ + { + "name": "label", + "value": "IR-05", + "class": "zero-padded" + }, { "name": "label", "value": "IR-5" @@ -66121,13 +56375,6 @@ { "id": "ir-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Track and document incidents." }, { @@ -66139,23 +56386,6 @@ "id": "ir-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-05", @@ -66313,6 +56543,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-5(1)" @@ -66347,13 +56582,6 @@ { "id": "ir-5.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Track incidents and collect and analyze incident information using {{ insert: param, ir-5.1_prm_1 }}." }, { @@ -66365,29 +56593,6 @@ "id": "ir-5.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-05(01)", @@ -66557,6 +56762,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-06", + "class": "zero-padded" + }, { "name": "label", "value": "IR-6" @@ -66627,11 +56837,6 @@ "id": "ir-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -66643,11 +56848,6 @@ "id": "ir-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -66695,23 +56895,6 @@ "id": "ir-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-06a.", @@ -66730,23 +56913,6 @@ "id": "ir-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-06b.", @@ -66853,6 +57019,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-06(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-6(1)" @@ -66886,13 +57057,6 @@ { "id": "ir-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Report incidents using {{ insert: param, ir-06.01_odp }}." }, { @@ -66904,29 +57068,6 @@ "id": "ir-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-06(01)", @@ -67014,6 +57155,11 @@ "class": "SP800-53-enhancement", "title": "Supply Chain Coordination", "props": [ + { + "name": "label", + "value": "IR-06(03)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-6(3)" @@ -67047,13 +57193,6 @@ { "id": "ir-6.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide incident information to the provider of the product or service and other organizations involved in the supply chain or supply chain governance for systems or system components related to the incident." }, { @@ -67065,23 +57204,6 @@ "id": "ir-6.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-06(03)", @@ -67171,6 +57293,11 @@ "class": "SP800-53", "title": "Incident Response Assistance", "props": [ + { + "name": "label", + "value": "IR-07", + "class": "zero-padded" + }, { "name": "label", "value": "IR-7" @@ -67240,13 +57367,6 @@ { "id": "ir-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide an incident response support resource, integral to the organizational incident response capability, that offers advice and assistance to users of the system for the handling and reporting of incidents." }, { @@ -67269,23 +57389,6 @@ "id": "ir-7_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-07[01]", @@ -67304,23 +57407,6 @@ "id": "ir-7_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-07[02]", @@ -67427,6 +57513,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-07(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-7(1)" @@ -67456,13 +57547,6 @@ { "id": "ir-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Increase the availability of incident response information and support using {{ insert: param, ir-07.01_odp }}." }, { @@ -67474,29 +57558,6 @@ "id": "ir-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-07(01)", @@ -67670,6 +57731,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-08", + "class": "zero-padded" + }, { "name": "label", "value": "IR-8" @@ -67756,11 +57822,6 @@ "id": "ir-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -67884,11 +57945,6 @@ "id": "ir-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -67900,11 +57956,6 @@ "id": "ir-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -67916,11 +57967,6 @@ "id": "ir-8_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -67932,11 +57978,6 @@ "id": "ir-8_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -68006,17 +58047,6 @@ "id": "ir-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.01", @@ -68035,17 +58065,6 @@ "id": "ir-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.02", @@ -68064,17 +58083,6 @@ "id": "ir-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.03", @@ -68093,17 +58101,6 @@ "id": "ir-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.04", @@ -68122,17 +58119,6 @@ "id": "ir-8_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.05", @@ -68151,17 +58137,6 @@ "id": "ir-8_obj.a.6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.06", @@ -68180,17 +58155,6 @@ "id": "ir-8_obj.a.7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.07", @@ -68209,17 +58173,6 @@ "id": "ir-8_obj.a.8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.08", @@ -68238,17 +58191,6 @@ "id": "ir-8_obj.a.9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.09", @@ -68267,17 +58209,6 @@ "id": "ir-8_obj.a.10", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.10", @@ -68304,17 +58235,6 @@ "id": "ir-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-08b.", @@ -68370,23 +58290,6 @@ "id": "ir-8_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-08c.", @@ -68405,23 +58308,6 @@ "id": "ir-8_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-08d.", @@ -68477,17 +58363,6 @@ "id": "ir-8_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-08e.", @@ -68649,6 +58524,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-09", + "class": "zero-padded" + }, { "name": "label", "value": "IR-9" @@ -68712,11 +58592,6 @@ "id": "ir-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -68728,11 +58603,6 @@ "id": "ir-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -68744,11 +58614,6 @@ "id": "ir-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -68760,11 +58625,6 @@ "id": "ir-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -68776,11 +58636,6 @@ "id": "ir-9_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -68792,11 +58647,6 @@ "id": "ir-9_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -68808,11 +58658,6 @@ "id": "ir-9_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -68842,23 +58687,6 @@ "id": "ir-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-09a.", @@ -68877,23 +58705,6 @@ "id": "ir-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-09b.", @@ -68912,23 +58723,6 @@ "id": "ir-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09c.", @@ -68947,23 +58741,6 @@ "id": "ir-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09d.", @@ -68982,23 +58759,6 @@ "id": "ir-9_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09e.", @@ -69017,23 +58777,6 @@ "id": "ir-9_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09f.", @@ -69052,23 +58795,6 @@ "id": "ir-9_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09g.", @@ -69180,6 +58906,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-09(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-9(2)" @@ -69225,13 +58956,6 @@ { "id": "ir-9.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide information spillage response training {{ insert: param, ir-09.02_odp }}." }, { @@ -69243,17 +58967,6 @@ "id": "ir-9.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09(02)", @@ -69330,6 +59043,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-09(03)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-9(3)" @@ -69359,13 +59077,6 @@ { "id": "ir-9.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement the following procedures to ensure that organizational personnel impacted by information spills can continue to carry out assigned tasks while contaminated systems are undergoing corrective actions: {{ insert: param, ir-09.03_odp }}." }, { @@ -69377,17 +59088,6 @@ "id": "ir-9.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-09(03)", @@ -69486,6 +59186,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-09(04)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-9(4)" @@ -69515,13 +59220,6 @@ { "id": "ir-9.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ the following controls for personnel exposed to information not within assigned access authorizations: {{ insert: param, ir-09.04_odp }}." }, { @@ -69533,17 +59231,6 @@ "id": "ir-9.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09(04)", @@ -69735,6 +59422,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-01", + "class": "zero-padded" + }, { "name": "label", "value": "MA-1" @@ -69802,12 +59494,6 @@ "id": "ma-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -69867,11 +59553,6 @@ "id": "ma-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -69883,12 +59564,6 @@ "id": "ma-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -69953,23 +59628,6 @@ "id": "ma-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[01]", @@ -69988,23 +59646,6 @@ "id": "ma-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[02]", @@ -70023,17 +59664,6 @@ "id": "ma-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[03]", @@ -70052,17 +59682,6 @@ "id": "ma-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[04]", @@ -70092,17 +59711,6 @@ "id": "ma-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.01(a)", @@ -70248,17 +59856,6 @@ "id": "ma-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.01(b)", @@ -70293,23 +59890,6 @@ "id": "ma-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01b.", @@ -70339,23 +59919,6 @@ "id": "ma-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01c.01", @@ -70411,23 +59974,6 @@ "id": "ma-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01c.02", @@ -70575,6 +60121,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-02", + "class": "zero-padded" + }, { "name": "label", "value": "MA-2" @@ -70661,11 +60212,6 @@ "id": "ma-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -70677,11 +60223,6 @@ "id": "ma-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -70693,11 +60234,6 @@ "id": "ma-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -70709,11 +60245,6 @@ "id": "ma-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -70725,11 +60256,6 @@ "id": "ma-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -70741,11 +60267,6 @@ "id": "ma-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -70775,29 +60296,6 @@ "id": "ma-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02a.", @@ -70871,23 +60369,6 @@ "id": "ma-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-02b.", @@ -70943,23 +60424,6 @@ "id": "ma-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-02c.", @@ -70978,23 +60442,6 @@ "id": "ma-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-02d.", @@ -71013,17 +60460,6 @@ "id": "ma-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02e.", @@ -71042,17 +60478,6 @@ "id": "ma-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02f.", @@ -71181,6 +60606,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "MA-2(2)" @@ -71219,11 +60649,6 @@ "id": "ma-2.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -71235,11 +60660,6 @@ "id": "ma-2.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -71269,23 +60689,6 @@ "id": "ma-2.2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02(02)(a)", @@ -71359,23 +60762,6 @@ "id": "ma-2.2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02(02)(b)", @@ -71544,6 +60930,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-03", + "class": "zero-padded" + }, { "name": "label", "value": "MA-3" @@ -71586,11 +60977,6 @@ "id": "ma-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -71602,11 +60988,6 @@ "id": "ma-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -71636,29 +61017,6 @@ "id": "ma-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03a.", @@ -71732,29 +61090,6 @@ "id": "ma-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03b.", @@ -71850,6 +61185,11 @@ "class": "SP800-53-enhancement", "title": "Inspect Tools", "props": [ + { + "name": "label", + "value": "MA-03(01)", + "class": "zero-padded" + }, { "name": "label", "value": "MA-3(1)" @@ -71883,13 +61223,6 @@ { "id": "ma-3.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Inspect the maintenance tools used by maintenance personnel for improper or unauthorized modifications." }, { @@ -71901,29 +61234,6 @@ "id": "ma-3.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03(01)", @@ -72012,9 +61322,9 @@ "title": "Inspect Media", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "MA-03(02)", + "class": "zero-padded" }, { "name": "label", @@ -72049,13 +61359,6 @@ { "id": "ma-3.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Check media containing diagnostic and test programs for malicious code before the media are used in the system." }, { @@ -72067,29 +61370,6 @@ "id": "ma-3.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03(02)", @@ -72193,6 +61473,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-03(03)", + "class": "zero-padded" + }, { "name": "label", "value": "MA-3(3)" @@ -72232,11 +61517,6 @@ "id": "ma-3.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -72248,11 +61528,6 @@ "id": "ma-3.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -72264,11 +61539,6 @@ "id": "ma-3.3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -72280,11 +61550,6 @@ "id": "ma-3.3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -72303,29 +61568,6 @@ "id": "ma-3.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03(03)", @@ -72488,6 +61730,11 @@ "class": "SP800-53", "title": "Nonlocal Maintenance", "props": [ + { + "name": "label", + "value": "MA-04", + "class": "zero-padded" + }, { "name": "label", "value": "MA-4" @@ -72598,11 +61845,6 @@ "id": "ma-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -72614,11 +61856,6 @@ "id": "ma-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -72630,11 +61867,6 @@ "id": "ma-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -72646,11 +61878,6 @@ "id": "ma-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -72662,11 +61889,6 @@ "id": "ma-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -72696,23 +61918,6 @@ "id": "ma-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04a.", @@ -72779,23 +61984,6 @@ "id": "ma-4_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04b.[01]", @@ -72814,17 +62002,6 @@ "id": "ma-4_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-04b.[02]", @@ -72851,29 +62028,6 @@ "id": "ma-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04c.", @@ -72892,17 +62046,6 @@ "id": "ma-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04d.", @@ -72921,17 +62064,6 @@ "id": "ma-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04e.", @@ -73064,6 +62196,11 @@ "class": "SP800-53-enhancement", "title": "Comparable Security and Sanitization", "props": [ + { + "name": "label", + "value": "MA-04(03)", + "class": "zero-padded" + }, { "name": "label", "value": "MA-4(3)" @@ -73110,11 +62247,6 @@ "id": "ma-4.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -73126,11 +62258,6 @@ "id": "ma-4.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -73160,23 +62287,6 @@ "id": "ma-4.3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04(03)(a)", @@ -73243,17 +62353,6 @@ "id": "ma-4.3_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04(03)(b)[01]", @@ -73272,17 +62371,6 @@ "id": "ma-4.3_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04(03)(b)[02]", @@ -73301,17 +62389,6 @@ "id": "ma-4.3_obj.b-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04(03)(b)[03]", @@ -73417,6 +62494,11 @@ "class": "SP800-53", "title": "Maintenance Personnel", "props": [ + { + "name": "label", + "value": "MA-05", + "class": "zero-padded" + }, { "name": "label", "value": "MA-5" @@ -73495,11 +62577,6 @@ "id": "ma-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -73511,11 +62588,6 @@ "id": "ma-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -73527,11 +62599,6 @@ "id": "ma-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -73561,17 +62628,6 @@ "id": "ma-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-05a.", @@ -73627,29 +62683,6 @@ "id": "ma-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05b.", @@ -73668,29 +62701,6 @@ "id": "ma-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05c.", @@ -73797,6 +62807,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "MA-5(1)" @@ -73839,11 +62854,6 @@ "id": "ma-5.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -73879,11 +62889,6 @@ "id": "ma-5.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -73924,23 +62929,6 @@ "id": "ma-5.1_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05(01)(a)(01)", @@ -73959,23 +62947,6 @@ "id": "ma-5.1_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05(01)(a)(02)", @@ -74002,29 +62973,6 @@ "id": "ma-5.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05(01)(b)", @@ -74147,6 +63095,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-06", + "class": "zero-padded" + }, { "name": "label", "value": "MA-6" @@ -74208,13 +63161,6 @@ { "id": "ma-6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Obtain maintenance support and/or spare parts for {{ insert: param, ma-06_odp.01 }} within {{ insert: param, ma-06_odp.02 }} of failure." }, { @@ -74226,29 +63172,6 @@ "id": "ma-6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-06", @@ -74438,6 +63361,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-01", + "class": "zero-padded" + }, { "name": "label", "value": "MP-1" @@ -74505,12 +63433,6 @@ "id": "mp-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -74570,11 +63492,6 @@ "id": "mp-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -74586,12 +63503,6 @@ "id": "mp-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -74656,23 +63567,6 @@ "id": "mp-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[01]", @@ -74691,23 +63585,6 @@ "id": "mp-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[02]", @@ -74726,17 +63603,6 @@ "id": "mp-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[03]", @@ -74755,17 +63621,6 @@ "id": "mp-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[04]", @@ -74795,17 +63650,6 @@ "id": "mp-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.01(a)", @@ -74951,17 +63795,6 @@ "id": "mp-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.01(b)", @@ -74996,23 +63829,6 @@ "id": "mp-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01b.", @@ -75042,23 +63858,6 @@ "id": "mp-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01c.01", @@ -75114,23 +63913,6 @@ "id": "mp-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01c.02", @@ -75300,6 +64082,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-02", + "class": "zero-padded" + }, { "name": "label", "value": "MP-2" @@ -75393,13 +64180,6 @@ { "id": "mp-2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Restrict access to {{ insert: param, mp-2_prm_1 }} to {{ insert: param, mp-2_prm_2 }}." }, { @@ -75422,29 +64202,6 @@ "id": "mp-2_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-02[01]", @@ -75463,29 +64220,6 @@ "id": "mp-2_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-02[02]", @@ -75611,6 +64345,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-03", + "class": "zero-padded" + }, { "name": "label", "value": "MP-3" @@ -75673,11 +64412,6 @@ "id": "mp-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -75689,11 +64423,6 @@ "id": "mp-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -75741,17 +64470,6 @@ "id": "mp-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-03a.", @@ -75770,17 +64488,6 @@ "id": "mp-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-03b.", @@ -75950,6 +64657,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-04", + "class": "zero-padded" + }, { "name": "label", "value": "MP-4" @@ -76068,11 +64780,6 @@ "id": "mp-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -76084,11 +64791,6 @@ "id": "mp-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -76147,29 +64849,6 @@ "id": "mp-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04a.[01]", @@ -76188,29 +64867,6 @@ "id": "mp-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04a.[02]", @@ -76229,29 +64885,6 @@ "id": "mp-4_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04a.[03]", @@ -76270,29 +64903,6 @@ "id": "mp-4_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04a.[04]", @@ -76319,29 +64929,6 @@ "id": "mp-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04b.", @@ -76480,6 +65067,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-05", + "class": "zero-padded" + }, { "name": "label", "value": "MP-5" @@ -76570,11 +65162,6 @@ "id": "mp-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -76586,11 +65173,6 @@ "id": "mp-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -76602,11 +65184,6 @@ "id": "mp-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -76618,11 +65195,6 @@ "id": "mp-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -76670,29 +65242,6 @@ "id": "mp-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-05a.", @@ -76748,29 +65297,6 @@ "id": "mp-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-05b.", @@ -76789,17 +65315,6 @@ "id": "mp-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-05c.", @@ -76829,23 +65344,6 @@ "id": "mp-5_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-05d.[01]", @@ -76864,17 +65362,6 @@ "id": "mp-5_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-05d.[02]", @@ -77047,6 +65534,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-06", + "class": "zero-padded" + }, { "name": "label", "value": "MP-6" @@ -77165,11 +65657,6 @@ "id": "mp-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -77181,11 +65668,6 @@ "id": "mp-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -77215,29 +65697,6 @@ "id": "mp-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-06a.", @@ -77311,29 +65770,6 @@ "id": "mp-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-06b.", @@ -77429,6 +65865,11 @@ "class": "SP800-53-enhancement", "title": "Review, Approve, Track, Document, and Verify", "props": [ + { + "name": "label", + "value": "MP-06(01)", + "class": "zero-padded" + }, { "name": "label", "value": "MP-6(1)" @@ -77458,13 +65899,6 @@ { "id": "mp-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Review, approve, track, document, and verify media sanitization and disposal actions.", "parts": [ { @@ -77496,17 +65930,6 @@ "id": "mp-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-06(01)", @@ -77714,6 +66137,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-06(02)", + "class": "zero-padded" + }, { "name": "label", "value": "MP-6(2)" @@ -77743,13 +66171,6 @@ { "id": "mp-6.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Test sanitization equipment and procedures {{ insert: param, mp-6.2_prm_1 }} to ensure that the intended sanitization is being achieved.", "parts": [ { @@ -77781,17 +66202,6 @@ "id": "mp-6.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-06(02)", @@ -77927,6 +66337,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-06(03)", + "class": "zero-padded" + }, { "name": "label", "value": "MP-6(3)" @@ -77956,13 +66371,6 @@ { "id": "mp-6.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Apply nondestructive sanitization techniques to portable storage devices prior to connecting such devices to the system under the following circumstances: {{ insert: param, mp-06.03_odp }}.", "parts": [ { @@ -77994,23 +66402,6 @@ "id": "mp-6.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-06(03)", @@ -78138,6 +66529,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-07", + "class": "zero-padded" + }, { "name": "label", "value": "MP-7" @@ -78200,11 +66596,6 @@ "id": "mp-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -78216,11 +66607,6 @@ "id": "mp-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -78250,29 +66636,6 @@ "id": "mp-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-07a.", @@ -78291,29 +66654,6 @@ "id": "mp-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-07b.", @@ -78511,6 +66851,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-01", + "class": "zero-padded" + }, { "name": "label", "value": "PE-1" @@ -78578,12 +66923,6 @@ "id": "pe-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -78643,11 +66982,6 @@ "id": "pe-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -78659,12 +66993,6 @@ "id": "pe-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -78729,23 +67057,6 @@ "id": "pe-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[01]", @@ -78764,23 +67075,6 @@ "id": "pe-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[02]", @@ -78799,17 +67093,6 @@ "id": "pe-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[03]", @@ -78828,17 +67111,6 @@ "id": "pe-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[04]", @@ -78868,17 +67140,6 @@ "id": "pe-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.01(a)", @@ -79024,17 +67285,6 @@ "id": "pe-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.01(b)", @@ -79069,23 +67319,6 @@ "id": "pe-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01b.", @@ -79115,23 +67348,6 @@ "id": "pe-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01c.01", @@ -79187,23 +67403,6 @@ "id": "pe-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01c.02", @@ -79338,6 +67537,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-02", + "class": "zero-padded" + }, { "name": "label", "value": "PE-2" @@ -79440,11 +67644,6 @@ "id": "pe-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -79456,11 +67655,6 @@ "id": "pe-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -79472,11 +67666,6 @@ "id": "pe-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -79488,11 +67677,6 @@ "id": "pe-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -79522,23 +67706,6 @@ "id": "pe-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-02a.", @@ -79612,17 +67779,6 @@ "id": "pe-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-02b.", @@ -79641,17 +67797,6 @@ "id": "pe-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-02c.", @@ -79670,17 +67815,6 @@ "id": "pe-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-02d.", @@ -79894,9 +68028,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "PE-03", + "class": "zero-padded" }, { "name": "label", @@ -80040,11 +68174,6 @@ "id": "pe-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -80080,11 +68209,6 @@ "id": "pe-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -80096,11 +68220,6 @@ "id": "pe-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -80112,11 +68231,6 @@ "id": "pe-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -80128,11 +68242,6 @@ "id": "pe-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -80144,11 +68253,6 @@ "id": "pe-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -80160,11 +68264,6 @@ "id": "pe-3_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -80205,17 +68304,6 @@ "id": "pe-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03a.01", @@ -80234,23 +68322,6 @@ "id": "pe-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03a.02", @@ -80277,23 +68348,6 @@ "id": "pe-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-03b.", @@ -80312,17 +68366,6 @@ "id": "pe-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03c.", @@ -80352,17 +68395,6 @@ "id": "pe-3_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03d.[01]", @@ -80381,23 +68413,6 @@ "id": "pe-3_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03d.[02]", @@ -80424,17 +68439,6 @@ "id": "pe-3_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03e.", @@ -80508,23 +68512,6 @@ "id": "pe-3_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-03f.", @@ -80554,17 +68541,6 @@ "id": "pe-3_obj.g-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03g.[01]", @@ -80583,17 +68559,6 @@ "id": "pe-3_obj.g-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03g.[02]", @@ -80708,6 +68673,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-03(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-3(1)" @@ -80737,13 +68707,6 @@ { "id": "pe-3.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Enforce physical access authorizations to the system in addition to the physical access controls for the facility at {{ insert: param, pe-03.01_odp }}." }, { @@ -80766,17 +68729,6 @@ "id": "pe-3.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03(01)[01]", @@ -80795,17 +68747,6 @@ "id": "pe-3.1_obj.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03(01)[02]", @@ -80923,6 +68864,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-04", + "class": "zero-padded" + }, { "name": "label", "value": "PE-4" @@ -80988,13 +68934,6 @@ { "id": "pe-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Control physical access to {{ insert: param, pe-04_odp.01 }} within organizational facilities using {{ insert: param, pe-04_odp.02 }}." }, { @@ -81006,23 +68945,6 @@ "id": "pe-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-04", @@ -81121,6 +69043,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-05", + "class": "zero-padded" + }, { "name": "label", "value": "PE-5" @@ -81166,13 +69093,6 @@ { "id": "pe-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Control physical access to output from {{ insert: param, pe-05_odp }} to prevent unauthorized individuals from obtaining the output." }, { @@ -81184,17 +69104,6 @@ "id": "pe-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-05", @@ -81307,6 +69216,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-06", + "class": "zero-padded" + }, { "name": "label", "value": "PE-6" @@ -81374,11 +69288,6 @@ "id": "pe-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -81390,11 +69299,6 @@ "id": "pe-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -81406,11 +69310,6 @@ "id": "pe-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -81440,23 +69339,6 @@ "id": "pe-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06a.", @@ -81486,17 +69368,6 @@ "id": "pe-6_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06b.[01]", @@ -81515,17 +69386,6 @@ "id": "pe-6_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06b.[02]", @@ -81563,23 +69423,6 @@ "id": "pe-6_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-06c.[01]", @@ -81598,23 +69441,6 @@ "id": "pe-6_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-06c.[02]", @@ -81718,6 +69544,11 @@ "class": "SP800-53-enhancement", "title": "Intrusion Alarms and Surveillance Equipment", "props": [ + { + "name": "label", + "value": "PE-06(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-6(1)" @@ -81752,13 +69583,6 @@ { "id": "pe-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Monitor physical access to the facility where the system resides using physical intrusion alarms and surveillance equipment." }, { @@ -81770,17 +69594,6 @@ "id": "pe-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06(01)", @@ -81916,6 +69729,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-06(04)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-6(4)" @@ -81950,13 +69768,6 @@ { "id": "pe-6.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Monitor physical access to the system in addition to the physical access monitoring of the facility at {{ insert: param, pe-06.04_odp }}." }, { @@ -81968,17 +69779,6 @@ "id": "pe-6.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06(04)", @@ -82107,6 +69907,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-08", + "class": "zero-padded" + }, { "name": "label", "value": "PE-8" @@ -82154,11 +69959,6 @@ "id": "pe-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -82170,11 +69970,6 @@ "id": "pe-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -82186,11 +69981,6 @@ "id": "pe-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -82220,23 +70010,6 @@ "id": "pe-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-08a.", @@ -82255,17 +70028,6 @@ "id": "pe-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-08b.", @@ -82284,23 +70046,6 @@ "id": "pe-8_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-08c.", @@ -82420,6 +70165,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-8(1)" @@ -82449,13 +70199,6 @@ { "id": "pe-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain and review visitor access records using {{ insert: param, pe-8.1_prm_1 }}." }, { @@ -82478,23 +70221,6 @@ "id": "pe-8.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-08(01)[01]", @@ -82513,17 +70239,6 @@ "id": "pe-8.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-08(01)[02]", @@ -82621,6 +70336,11 @@ "class": "SP800-53", "title": "Power Equipment and Cabling", "props": [ + { + "name": "label", + "value": "PE-09", + "class": "zero-padded" + }, { "name": "label", "value": "PE-9" @@ -82650,13 +70370,6 @@ { "id": "pe-9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect power equipment and power cabling for the system from damage and destruction." }, { @@ -82668,17 +70381,6 @@ "id": "pe-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-09", @@ -82828,6 +70530,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-10", + "class": "zero-padded" + }, { "name": "label", "value": "PE-10" @@ -82862,11 +70569,6 @@ "id": "pe-10_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -82878,11 +70580,6 @@ "id": "pe-10_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -82894,11 +70591,6 @@ "id": "pe-10_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -82928,23 +70620,6 @@ "id": "pe-10_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-10a.", @@ -82963,17 +70638,6 @@ "id": "pe-10_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-10b.", @@ -82992,23 +70656,6 @@ "id": "pe-10_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-10c.", @@ -83115,6 +70762,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-11", + "class": "zero-padded" + }, { "name": "label", "value": "PE-11" @@ -83152,13 +70804,6 @@ { "id": "pe-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide an uninterruptible power supply to facilitate {{ insert: param, pe-11_odp }} in the event of a primary power source loss." }, { @@ -83170,23 +70815,6 @@ "id": "pe-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-11", @@ -83290,6 +70918,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-11(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-11(1)" @@ -83319,13 +70952,6 @@ { "id": "pe-11.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide an alternate power supply for the system that is activated {{ insert: param, pe-11.01_odp }} and that can maintain minimally required operational capability in the event of an extended loss of the primary power source." }, { @@ -83348,23 +70974,6 @@ "id": "pe-11.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-11(01)[01]", @@ -83383,23 +70992,6 @@ "id": "pe-11.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-11(01)[02]", @@ -83497,6 +71089,11 @@ "class": "SP800-53", "title": "Emergency Lighting", "props": [ + { + "name": "label", + "value": "PE-12", + "class": "zero-padded" + }, { "name": "label", "value": "PE-12" @@ -83530,13 +71127,6 @@ { "id": "pe-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ and maintain automatic emergency lighting for the system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility." }, { @@ -83559,17 +71149,6 @@ "id": "pe-12_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[01]", @@ -83588,17 +71167,6 @@ "id": "pe-12_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[02]", @@ -83617,17 +71185,6 @@ "id": "pe-12_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[03]", @@ -83646,17 +71203,6 @@ "id": "pe-12_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[04]", @@ -83752,6 +71298,11 @@ "class": "SP800-53", "title": "Fire Protection", "props": [ + { + "name": "label", + "value": "PE-13", + "class": "zero-padded" + }, { "name": "label", "value": "PE-13" @@ -83781,13 +71332,6 @@ { "id": "pe-13_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ and maintain fire detection and suppression systems that are supported by an independent energy source." }, { @@ -83810,23 +71354,6 @@ "id": "pe-13_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[01]", @@ -83845,23 +71372,6 @@ "id": "pe-13_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[02]", @@ -83880,23 +71390,6 @@ "id": "pe-13_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[03]", @@ -83915,23 +71408,6 @@ "id": "pe-13_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[04]", @@ -83950,23 +71426,6 @@ "id": "pe-13_obj-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[05]", @@ -83985,23 +71444,6 @@ "id": "pe-13_obj-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[06]", @@ -84127,6 +71569,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-13(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-13(1)" @@ -84156,13 +71603,6 @@ { "id": "pe-13.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ fire detection systems that activate automatically and notify {{ insert: param, pe-13.01_odp.01 }} and {{ insert: param, pe-13.01_odp.02 }} in the event of a fire." }, { @@ -84185,17 +71625,6 @@ "id": "pe-13.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(01)[01]", @@ -84214,23 +71643,6 @@ "id": "pe-13.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(01)[02]", @@ -84249,23 +71661,6 @@ "id": "pe-13.1_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(01)[03]", @@ -84381,6 +71776,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-13(02)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-13(2)" @@ -84415,11 +71815,6 @@ "id": "pe-13.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -84431,11 +71826,6 @@ "id": "pe-13.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -84476,17 +71866,6 @@ "id": "pe-13.2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(02)(a)[01]", @@ -84505,23 +71884,6 @@ "id": "pe-13.2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(02)(a)[02]", @@ -84540,23 +71902,6 @@ "id": "pe-13.2_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(02)(a)[03]", @@ -84583,23 +71928,6 @@ "id": "pe-13.2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(02)(b)", @@ -84749,6 +72077,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-14", + "class": "zero-padded" + }, { "name": "label", "value": "PE-14" @@ -84787,11 +72120,6 @@ "id": "pe-14_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -84803,11 +72131,6 @@ "id": "pe-14_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -84855,23 +72178,6 @@ "id": "pe-14_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-14a.", @@ -84890,23 +72196,6 @@ "id": "pe-14_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-14b.", @@ -85013,6 +72302,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-14(02)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-14(2)" @@ -85042,13 +72336,6 @@ { "id": "pe-14.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ environmental control monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment to {{ insert: param, pe-14.02_odp }}." }, { @@ -85071,17 +72358,6 @@ "id": "pe-14.2_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-14(02)[01]", @@ -85100,23 +72376,6 @@ "id": "pe-14.2_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-14(02)[02]", @@ -85214,6 +72473,11 @@ "class": "SP800-53", "title": "Water Damage Protection", "props": [ + { + "name": "label", + "value": "PE-15", + "class": "zero-padded" + }, { "name": "label", "value": "PE-15" @@ -85247,13 +72511,6 @@ { "id": "pe-15_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel." }, { @@ -85276,23 +72533,6 @@ "id": "pe-15_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[01]", @@ -85311,23 +72551,6 @@ "id": "pe-15_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[02]", @@ -85346,23 +72569,6 @@ "id": "pe-15_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[03]", @@ -85381,23 +72587,6 @@ "id": "pe-15_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[04]", @@ -85518,6 +72707,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-15(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-15(1)" @@ -85547,13 +72741,6 @@ { "id": "pe-15.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Detect the presence of water near the system and alert {{ insert: param, pe-15.01_odp.01 }} using {{ insert: param, pe-15.01_odp.02 }}." }, { @@ -85576,17 +72763,6 @@ "id": "pe-15.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15(01)[01]", @@ -85605,23 +72781,6 @@ "id": "pe-15.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15(01)[02]", @@ -85748,6 +72907,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-16", + "class": "zero-padded" + }, { "name": "label", "value": "PE-16" @@ -85818,11 +72982,6 @@ "id": "pe-16_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -85834,11 +72993,6 @@ "id": "pe-16_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -85879,23 +73033,6 @@ "id": "pe-16_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[01]", @@ -85914,23 +73051,6 @@ "id": "pe-16_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[02]", @@ -85949,23 +73069,6 @@ "id": "pe-16_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[03]", @@ -85984,23 +73087,6 @@ "id": "pe-16_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[04]", @@ -86027,23 +73113,6 @@ "id": "pe-16_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-16b.", @@ -86159,6 +73228,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-17", + "class": "zero-padded" + }, { "name": "label", "value": "PE-17" @@ -86205,11 +73279,6 @@ "id": "pe-17_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -86221,11 +73290,6 @@ "id": "pe-17_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -86237,11 +73301,6 @@ "id": "pe-17_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -86253,11 +73312,6 @@ "id": "pe-17_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -86287,23 +73341,6 @@ "id": "pe-17_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-17a.", @@ -86322,23 +73359,6 @@ "id": "pe-17_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-17b.", @@ -86357,23 +73377,6 @@ "id": "pe-17_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-17c.", @@ -86392,23 +73395,6 @@ "id": "pe-17_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-17d.", @@ -86520,6 +73506,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-18", + "class": "zero-padded" + }, { "name": "label", "value": "PE-18" @@ -86565,13 +73556,6 @@ { "id": "pe-18_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Position system components within the facility to minimize potential damage from {{ insert: param, pe-18_odp }} and to minimize the opportunity for unauthorized access." }, { @@ -86583,23 +73567,6 @@ "id": "pe-18_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-18", @@ -86789,6 +73756,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-01", + "class": "zero-padded" + }, { "name": "label", "value": "PL-1" @@ -86860,12 +73832,6 @@ "id": "pl-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -86925,11 +73891,6 @@ "id": "pl-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -86941,12 +73902,6 @@ "id": "pl-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -87011,23 +73966,6 @@ "id": "pl-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[01]", @@ -87046,23 +73984,6 @@ "id": "pl-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[02]", @@ -87081,17 +74002,6 @@ "id": "pl-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[03]", @@ -87110,17 +74020,6 @@ "id": "pl-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[04]", @@ -87150,17 +74049,6 @@ "id": "pl-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.01(a)", @@ -87306,17 +74194,6 @@ "id": "pl-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.01(b)", @@ -87351,23 +74228,6 @@ "id": "pl-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01b.", @@ -87397,23 +74257,6 @@ "id": "pl-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01c.01", @@ -87469,23 +74312,6 @@ "id": "pl-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01c.02", @@ -87648,6 +74474,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-02", + "class": "zero-padded" + }, { "name": "label", "value": "PL-2" @@ -87851,11 +74682,6 @@ "id": "pl-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -88034,11 +74860,6 @@ "id": "pl-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -88050,11 +74871,6 @@ "id": "pl-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -88066,11 +74882,6 @@ "id": "pl-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -88082,11 +74893,6 @@ "id": "pl-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -88138,57 +74944,6 @@ "id": "pl-2_obj.a.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.01[01]", @@ -88207,57 +74962,6 @@ "id": "pl-2_obj.a.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.01[02]", @@ -88405,17 +75109,6 @@ "id": "pl-2_obj.a.4-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.04[01]", @@ -88434,17 +75127,6 @@ "id": "pl-2_obj.a.4-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.04[02]", @@ -88471,17 +75153,6 @@ "id": "pl-2_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.05", @@ -88537,17 +75208,6 @@ "id": "pl-2_obj.a.6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.06", @@ -88603,17 +75263,6 @@ "id": "pl-2_obj.a.7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.07", @@ -88669,17 +75318,6 @@ "id": "pl-2_obj.a.8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.08", @@ -88735,23 +75373,6 @@ "id": "pl-2_obj.a.9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.09", @@ -88818,17 +75439,6 @@ "id": "pl-2_obj.a.10-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.10[01]", @@ -88847,17 +75457,6 @@ "id": "pl-2_obj.a.10-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.10[02]", @@ -88884,17 +75483,6 @@ "id": "pl-2_obj.a.11", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.11", @@ -88961,17 +75549,6 @@ "id": "pl-2_obj.a.12-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.12[01]", @@ -88990,17 +75567,6 @@ "id": "pl-2_obj.a.12-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.12[02]", @@ -89038,23 +75604,6 @@ "id": "pl-2_obj.a.13-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.13[01]", @@ -89073,23 +75622,6 @@ "id": "pl-2_obj.a.13-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.13[02]", @@ -89127,23 +75659,6 @@ "id": "pl-2_obj.a.14-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.14[01]", @@ -89162,23 +75677,6 @@ "id": "pl-2_obj.a.14-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.14[02]", @@ -89216,23 +75714,6 @@ "id": "pl-2_obj.a.15-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.15[01]", @@ -89251,23 +75732,6 @@ "id": "pl-2_obj.a.15-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.15[02]", @@ -89302,23 +75766,6 @@ "id": "pl-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02b.", @@ -89374,23 +75821,6 @@ "id": "pl-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02c.", @@ -89409,23 +75839,6 @@ "id": "pl-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02d.", @@ -89499,23 +75912,6 @@ "id": "pl-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02e.", @@ -89688,6 +76084,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-04", + "class": "zero-padded" + }, { "name": "label", "value": "PL-4" @@ -89807,11 +76208,6 @@ "id": "pl-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -89823,11 +76219,6 @@ "id": "pl-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -89839,11 +76230,6 @@ "id": "pl-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -89855,11 +76241,6 @@ "id": "pl-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -89889,23 +76270,6 @@ "id": "pl-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04a.", @@ -89961,23 +76325,6 @@ "id": "pl-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04b.", @@ -89996,23 +76343,6 @@ "id": "pl-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-04c.", @@ -90031,23 +76361,6 @@ "id": "pl-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-04d.", @@ -90143,6 +76456,11 @@ "class": "SP800-53-enhancement", "title": "Social Media and External Site/Application Usage Restrictions", "props": [ + { + "name": "label", + "value": "PL-04(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PL-4(1)" @@ -90191,11 +76509,6 @@ "id": "pl-4.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -90207,11 +76520,6 @@ "id": "pl-4.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -90223,11 +76531,6 @@ "id": "pl-4.1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -90257,23 +76560,6 @@ "id": "pl-4.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04(01)(a)", @@ -90292,23 +76578,6 @@ "id": "pl-4.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04(01)(b)", @@ -90327,23 +76596,6 @@ "id": "pl-4.1_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04(01)(c)", @@ -90457,6 +76709,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-08", + "class": "zero-padded" + }, { "name": "label", "value": "PL-8" @@ -90556,11 +76813,6 @@ "id": "pl-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -90618,11 +76870,6 @@ "id": "pl-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -90634,11 +76881,6 @@ "id": "pl-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -90697,23 +76939,6 @@ "id": "pl-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.01", @@ -90732,23 +76957,6 @@ "id": "pl-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.02", @@ -90767,17 +76975,6 @@ "id": "pl-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.03", @@ -90833,17 +77030,6 @@ "id": "pl-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.04", @@ -90907,23 +77093,6 @@ "id": "pl-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-08b.", @@ -90953,23 +77122,6 @@ "id": "pl-8_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[01]", @@ -90988,23 +77140,6 @@ "id": "pl-8_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[02]", @@ -91023,23 +77158,6 @@ "id": "pl-8_obj.c-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[03]", @@ -91058,23 +77176,6 @@ "id": "pl-8_obj.c-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[04]", @@ -91093,23 +77194,6 @@ "id": "pl-8_obj.c-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[05]", @@ -91128,23 +77212,6 @@ "id": "pl-8_obj.c-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[06]", @@ -91248,217 +77315,23 @@ "class": "SP800-53", "title": "Baseline Selection", "props": [ - { - "name": "label", - "value": "PL-10" - }, { "name": "label", "value": "PL-10", - "class": "sp800-53a" - }, - { - "name": "sort-id", - "value": "pl-10" - }, - { - "name": "implementation-level", - "ns": "http://csrc.nist.gov/ns/rmf", - "value": "organization" - } - ], - "links": [ - { - "href": "#628d22a1-6a11-4784-bc59-5cd9497b5445", - "rel": "reference" - }, - { - "href": "#599fb53d-5041-444e-a7fe-640d6d30ad05", - "rel": "reference" - }, - { - "href": "#08b07465-dbdc-48d6-8a0b-37279602ac16", - "rel": "reference" - }, - { - "href": "#482e4c99-9dc4-41ad-bba8-0f3f0032c1f8", - "rel": "reference" - }, - { - "href": "#cec037f3-8aba-4c97-84b4-4082f9e515d2", - "rel": "reference" - }, - { - "href": "#46d9e201-840e-440e-987c-2c773333c752", - "rel": "reference" - }, - { - "href": "#e72fde0b-6fc2-497e-a9db-d8fce5a11b8a", - "rel": "reference" - }, - { - "href": "#9be5d661-421f-41ad-854e-86f98b811891", - "rel": "reference" - }, - { - "href": "#e3cc0520-a366-4fc9-abc2-5272db7e3564", - "rel": "reference" - }, - { - "href": "#4e4fbc93-333d-45e6-a875-de36b878b6b9", - "rel": "reference" - }, - { - "href": "#pl-2", - "rel": "related" - }, - { - "href": "#pl-11", - "rel": "related" - }, - { - "href": "#ra-2", - "rel": "related" + "class": "zero-padded" }, - { - "href": "#ra-3", - "rel": "related" - }, - { - "href": "#sa-8", - "rel": "related" - } - ], - "parts": [ - { - "id": "pl-10_smt", - "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], - "prose": "Select a control baseline for the system.", - "parts": [ - { - "id": "pl-10_fr", - "name": "item", - "title": "PL-10 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pl-10_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Select the appropriate FedRAMP Baseline" - } - ] - } - ] - }, - { - "id": "pl-10_gdn", - "name": "guidance", - "prose": "Control baselines are predefined sets of controls specifically assembled to address the protection needs of a group, organization, or community of interest. Controls are chosen for baselines to either satisfy mandates imposed by laws, executive orders, directives, regulations, policies, standards, and guidelines or address threats common to all users of the baseline under the assumptions specific to the baseline. Baselines represent a starting point for the protection of individuals\u2019 privacy, information, and information systems with subsequent tailoring actions to manage risk in accordance with mission, business, or other constraints (see [PL-11](#pl-11) ). Federal control baselines are provided in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) . The selection of a control baseline is determined by the needs of stakeholders. Stakeholder needs consider mission and business requirements as well as mandates imposed by applicable laws, executive orders, directives, policies, regulations, standards, and guidelines. For example, the control baselines in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) are based on the requirements from [FISMA](#0c67b2a9-bede-43d2-b86d-5f35b8be36e9) and [PRIVACT](#18e71fec-c6fd-475a-925a-5d8495cf8455) . The requirements, along with the NIST standards and guidelines implementing the legislation, direct organizations to select one of the control baselines after the reviewing the information types and the information that is processed, stored, and transmitted on the system; analyzing the potential adverse impact of the loss or compromise of the information or system on the organization\u2019s operations and assets, individuals, other organizations, or the Nation; and considering the results from system and organizational risk assessments. [CNSSI 1253](#4e4fbc93-333d-45e6-a875-de36b878b6b9) provides guidance on control baselines for national security systems." - }, - { - "id": "pl-10_obj", - "name": "assessment-objective", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "label", - "value": "PL-10", - "class": "sp800-53a" - } - ], - "prose": "a control baseline for the system is selected.", - "links": [ - { - "href": "#pl-10_smt", - "rel": "assessment-for" - } - ] - }, - { - "id": "pl-10_asm-examine", - "name": "assessment-method", - "props": [ - { - "name": "method", - "ns": "http://csrc.nist.gov/ns/rmf", - "value": "EXAMINE" - }, - { - "name": "label", - "value": "PL-10-Examine", - "class": "sp800-53a" - } - ], - "parts": [ - { - "name": "assessment-objects", - "prose": "Security and privacy planning policy\n\nprocedures addressing system security and privacy plan development and implementation\n\nprocedures addressing system security and privacy plan reviews and updates\n\nsystem design documentation\n\nsystem architecture and configuration documentation\n\nsystem categorization decision\n\ninformation types stored, transmitted, and processed by the system\n\nsystem element/component information\n\nstakeholder needs analysis\n\nlist of security and privacy requirements allocated to the system, system elements, and environment of operation\n\nlist of contractual requirements allocated to external providers of the system or system element\n\nbusiness impact analysis or criticality analysis\n\nrisk assessments\n\nrisk management strategy\n\norganizational security and privacy policy\n\nfederal or organization-approved or mandated baselines or overlays\n\nsystem security plan\n\nprivacy plan\n\nother relevant documents or records" - } - ] - }, - { - "id": "pl-10_asm-interview", - "name": "assessment-method", - "props": [ - { - "name": "method", - "ns": "http://csrc.nist.gov/ns/rmf", - "value": "INTERVIEW" - }, - { - "name": "label", - "value": "PL-10-Interview", - "class": "sp800-53a" - } - ], - "parts": [ - { - "name": "assessment-objects", - "prose": "Organizational personnel with security and privacy planning and plan implementation responsibilities\n\norganizational personnel with information security and privacy responsibilities\n\norganizational personnel with responsibility for organizational risk management activities" - } - ] - } - ] - }, - { - "id": "pl-11", - "class": "SP800-53", - "title": "Baseline Tailoring", - "props": [ { "name": "label", - "value": "PL-11" + "value": "PL-10" }, { "name": "label", - "value": "PL-11", + "value": "PL-10", "class": "sp800-53a" }, { "name": "sort-id", - "value": "pl-11" + "value": "pl-10" }, { "name": "implementation-level", @@ -91508,19 +77381,19 @@ "rel": "reference" }, { - "href": "#pl-10", + "href": "#pl-2", "rel": "related" }, { - "href": "#ra-2", + "href": "#pl-11", "rel": "related" }, { - "href": "#ra-3", + "href": "#ra-2", "rel": "related" }, { - "href": "#ra-9", + "href": "#ra-3", "rel": "related" }, { @@ -91530,43 +77403,205 @@ ], "parts": [ { - "id": "pl-11_smt", + "id": "pl-10_smt", "name": "statement", - "props": [ + "prose": "Select a control baseline for the system.", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "pl-10_fr", + "name": "item", + "title": "PL-10 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pl-10_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Select the appropriate FedRAMP Baseline" + } + ] } - ], - "prose": "Tailor the selected control baseline by applying specified tailoring actions." + ] }, { - "id": "pl-11_gdn", + "id": "pl-10_gdn", "name": "guidance", - "prose": "The concept of tailoring allows organizations to specialize or customize a set of baseline controls by applying a defined set of tailoring actions. Tailoring actions facilitate such specialization and customization by allowing organizations to develop security and privacy plans that reflect their specific mission and business functions, the environments where their systems operate, the threats and vulnerabilities that can affect their systems, and any other conditions or situations that can impact their mission or business success. Tailoring guidance is provided in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) . Tailoring a control baseline is accomplished by identifying and designating common controls, applying scoping considerations, selecting compensating controls, assigning values to control parameters, supplementing the control baseline with additional controls as needed, and providing information for control implementation. The general tailoring actions in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) can be supplemented with additional actions based on the needs of organizations. Tailoring actions can be applied to the baselines in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) in accordance with the security and privacy requirements from [FISMA](#0c67b2a9-bede-43d2-b86d-5f35b8be36e9), [PRIVACT](#18e71fec-c6fd-475a-925a-5d8495cf8455) , and [OMB A-130](#27847491-5ce1-4f6a-a1e4-9e483782f0ef) . Alternatively, other communities of interest adopting different control baselines can apply the tailoring actions in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) to specialize or customize the controls that represent the specific needs and concerns of those entities." + "prose": "Control baselines are predefined sets of controls specifically assembled to address the protection needs of a group, organization, or community of interest. Controls are chosen for baselines to either satisfy mandates imposed by laws, executive orders, directives, regulations, policies, standards, and guidelines or address threats common to all users of the baseline under the assumptions specific to the baseline. Baselines represent a starting point for the protection of individuals\u2019 privacy, information, and information systems with subsequent tailoring actions to manage risk in accordance with mission, business, or other constraints (see [PL-11](#pl-11) ). Federal control baselines are provided in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) . The selection of a control baseline is determined by the needs of stakeholders. Stakeholder needs consider mission and business requirements as well as mandates imposed by applicable laws, executive orders, directives, policies, regulations, standards, and guidelines. For example, the control baselines in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) are based on the requirements from [FISMA](#0c67b2a9-bede-43d2-b86d-5f35b8be36e9) and [PRIVACT](#18e71fec-c6fd-475a-925a-5d8495cf8455) . The requirements, along with the NIST standards and guidelines implementing the legislation, direct organizations to select one of the control baselines after the reviewing the information types and the information that is processed, stored, and transmitted on the system; analyzing the potential adverse impact of the loss or compromise of the information or system on the organization\u2019s operations and assets, individuals, other organizations, or the Nation; and considering the results from system and organizational risk assessments. [CNSSI 1253](#4e4fbc93-333d-45e6-a875-de36b878b6b9) provides guidance on control baselines for national security systems." }, { - "id": "pl-11_obj", + "id": "pl-10_obj", "name": "assessment-objective", "props": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, + "name": "label", + "value": "PL-10", + "class": "sp800-53a" + } + ], + "prose": "a control baseline for the system is selected.", + "links": [ + { + "href": "#pl-10_smt", + "rel": "assessment-for" + } + ] + }, + { + "id": "pl-10_asm-examine", + "name": "assessment-method", + "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" + "ns": "http://csrc.nist.gov/ns/rmf", + "value": "EXAMINE" }, + { + "name": "label", + "value": "PL-10-Examine", + "class": "sp800-53a" + } + ], + "parts": [ + { + "name": "assessment-objects", + "prose": "Security and privacy planning policy\n\nprocedures addressing system security and privacy plan development and implementation\n\nprocedures addressing system security and privacy plan reviews and updates\n\nsystem design documentation\n\nsystem architecture and configuration documentation\n\nsystem categorization decision\n\ninformation types stored, transmitted, and processed by the system\n\nsystem element/component information\n\nstakeholder needs analysis\n\nlist of security and privacy requirements allocated to the system, system elements, and environment of operation\n\nlist of contractual requirements allocated to external providers of the system or system element\n\nbusiness impact analysis or criticality analysis\n\nrisk assessments\n\nrisk management strategy\n\norganizational security and privacy policy\n\nfederal or organization-approved or mandated baselines or overlays\n\nsystem security plan\n\nprivacy plan\n\nother relevant documents or records" + } + ] + }, + { + "id": "pl-10_asm-interview", + "name": "assessment-method", + "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" + "ns": "http://csrc.nist.gov/ns/rmf", + "value": "INTERVIEW" }, + { + "name": "label", + "value": "PL-10-Interview", + "class": "sp800-53a" + } + ], + "parts": [ + { + "name": "assessment-objects", + "prose": "Organizational personnel with security and privacy planning and plan implementation responsibilities\n\norganizational personnel with information security and privacy responsibilities\n\norganizational personnel with responsibility for organizational risk management activities" + } + ] + } + ] + }, + { + "id": "pl-11", + "class": "SP800-53", + "title": "Baseline Tailoring", + "props": [ + { + "name": "label", + "value": "PL-11", + "class": "zero-padded" + }, + { + "name": "label", + "value": "PL-11" + }, + { + "name": "label", + "value": "PL-11", + "class": "sp800-53a" + }, + { + "name": "sort-id", + "value": "pl-11" + }, + { + "name": "implementation-level", + "ns": "http://csrc.nist.gov/ns/rmf", + "value": "organization" + } + ], + "links": [ + { + "href": "#628d22a1-6a11-4784-bc59-5cd9497b5445", + "rel": "reference" + }, + { + "href": "#599fb53d-5041-444e-a7fe-640d6d30ad05", + "rel": "reference" + }, + { + "href": "#08b07465-dbdc-48d6-8a0b-37279602ac16", + "rel": "reference" + }, + { + "href": "#482e4c99-9dc4-41ad-bba8-0f3f0032c1f8", + "rel": "reference" + }, + { + "href": "#cec037f3-8aba-4c97-84b4-4082f9e515d2", + "rel": "reference" + }, + { + "href": "#46d9e201-840e-440e-987c-2c773333c752", + "rel": "reference" + }, + { + "href": "#e72fde0b-6fc2-497e-a9db-d8fce5a11b8a", + "rel": "reference" + }, + { + "href": "#9be5d661-421f-41ad-854e-86f98b811891", + "rel": "reference" + }, + { + "href": "#e3cc0520-a366-4fc9-abc2-5272db7e3564", + "rel": "reference" + }, + { + "href": "#4e4fbc93-333d-45e6-a875-de36b878b6b9", + "rel": "reference" + }, + { + "href": "#pl-10", + "rel": "related" + }, + { + "href": "#ra-2", + "rel": "related" + }, + { + "href": "#ra-3", + "rel": "related" + }, + { + "href": "#ra-9", + "rel": "related" + }, + { + "href": "#sa-8", + "rel": "related" + } + ], + "parts": [ + { + "id": "pl-11_smt", + "name": "statement", + "prose": "Tailor the selected control baseline by applying specified tailoring actions." + }, + { + "id": "pl-11_gdn", + "name": "guidance", + "prose": "The concept of tailoring allows organizations to specialize or customize a set of baseline controls by applying a defined set of tailoring actions. Tailoring actions facilitate such specialization and customization by allowing organizations to develop security and privacy plans that reflect their specific mission and business functions, the environments where their systems operate, the threats and vulnerabilities that can affect their systems, and any other conditions or situations that can impact their mission or business success. Tailoring guidance is provided in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) . Tailoring a control baseline is accomplished by identifying and designating common controls, applying scoping considerations, selecting compensating controls, assigning values to control parameters, supplementing the control baseline with additional controls as needed, and providing information for control implementation. The general tailoring actions in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) can be supplemented with additional actions based on the needs of organizations. Tailoring actions can be applied to the baselines in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) in accordance with the security and privacy requirements from [FISMA](#0c67b2a9-bede-43d2-b86d-5f35b8be36e9), [PRIVACT](#18e71fec-c6fd-475a-925a-5d8495cf8455) , and [OMB A-130](#27847491-5ce1-4f6a-a1e4-9e483782f0ef) . Alternatively, other communities of interest adopting different control baselines can apply the tailoring actions in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) to specialize or customize the controls that represent the specific needs and concerns of those entities." + }, + { + "id": "pl-11_obj", + "name": "assessment-objective", + "props": [ { "name": "label", "value": "PL-11", @@ -91734,6 +77769,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-01", + "class": "zero-padded" + }, { "name": "label", "value": "PS-1" @@ -91797,12 +77837,6 @@ "id": "ps-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -91862,11 +77896,6 @@ "id": "ps-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -91878,12 +77907,6 @@ "id": "ps-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -91948,23 +77971,6 @@ "id": "ps-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[01]", @@ -91983,23 +77989,6 @@ "id": "ps-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[02]", @@ -92018,17 +78007,6 @@ "id": "ps-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[03]", @@ -92047,17 +78025,6 @@ "id": "ps-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[04]", @@ -92087,17 +78054,6 @@ "id": "ps-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.01(a)", @@ -92243,17 +78199,6 @@ "id": "ps-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.01(b)", @@ -92288,23 +78233,6 @@ "id": "ps-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01b.", @@ -92334,23 +78262,6 @@ "id": "ps-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01c.01", @@ -92406,23 +78317,6 @@ "id": "ps-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01c.02", @@ -92557,6 +78451,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-02", + "class": "zero-padded" + }, { "name": "label", "value": "PS-2" @@ -92635,11 +78534,6 @@ "id": "ps-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -92651,11 +78545,6 @@ "id": "ps-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -92667,11 +78556,6 @@ "id": "ps-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -92701,23 +78585,6 @@ "id": "ps-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-02a.", @@ -92736,23 +78603,6 @@ "id": "ps-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-02b.", @@ -92771,23 +78621,6 @@ "id": "ps-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-02c.", @@ -92912,6 +78745,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-03", + "class": "zero-padded" + }, { "name": "label", "value": "PS-3" @@ -93014,11 +78852,6 @@ "id": "ps-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -93030,11 +78863,6 @@ "id": "ps-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -93064,23 +78892,6 @@ "id": "ps-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03a.", @@ -93099,23 +78910,6 @@ "id": "ps-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03b.", @@ -93253,7 +79047,7 @@ "label": "additional personnel screening criteria", "constraints": [ { - "description": "personnel screening criteria - as required by specific information" + "description": "personnel screening criteria \u2013 as required by specific information" } ], "guidelines": [ @@ -93264,6 +79058,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-03(03)", + "class": "zero-padded" + }, { "name": "label", "value": "PS-3(3)" @@ -93299,11 +79098,6 @@ "id": "ps-3.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -93315,11 +79109,6 @@ "id": "ps-3.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -93349,23 +79138,6 @@ "id": "ps-3.3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03(03)(a)", @@ -93384,23 +79156,6 @@ "id": "ps-3.3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03(03)(b)", @@ -93523,6 +79278,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-04", + "class": "zero-padded" + }, { "name": "label", "value": "PS-4" @@ -93578,11 +79338,6 @@ "id": "ps-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -93594,11 +79349,6 @@ "id": "ps-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -93610,11 +79360,6 @@ "id": "ps-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -93626,11 +79371,6 @@ "id": "ps-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -93642,11 +79382,6 @@ "id": "ps-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -93676,17 +79411,6 @@ "id": "ps-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04a.", @@ -93705,17 +79429,6 @@ "id": "ps-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04b.", @@ -93734,23 +79447,6 @@ "id": "ps-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04c.", @@ -93769,23 +79465,6 @@ "id": "ps-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-04d.", @@ -93804,23 +79483,6 @@ "id": "ps-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04e.", @@ -93951,6 +79613,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-04(02)", + "class": "zero-padded" + }, { "name": "label", "value": "PS-4(2)" @@ -93980,13 +79647,6 @@ { "id": "ps-4.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Use {{ insert: param, ps-04.02_odp.01 }} to {{ insert: param, ps-04.02_odp.02 }}." }, { @@ -93998,23 +79658,6 @@ "id": "ps-4.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04(02)", @@ -94157,6 +79800,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-05", + "class": "zero-padded" + }, { "name": "label", "value": "PS-5" @@ -94211,11 +79859,6 @@ "id": "ps-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -94227,11 +79870,6 @@ "id": "ps-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -94243,11 +79881,6 @@ "id": "ps-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -94259,11 +79892,6 @@ "id": "ps-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -94293,23 +79921,6 @@ "id": "ps-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-05a.", @@ -94328,23 +79939,6 @@ "id": "ps-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-05b.", @@ -94363,17 +79957,6 @@ "id": "ps-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-05c.", @@ -94392,23 +79975,6 @@ "id": "ps-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-05d.", @@ -94534,6 +80100,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-06", + "class": "zero-padded" + }, { "name": "label", "value": "PS-6" @@ -94609,11 +80180,6 @@ "id": "ps-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -94625,11 +80191,6 @@ "id": "ps-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -94641,11 +80202,6 @@ "id": "ps-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -94699,17 +80255,6 @@ "id": "ps-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-06a.", @@ -94728,23 +80273,6 @@ "id": "ps-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-06b.", @@ -94774,23 +80302,6 @@ "id": "ps-6_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-06c.01", @@ -94809,23 +80320,6 @@ "id": "ps-6_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-06c.02", @@ -94959,6 +80453,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-07", + "class": "zero-padded" + }, { "name": "label", "value": "PS-7" @@ -95050,11 +80549,6 @@ "id": "ps-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -95066,11 +80560,6 @@ "id": "ps-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -95082,11 +80571,6 @@ "id": "ps-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -95098,11 +80582,6 @@ "id": "ps-7_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -95114,11 +80593,6 @@ "id": "ps-7_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -95148,23 +80622,6 @@ "id": "ps-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-07a.", @@ -95183,23 +80640,6 @@ "id": "ps-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-07b.", @@ -95218,17 +80658,6 @@ "id": "ps-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-07c.", @@ -95247,23 +80676,6 @@ "id": "ps-7_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-07d.", @@ -95282,23 +80694,6 @@ "id": "ps-7_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-07e.", @@ -95424,6 +80819,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-08", + "class": "zero-padded" + }, { "name": "label", "value": "PS-8" @@ -95470,11 +80870,6 @@ "id": "ps-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -95486,11 +80881,6 @@ "id": "ps-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -95520,23 +80910,6 @@ "id": "ps-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-08a.", @@ -95555,23 +80928,6 @@ "id": "ps-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-08b.", @@ -95667,6 +81023,11 @@ "class": "SP800-53", "title": "Position Descriptions", "props": [ + { + "name": "label", + "value": "PS-09", + "class": "zero-padded" + }, { "name": "label", "value": "PS-9" @@ -95696,13 +81057,6 @@ { "id": "ps-9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Incorporate security and privacy roles and responsibilities into organizational position descriptions." }, { @@ -95714,17 +81068,6 @@ "id": "ps-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-09", @@ -95951,6 +81294,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-01", + "class": "zero-padded" + }, { "name": "label", "value": "RA-1" @@ -96018,12 +81366,6 @@ "id": "ra-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -96083,11 +81425,6 @@ "id": "ra-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -96099,12 +81436,6 @@ "id": "ra-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -96169,23 +81500,6 @@ "id": "ra-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[01]", @@ -96204,23 +81518,6 @@ "id": "ra-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[02]", @@ -96239,17 +81536,6 @@ "id": "ra-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[03]", @@ -96268,17 +81554,6 @@ "id": "ra-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[04]", @@ -96308,17 +81583,6 @@ "id": "ra-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.01(a)", @@ -96464,17 +81728,6 @@ "id": "ra-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.01(b)", @@ -96509,23 +81762,6 @@ "id": "ra-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01b.", @@ -96555,23 +81791,6 @@ "id": "ra-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01c.01", @@ -96627,23 +81846,6 @@ "id": "ra-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01c.02", @@ -96762,6 +81964,11 @@ "class": "SP800-53", "title": "Security Categorization", "props": [ + { + "name": "label", + "value": "RA-02", + "class": "zero-padded" + }, { "name": "label", "value": "RA-2" @@ -96888,11 +82095,6 @@ "id": "ra-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -96904,11 +82106,6 @@ "id": "ra-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -96920,11 +82117,6 @@ "id": "ra-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -96954,17 +82146,6 @@ "id": "ra-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-02a.", @@ -96983,17 +82164,6 @@ "id": "ra-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-02b.", @@ -97012,23 +82182,6 @@ "id": "ra-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-02c.", @@ -97187,6 +82340,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-03", + "class": "zero-padded" + }, { "name": "label", "value": "RA-3" @@ -97354,11 +82512,6 @@ "id": "ra-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -97405,11 +82558,6 @@ "id": "ra-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -97421,11 +82569,6 @@ "id": "ra-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -97437,11 +82580,6 @@ "id": "ra-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -97453,11 +82591,6 @@ "id": "ra-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -97469,11 +82602,6 @@ "id": "ra-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -97543,23 +82671,6 @@ "id": "ra-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03a.01", @@ -97578,23 +82689,6 @@ "id": "ra-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03a.02", @@ -97613,23 +82707,6 @@ "id": "ra-3_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03a.03", @@ -97656,23 +82733,6 @@ "id": "ra-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03b.", @@ -97691,17 +82751,6 @@ "id": "ra-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-03c.", @@ -97720,23 +82769,6 @@ "id": "ra-3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03d.", @@ -97755,23 +82787,6 @@ "id": "ra-3_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03e.", @@ -97790,23 +82805,6 @@ "id": "ra-3_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03f.", @@ -97922,6 +82920,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-03(01)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-3(1)" @@ -97981,11 +82984,6 @@ "id": "ra-3.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -97997,11 +82995,6 @@ "id": "ra-3.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -98031,23 +83024,6 @@ "id": "ra-3.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03(01)(a)", @@ -98066,23 +83042,6 @@ "id": "ra-3.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03(01)(b)", @@ -98233,9 +83192,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "RA-05", + "class": "zero-padded" }, { "name": "label", @@ -98376,11 +83335,6 @@ "id": "ra-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -98392,11 +83346,6 @@ "id": "ra-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -98443,11 +83392,6 @@ "id": "ra-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -98459,11 +83403,6 @@ "id": "ra-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -98475,11 +83414,6 @@ "id": "ra-5_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -98491,11 +83425,6 @@ "id": "ra-5_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -98561,7 +83490,7 @@ "value": "Guidance:" } ], - "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a \\\"warning\\\" as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on \\\"Tracking of Compliance Scans\\\" in FAQs." + "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a \u201cwarning\u201d as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on \u201cTracking of Compliance Scans\u201d in FAQs." } ] } @@ -98587,23 +83516,6 @@ "id": "ra-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05a.", @@ -98659,23 +83571,6 @@ "id": "ra-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.", @@ -98688,23 +83583,6 @@ "id": "ra-5_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.01", @@ -98723,23 +83601,6 @@ "id": "ra-5_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.02", @@ -98758,23 +83619,6 @@ "id": "ra-5_obj.b.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.03", @@ -98801,23 +83645,6 @@ "id": "ra-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05c.", @@ -98836,23 +83663,6 @@ "id": "ra-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05d.", @@ -98871,23 +83681,6 @@ "id": "ra-5_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05e.", @@ -98906,23 +83699,6 @@ "id": "ra-5_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05f.", @@ -99046,9 +83822,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "RA-05(02)", + "class": "zero-padded" }, { "name": "label", @@ -99088,13 +83864,6 @@ { "id": "ra-5.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Update the system vulnerabilities to be scanned {{ insert: param, ra-05.02_odp.01 }}." }, { @@ -99106,23 +83875,6 @@ "id": "ra-5.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(02)", @@ -99211,9 +83963,9 @@ "title": "Breadth and Depth of Coverage", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "RA-05(03)", + "class": "zero-padded" }, { "name": "label", @@ -99249,13 +84001,6 @@ { "id": "ra-5.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Define the breadth and depth of vulnerability scanning coverage." }, { @@ -99267,23 +84012,6 @@ "id": "ra-5.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(03)", @@ -99387,6 +84115,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-05(04)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5(4)" @@ -99429,13 +84162,6 @@ { "id": "ra-5.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Determine information about the system that is discoverable and take {{ insert: param, ra-05.04_odp }}." }, { @@ -99458,23 +84184,6 @@ "id": "ra-5.4_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(04)[01]", @@ -99493,23 +84202,6 @@ "id": "ra-5.4_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(04)[02]", @@ -99635,6 +84327,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-05(05)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5(5)" @@ -99669,13 +84366,6 @@ { "id": "ra-5.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement privileged access authorization to {{ insert: param, ra-05.05_odp.01 }} for {{ insert: param, ra-05.05_odp.02 }}." }, { @@ -99687,23 +84377,6 @@ "id": "ra-5.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(05)", @@ -99811,6 +84484,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-05(08)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5(8)" @@ -99853,13 +84531,6 @@ { "id": "ra-5.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Review historic audit logs to determine if a vulnerability identified in a {{ insert: param, ra-05.08_odp.01 }} has been previously exploited within an {{ insert: param, ra-05.08_odp.02 }}.", "parts": [ { @@ -99891,23 +84562,6 @@ "id": "ra-5.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(08)", @@ -99995,6 +84649,11 @@ "class": "SP800-53-enhancement", "title": "Public Disclosure Program", "props": [ + { + "name": "label", + "value": "RA-05(11)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5(11)" @@ -100029,13 +84688,6 @@ { "id": "ra-5.11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish a public reporting channel for receiving reports of vulnerabilities in organizational systems and system components." }, { @@ -100047,23 +84699,6 @@ "id": "ra-5.11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(11)", @@ -100153,6 +84788,11 @@ "class": "SP800-53", "title": "Risk Response", "props": [ + { + "name": "label", + "value": "RA-07", + "class": "zero-padded" + }, { "name": "label", "value": "RA-7" @@ -100235,13 +84875,6 @@ { "id": "ra-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Respond to findings from security and privacy assessments, monitoring, and audits in accordance with organizational risk tolerance." }, { @@ -100253,23 +84886,6 @@ "id": "ra-7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-07", @@ -100450,6 +85066,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-09", + "class": "zero-padded" + }, { "name": "label", "value": "RA-9" @@ -100523,13 +85144,6 @@ { "id": "ra-9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify critical system components and functions by performing a criticality analysis for {{ insert: param, ra-09_odp.01 }} at {{ insert: param, ra-09_odp.02 }}." }, { @@ -100541,23 +85155,6 @@ "id": "ra-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-09", @@ -100747,6 +85344,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-01", + "class": "zero-padded" + }, { "name": "label", "value": "SA-1" @@ -100822,12 +85424,6 @@ "id": "sa-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -100887,11 +85483,6 @@ "id": "sa-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -100903,12 +85494,6 @@ "id": "sa-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -100973,23 +85558,6 @@ "id": "sa-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[01]", @@ -101008,23 +85576,6 @@ "id": "sa-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[02]", @@ -101043,17 +85594,6 @@ "id": "sa-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[03]", @@ -101072,17 +85612,6 @@ "id": "sa-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[04]", @@ -101112,17 +85641,6 @@ "id": "sa-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.01(a)", @@ -101268,17 +85786,6 @@ "id": "sa-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.01(b)", @@ -101313,23 +85820,6 @@ "id": "sa-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01b.", @@ -101359,23 +85849,6 @@ "id": "sa-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01c.01", @@ -101431,23 +85904,6 @@ "id": "sa-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01c.02", @@ -101566,6 +86022,11 @@ "class": "SP800-53", "title": "Allocation of Resources", "props": [ + { + "name": "label", + "value": "SA-02", + "class": "zero-padded" + }, { "name": "label", "value": "SA-2" @@ -101637,11 +86098,6 @@ "id": "sa-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -101653,11 +86109,6 @@ "id": "sa-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -101669,11 +86120,6 @@ "id": "sa-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -101714,23 +86160,6 @@ "id": "sa-2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02a.[01]", @@ -101749,23 +86178,6 @@ "id": "sa-2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02a.[02]", @@ -101803,23 +86215,6 @@ "id": "sa-2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02b.[01]", @@ -101838,23 +86233,6 @@ "id": "sa-2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02b.[02]", @@ -101892,23 +86270,6 @@ "id": "sa-2_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02c.[01]", @@ -101927,23 +86288,6 @@ "id": "sa-2_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02c.[02]", @@ -102058,6 +86402,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-03", + "class": "zero-padded" + }, { "name": "label", "value": "SA-3" @@ -102173,11 +86522,6 @@ "id": "sa-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -102189,11 +86533,6 @@ "id": "sa-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -102205,11 +86544,6 @@ "id": "sa-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -102221,11 +86555,6 @@ "id": "sa-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -102266,23 +86595,6 @@ "id": "sa-3_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03a.[01]", @@ -102301,23 +86613,6 @@ "id": "sa-3_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03a.[02]", @@ -102355,23 +86650,6 @@ "id": "sa-3_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03b.[01]", @@ -102390,23 +86668,6 @@ "id": "sa-3_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03b.[02]", @@ -102444,23 +86705,6 @@ "id": "sa-3_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03c.[01]", @@ -102479,23 +86723,6 @@ "id": "sa-3_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03c.[02]", @@ -102533,23 +86760,6 @@ "id": "sa-3_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03d.[01]", @@ -102568,23 +86778,6 @@ "id": "sa-3_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03d.[02]", @@ -102709,6 +86902,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-04", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4" @@ -102885,11 +87083,6 @@ "id": "sa-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -102901,11 +87094,6 @@ "id": "sa-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -102917,11 +87105,6 @@ "id": "sa-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -102933,11 +87116,6 @@ "id": "sa-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -102949,11 +87127,6 @@ "id": "sa-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -102965,11 +87138,6 @@ "id": "sa-4_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -102981,11 +87149,6 @@ "id": "sa-4_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -102997,11 +87160,6 @@ "id": "sa-4_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -103013,11 +87171,6 @@ "id": "sa-4_smt.i", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "i." @@ -103087,57 +87240,6 @@ "id": "sa-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04a.[01]", @@ -103156,57 +87258,6 @@ "id": "sa-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04a.[02]", @@ -103233,23 +87284,6 @@ "id": "sa-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04b.", @@ -103378,23 +87412,6 @@ "id": "sa-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04e.", @@ -103450,23 +87467,6 @@ "id": "sa-4_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04f.", @@ -103522,23 +87522,6 @@ "id": "sa-4_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04g.", @@ -103557,23 +87540,6 @@ "id": "sa-4_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04h.", @@ -103647,23 +87613,6 @@ "id": "sa-4_obj.i", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04i.", @@ -103759,6 +87708,11 @@ "class": "SP800-53-enhancement", "title": "Functional Properties of Controls", "props": [ + { + "name": "label", + "value": "SA-04(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(1)" @@ -103793,13 +87747,6 @@ { "id": "sa-4.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require the developer of the system, system component, or system service to provide a description of the functional properties of the controls to be implemented." }, { @@ -103811,23 +87758,6 @@ "id": "sa-4.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(01)", @@ -103953,6 +87883,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-04(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(2)" @@ -103987,13 +87922,6 @@ { "id": "sa-4.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require the developer of the system, system component, or system service to provide design and implementation information for the controls that includes: {{ insert: param, sa-04.02_odp.01 }} at {{ insert: param, sa-04.02_odp.03 }}." }, { @@ -104005,23 +87933,6 @@ "id": "sa-4.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(02)", @@ -104125,6 +88036,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-04(05)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(5)" @@ -104165,11 +88081,6 @@ "id": "sa-4.5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -104181,11 +88092,6 @@ "id": "sa-4.5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -104215,23 +88121,6 @@ "id": "sa-4.5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(05)(a)", @@ -104250,23 +88139,6 @@ "id": "sa-4.5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(05)(b)", @@ -104362,6 +88234,11 @@ "class": "SP800-53-enhancement", "title": "Functions, Ports, Protocols, and Services in Use", "props": [ + { + "name": "label", + "value": "SA-04(09)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(9)" @@ -104404,13 +88281,6 @@ { "id": "sa-4.9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require the developer of the system, system component, or system service to identify the functions, ports, protocols, and services intended for organizational use." }, { @@ -104422,23 +88292,6 @@ "id": "sa-4.9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(09)", @@ -104577,6 +88430,11 @@ "class": "SP800-53-enhancement", "title": "Use of Approved PIV Products", "props": [ + { + "name": "label", + "value": "SA-04(10)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(10)" @@ -104623,13 +88481,6 @@ { "id": "sa-4.10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ only information technology products on the FIPS 201-approved products list for Personal Identity Verification (PIV) capability implemented within organizational systems." }, { @@ -104641,23 +88492,6 @@ "id": "sa-4.10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(10)", @@ -104772,6 +88606,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-05", + "class": "zero-padded" + }, { "name": "label", "value": "SA-5" @@ -104887,11 +88726,6 @@ "id": "sa-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -104938,11 +88772,6 @@ "id": "sa-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -104989,11 +88818,6 @@ "id": "sa-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -105005,11 +88829,6 @@ "id": "sa-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -105050,23 +88869,6 @@ "id": "sa-5_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.01", @@ -105151,23 +88953,6 @@ "id": "sa-5_obj.a.2-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[01]", @@ -105186,23 +88971,6 @@ "id": "sa-5_obj.a.2-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[02]", @@ -105221,23 +88989,6 @@ "id": "sa-5_obj.a.2-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[03]", @@ -105256,23 +89007,6 @@ "id": "sa-5_obj.a.2-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[04]", @@ -105299,23 +89033,6 @@ "id": "sa-5_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.03", @@ -105401,23 +89118,6 @@ "id": "sa-5_obj.b.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[01]", @@ -105436,23 +89136,6 @@ "id": "sa-5_obj.b.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[02]", @@ -105471,23 +89154,6 @@ "id": "sa-5_obj.b.1-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[03]", @@ -105506,23 +89172,6 @@ "id": "sa-5_obj.b.1-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[04]", @@ -105560,23 +89209,6 @@ "id": "sa-5_obj.b.2-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.02[01]", @@ -105595,23 +89227,6 @@ "id": "sa-5_obj.b.2-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.02[02]", @@ -105649,23 +89264,6 @@ "id": "sa-5_obj.b.3-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.03[01]", @@ -105684,23 +89282,6 @@ "id": "sa-5_obj.b.3-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.03[02]", @@ -105746,23 +89327,6 @@ "id": "sa-5_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-05c.[01]", @@ -105781,23 +89345,6 @@ "id": "sa-5_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-05c.[02]", @@ -105824,23 +89371,6 @@ "id": "sa-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-05d.", @@ -105960,6 +89490,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-08", + "class": "zero-padded" + }, { "name": "label", "value": "SA-8" @@ -106102,13 +89637,6 @@ { "id": "sa-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Apply the following systems security and privacy engineering principles in the specification, design, development, implementation, and modification of the system and system components: {{ insert: param, sa-8_prm_1 }}." }, { @@ -106131,23 +89659,6 @@ "id": "sa-8_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[01]", @@ -106166,23 +89677,6 @@ "id": "sa-8_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[02]", @@ -106201,23 +89695,6 @@ "id": "sa-8_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[03]", @@ -106236,23 +89713,6 @@ "id": "sa-8_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[04]", @@ -106271,23 +89731,6 @@ "id": "sa-8_obj-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[05]", @@ -106306,23 +89749,6 @@ "id": "sa-8_obj-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[06]", @@ -106341,23 +89767,6 @@ "id": "sa-8_obj-7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[07]", @@ -106376,23 +89785,6 @@ "id": "sa-8_obj-8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[08]", @@ -106411,23 +89803,6 @@ "id": "sa-8_obj-9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[09]", @@ -106446,23 +89821,6 @@ "id": "sa-8_obj-10", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[10]", @@ -106589,9 +89947,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SA-09", + "class": "zero-padded" }, { "name": "label", @@ -106696,11 +90054,6 @@ "id": "sa-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -106712,11 +90065,6 @@ "id": "sa-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -106728,11 +90076,6 @@ "id": "sa-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -106773,23 +90116,6 @@ "id": "sa-9_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09a.[01]", @@ -106808,23 +90134,6 @@ "id": "sa-9_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09a.[02]", @@ -106843,17 +90152,6 @@ "id": "sa-9_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-09a.[03]", @@ -106891,17 +90189,6 @@ "id": "sa-9_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-09b.[01]", @@ -106920,17 +90207,6 @@ "id": "sa-9_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-09b.[02]", @@ -106957,23 +90233,6 @@ "id": "sa-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-09c.", @@ -107080,6 +90339,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-09(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-9(1)" @@ -107131,11 +90395,6 @@ "id": "sa-9.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -107147,11 +90406,6 @@ "id": "sa-9.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -107181,23 +90435,6 @@ "id": "sa-9.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-09(01)(a)", @@ -107216,23 +90453,6 @@ "id": "sa-9.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-09(01)(b)", @@ -107344,6 +90564,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-09(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-9(2)" @@ -107386,13 +90611,6 @@ { "id": "sa-9.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require providers of the following external system services to identify the functions, ports, protocols, and other services required for the use of such services: {{ insert: param, sa-09.02_odp }}." }, { @@ -107404,23 +90622,6 @@ "id": "sa-9.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09(02)", @@ -107532,6 +90733,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-09(05)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-9(5)" @@ -107574,13 +90780,6 @@ { "id": "sa-9.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Restrict the location of {{ insert: param, sa-09.05_odp.01 }} to {{ insert: param, sa-09.05_odp.02 }} based on {{ insert: param, sa-09.05_odp.03 }}." }, { @@ -107592,23 +90791,6 @@ "id": "sa-9.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09(05)", @@ -107736,6 +90918,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-10", + "class": "zero-padded" + }, { "name": "label", "value": "SA-10" @@ -107848,11 +91035,6 @@ "id": "sa-10_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -107864,11 +91046,6 @@ "id": "sa-10_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -107880,11 +91057,6 @@ "id": "sa-10_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -107896,11 +91068,6 @@ "id": "sa-10_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -107912,11 +91079,6 @@ "id": "sa-10_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -107964,23 +91126,6 @@ "id": "sa-10_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-10a.", @@ -107999,29 +91144,6 @@ "id": "sa-10_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-10b.", @@ -108095,23 +91217,6 @@ "id": "sa-10_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-10c.", @@ -108130,23 +91235,6 @@ "id": "sa-10_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-10d.", @@ -108220,23 +91308,6 @@ "id": "sa-10_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-10e.", @@ -108419,6 +91490,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-11", + "class": "zero-padded" + }, { "name": "label", "value": "SA-11" @@ -108527,11 +91603,6 @@ "id": "sa-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -108543,11 +91614,6 @@ "id": "sa-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -108559,11 +91625,6 @@ "id": "sa-11_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -108575,11 +91636,6 @@ "id": "sa-11_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -108591,11 +91647,6 @@ "id": "sa-11_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -108636,29 +91687,6 @@ "id": "sa-11_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11a.[01]", @@ -108677,29 +91705,6 @@ "id": "sa-11_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11a.[02]", @@ -108718,29 +91723,6 @@ "id": "sa-11_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11a.[03]", @@ -108759,29 +91741,6 @@ "id": "sa-11_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11a.[04]", @@ -108808,23 +91767,6 @@ "id": "sa-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11b.", @@ -108843,23 +91785,6 @@ "id": "sa-11_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11c.", @@ -108915,23 +91840,6 @@ "id": "sa-11_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11d.", @@ -108950,23 +91858,6 @@ "id": "sa-11_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11e.", @@ -109063,9 +91954,9 @@ "title": "Static Code Analysis", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SA-11(01)", + "class": "zero-padded" }, { "name": "label", @@ -109101,13 +91992,6 @@ { "id": "sa-11.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require the developer of the system, system component, or system service to employ static code analysis tools to identify common flaws and document the results of the analysis.", "parts": [ { @@ -109139,23 +92023,6 @@ "id": "sa-11.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(01)", @@ -109344,6 +92211,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-11(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-11(2)" @@ -109396,11 +92268,6 @@ "id": "sa-11.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -109412,11 +92279,6 @@ "id": "sa-11.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -109428,11 +92290,6 @@ "id": "sa-11.2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -109444,11 +92301,6 @@ "id": "sa-11.2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -109489,23 +92341,6 @@ "id": "sa-11.2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(a)[01]", @@ -109524,23 +92359,6 @@ "id": "sa-11.2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(a)[02]", @@ -109559,23 +92377,6 @@ "id": "sa-11.2_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(a)[03]", @@ -109594,23 +92395,6 @@ "id": "sa-11.2_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(a)[04]", @@ -109648,23 +92432,6 @@ "id": "sa-11.2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(b)[01]", @@ -109683,23 +92450,6 @@ "id": "sa-11.2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(b)[02]", @@ -109718,23 +92468,6 @@ "id": "sa-11.2_obj.b-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(b)[03]", @@ -109753,23 +92486,6 @@ "id": "sa-11.2_obj.b-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(b)[04]", @@ -109807,23 +92523,6 @@ "id": "sa-11.2_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(c)[01]", @@ -109842,23 +92541,6 @@ "id": "sa-11.2_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(c)[02]", @@ -109896,23 +92578,6 @@ "id": "sa-11.2_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(d)[01]", @@ -109931,23 +92596,6 @@ "id": "sa-11.2_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(d)[02]", @@ -109966,23 +92614,6 @@ "id": "sa-11.2_obj.d-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(d)[03]", @@ -110001,23 +92632,6 @@ "id": "sa-11.2_obj.d-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(d)[04]", @@ -110166,6 +92780,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-15", + "class": "zero-padded" + }, { "name": "label", "value": "SA-15" @@ -110253,11 +92872,6 @@ "id": "sa-15_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -110315,11 +92929,6 @@ "id": "sa-15_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -110371,23 +92980,6 @@ "id": "sa-15_obj.a.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.01[01]", @@ -110406,23 +92998,6 @@ "id": "sa-15_obj.a.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.01[02]", @@ -110449,23 +93024,6 @@ "id": "sa-15_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.02", @@ -110521,23 +93079,6 @@ "id": "sa-15_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.03", @@ -110593,29 +93134,6 @@ "id": "sa-15_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.04", @@ -110653,23 +93171,6 @@ "id": "sa-15_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15b.[01]", @@ -110688,23 +93189,6 @@ "id": "sa-15_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15b.[02]", @@ -110819,6 +93303,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-15(03)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-15(3)" @@ -110863,11 +93352,6 @@ "id": "sa-15.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -110879,11 +93363,6 @@ "id": "sa-15.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -110902,23 +93381,6 @@ "id": "sa-15.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15(03)", @@ -111093,6 +93555,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-16", + "class": "zero-padded" + }, { "name": "label", "value": "SA-16" @@ -111143,13 +93610,6 @@ { "id": "sa-16_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require the developer of the system, system component, or system service to provide the following training on the correct use and operation of the implemented security and privacy functions, controls, and/or mechanisms: {{ insert: param, sa-16_odp }}." }, { @@ -111161,23 +93621,6 @@ "id": "sa-16_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-16", @@ -111243,6 +93686,11 @@ "class": "SP800-53", "title": "Developer Security and Privacy Architecture and Design", "props": [ + { + "name": "label", + "value": "SA-17", + "class": "zero-padded" + }, { "name": "label", "value": "SA-17" @@ -111319,11 +93767,6 @@ "id": "sa-17_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -111335,11 +93778,6 @@ "id": "sa-17_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -111351,11 +93789,6 @@ "id": "sa-17_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -111396,23 +93829,6 @@ "id": "sa-17_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-17(a)[01]", @@ -111431,23 +93847,6 @@ "id": "sa-17_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-17(a)[02]", @@ -111485,23 +93884,6 @@ "id": "sa-17_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-17(b)[01]", @@ -111520,23 +93902,6 @@ "id": "sa-17_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-17(b)[02]", @@ -111574,23 +93939,6 @@ "id": "sa-17_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-17(c)[01]", @@ -111609,23 +93957,6 @@ "id": "sa-17_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-17(c)[02]", @@ -111736,6 +94067,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-21", + "class": "zero-padded" + }, { "name": "label", "value": "SA-21" @@ -111796,11 +94132,6 @@ "id": "sa-21_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -111812,11 +94143,6 @@ "id": "sa-21_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -111846,23 +94172,6 @@ "id": "sa-21_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-21a.", @@ -111881,23 +94190,6 @@ "id": "sa-21_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-21b.", @@ -112014,6 +94306,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-22", + "class": "zero-padded" + }, { "name": "label", "value": "SA-22" @@ -112057,11 +94354,6 @@ "id": "sa-22_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -112073,11 +94365,6 @@ "id": "sa-22_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -112107,23 +94394,6 @@ "id": "sa-22_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-22a.", @@ -112142,23 +94412,6 @@ "id": "sa-22_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-22b.", @@ -112356,6 +94609,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-01", + "class": "zero-padded" + }, { "name": "label", "value": "SC-1" @@ -112419,12 +94677,6 @@ "id": "sc-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -112484,11 +94736,6 @@ "id": "sc-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -112500,12 +94747,6 @@ "id": "sc-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -112570,23 +94811,6 @@ "id": "sc-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[01]", @@ -112605,23 +94829,6 @@ "id": "sc-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[02]", @@ -112640,17 +94847,6 @@ "id": "sc-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[03]", @@ -112669,17 +94865,6 @@ "id": "sc-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[04]", @@ -112709,17 +94894,6 @@ "id": "sc-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.01(a)", @@ -112865,17 +95039,6 @@ "id": "sc-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.01(b)", @@ -112910,23 +95073,6 @@ "id": "sc-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01b.", @@ -112956,23 +95102,6 @@ "id": "sc-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01c.01", @@ -113028,23 +95157,6 @@ "id": "sc-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01c.02", @@ -113163,6 +95275,11 @@ "class": "SP800-53", "title": "Separation of System and User Functionality", "props": [ + { + "name": "label", + "value": "SC-02", + "class": "zero-padded" + }, { "name": "label", "value": "SC-2" @@ -113225,13 +95342,6 @@ { "id": "sc-2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Separate user functionality, including user interface services, from system management functionality." }, { @@ -113243,23 +95353,6 @@ "id": "sc-2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-02", @@ -113347,6 +95440,11 @@ "class": "SP800-53", "title": "Security Function Isolation", "props": [ + { + "name": "label", + "value": "SC-03", + "class": "zero-padded" + }, { "name": "label", "value": "SC-3" @@ -113437,13 +95535,6 @@ { "id": "sc-3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Isolate security functions from nonsecurity functions." }, { @@ -113455,23 +95546,6 @@ "id": "sc-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-03", @@ -113559,6 +95633,11 @@ "class": "SP800-53", "title": "Information in Shared System Resources", "props": [ + { + "name": "label", + "value": "SC-04", + "class": "zero-padded" + }, { "name": "label", "value": "SC-4" @@ -113596,13 +95675,6 @@ { "id": "sc-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent unauthorized and unintended information transfer via shared system resources." }, { @@ -113614,23 +95686,6 @@ "id": "sc-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-04", @@ -113794,6 +95849,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-05", + "class": "zero-padded" + }, { "name": "label", "value": "SC-5" @@ -113848,11 +95908,6 @@ "id": "sc-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -113864,11 +95919,6 @@ "id": "sc-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -113898,23 +95948,6 @@ "id": "sc-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-05a.", @@ -113933,17 +95966,6 @@ "id": "sc-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-05b.", @@ -114051,9 +96073,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07", + "class": "zero-padded" }, { "name": "label", @@ -114209,11 +96231,6 @@ "id": "sc-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -114225,11 +96242,6 @@ "id": "sc-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -114241,11 +96253,6 @@ "id": "sc-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -114304,23 +96311,6 @@ "id": "sc-7_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[01]", @@ -114339,23 +96329,6 @@ "id": "sc-7_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[02]", @@ -114374,23 +96347,6 @@ "id": "sc-7_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[03]", @@ -114409,23 +96365,6 @@ "id": "sc-7_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[04]", @@ -114452,29 +96391,6 @@ "id": "sc-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07b.", @@ -114493,29 +96409,6 @@ "id": "sc-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07c.", @@ -114612,9 +96505,9 @@ "title": "Access Points", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(03)", + "class": "zero-padded" }, { "name": "label", @@ -114645,13 +96538,6 @@ { "id": "sc-7.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Limit the number of external network connections to the system." }, { @@ -114663,29 +96549,6 @@ "id": "sc-7.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(03)", @@ -114790,9 +96653,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(04)", + "class": "zero-padded" }, { "name": "label", @@ -114848,11 +96711,6 @@ "id": "sc-7.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -114864,11 +96722,6 @@ "id": "sc-7.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -114880,11 +96733,6 @@ "id": "sc-7.4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -114896,11 +96744,6 @@ "id": "sc-7.4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -114912,11 +96755,6 @@ "id": "sc-7.4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(e)" @@ -114928,11 +96766,6 @@ "id": "sc-7.4_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(f)" @@ -114944,11 +96777,6 @@ "id": "sc-7.4_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(g)" @@ -114960,11 +96788,6 @@ "id": "sc-7.4_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(h)" @@ -114994,29 +96817,6 @@ "id": "sc-7.4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(a)", @@ -115035,23 +96835,6 @@ "id": "sc-7.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(b)", @@ -115070,23 +96853,6 @@ "id": "sc-7.4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(c)", @@ -115142,23 +96908,6 @@ "id": "sc-7.4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(d)", @@ -115177,23 +96926,6 @@ "id": "sc-7.4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(e)", @@ -115249,29 +96981,6 @@ "id": "sc-7.4_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(f)", @@ -115290,29 +96999,6 @@ "id": "sc-7.4_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(g)", @@ -115331,29 +97017,6 @@ "id": "sc-7.4_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(h)", @@ -115476,9 +97139,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(05)", + "class": "zero-padded" }, { "name": "label", @@ -115509,13 +97172,6 @@ { "id": "sc-7.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Deny network communications traffic by default and allow network communications traffic by exception {{ insert: param, sc-07.05_odp.01 }}.", "parts": [ { @@ -115547,29 +97203,6 @@ "id": "sc-7.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(05)", @@ -115706,9 +97339,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(07)", + "class": "zero-padded" }, { "name": "label", @@ -115739,13 +97372,6 @@ { "id": "sc-7.7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent split tunneling for remote devices connecting to organizational systems unless the split tunnel is securely provisioned using {{ insert: param, sc-07.07_odp }}." }, { @@ -115757,29 +97383,6 @@ "id": "sc-7.7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(07)", @@ -115893,9 +97496,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(08)", + "class": "zero-padded" }, { "name": "label", @@ -115930,13 +97533,6 @@ { "id": "sc-7.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Route {{ insert: param, sc-07.08_odp.01 }} to {{ insert: param, sc-07.08_odp.02 }} through authenticated proxy servers at managed interfaces." }, { @@ -115948,29 +97544,6 @@ "id": "sc-7.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(08)", @@ -116069,6 +97642,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-07(10)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-7(10)" @@ -116115,11 +97693,6 @@ "id": "sc-7.10_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -116131,11 +97704,6 @@ "id": "sc-7.10_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -116165,29 +97733,6 @@ "id": "sc-7.10_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(10)(a)", @@ -116206,23 +97751,6 @@ "id": "sc-7.10_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(10)(b)", @@ -116344,9 +97872,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(12)", + "class": "zero-padded" }, { "name": "label", @@ -116377,13 +97905,6 @@ { "id": "sc-7.12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement {{ insert: param, sc-07.12_odp.01 }} at {{ insert: param, sc-07.12_odp.02 }}." }, { @@ -116395,29 +97916,6 @@ "id": "sc-7.12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(12)", @@ -116506,9 +98004,9 @@ "title": "Fail Secure", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(18)", + "class": "zero-padded" }, { "name": "label", @@ -116556,13 +98054,6 @@ { "id": "sc-7.18_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent systems from entering unsecure states in the event of an operational failure of a boundary protection device." }, { @@ -116574,29 +98065,6 @@ "id": "sc-7.18_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(18)", @@ -116696,9 +98164,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(20)", + "class": "zero-padded" }, { "name": "label", @@ -116729,13 +98197,6 @@ { "id": "sc-7.20_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide the capability to dynamically isolate {{ insert: param, sc-07.20_odp }} from other system components." }, { @@ -116747,29 +98208,6 @@ "id": "sc-7.20_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(20)", @@ -116878,9 +98316,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(21)", + "class": "zero-padded" }, { "name": "label", @@ -116925,13 +98363,6 @@ { "id": "sc-7.21_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ boundary protection mechanisms to isolate {{ insert: param, sc-07.21_odp.01 }} supporting {{ insert: param, sc-07.21_odp.02 }}." }, { @@ -116943,29 +98374,6 @@ "id": "sc-7.21_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(21)", @@ -117073,9 +98481,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-08", + "class": "zero-padded" }, { "name": "label", @@ -117194,13 +98602,6 @@ { "id": "sc-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the {{ insert: param, sc-08_odp }} of transmitted information.", "parts": [ { @@ -117217,7 +98618,7 @@ "value": "Guidance:" } ], - "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n\n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work - e.g. log collection, scanning, etc.\n\n\n\n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters\n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information]" + "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n\n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work \u2013 e.g. log collection, scanning, etc.\n\n\n\n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters\n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information]" }, { "id": "sc-8_fr_gdn.2", @@ -117228,7 +98629,7 @@ "value": "Guidance:" } ], - "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n\n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n\n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS's Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS' recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n\n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n\n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n\n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf" + "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n\n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n\n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS\u2019s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS\u2019 recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n\n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n\n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n\n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf" } ] } @@ -117243,29 +98644,6 @@ "id": "sc-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-08", @@ -117370,6 +98748,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-8(1)" @@ -117407,13 +98790,6 @@ { "id": "sc-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to {{ insert: param, sc-08.01_odp }} during transmission.", "parts": [ { @@ -117478,29 +98854,6 @@ "id": "sc-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-08(01)", @@ -117606,6 +98959,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-10", + "class": "zero-padded" + }, { "name": "label", "value": "SC-10" @@ -117639,13 +98997,6 @@ { "id": "sc-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Terminate the network connection associated with a communications session at the end of the session or after {{ insert: param, sc-10_odp }} of inactivity." }, { @@ -117657,29 +99008,6 @@ "id": "sc-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-10", @@ -117784,9 +99112,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-12", + "class": "zero-padded" }, { "name": "label", @@ -117901,10 +99229,6 @@ "href": "#sc-11", "rel": "related" }, - { - "href": "#sc-12", - "rel": "related" - }, { "href": "#sc-13", "rel": "related" @@ -117938,13 +99262,6 @@ { "id": "sc-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: {{ insert: param, sc-12_odp }}.", "parts": [ { @@ -117998,29 +99315,6 @@ "id": "sc-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-12", @@ -118145,6 +99439,11 @@ "class": "SP800-53-enhancement", "title": "Availability", "props": [ + { + "name": "label", + "value": "SC-12(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-12(1)" @@ -118179,13 +99478,6 @@ { "id": "sc-12.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain availability of information in the event of the loss of cryptographic keys by users." }, { @@ -118197,23 +99489,6 @@ "id": "sc-12.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-12(01)", @@ -118329,9 +99604,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-13", + "class": "zero-padded" }, { "name": "label", @@ -118483,11 +99758,6 @@ "id": "sc-13_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -118499,11 +99769,6 @@ "id": "sc-13_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -118595,23 +99860,6 @@ "id": "sc-13_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-13a.", @@ -118630,29 +99878,6 @@ "id": "sc-13_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-13b.", @@ -118764,6 +99989,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-15", + "class": "zero-padded" + }, { "name": "label", "value": "SC-15" @@ -118802,11 +100032,6 @@ "id": "sc-15_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -118818,11 +100043,6 @@ "id": "sc-15_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -118870,23 +100090,6 @@ "id": "sc-15_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-15a.", @@ -118905,29 +100108,6 @@ "id": "sc-15_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-15b.", @@ -119034,6 +100214,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-17", + "class": "zero-padded" + }, { "name": "label", "value": "SC-17" @@ -119101,11 +100286,6 @@ "id": "sc-17_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -119117,11 +100297,6 @@ "id": "sc-17_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -119151,23 +100326,6 @@ "id": "sc-17_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-17a.", @@ -119186,29 +100344,6 @@ "id": "sc-17_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-17b.", @@ -119304,6 +100439,11 @@ "class": "SP800-53", "title": "Mobile Code", "props": [ + { + "name": "label", + "value": "SC-18", + "class": "zero-padded" + }, { "name": "label", "value": "SC-18" @@ -119358,11 +100498,6 @@ "id": "sc-18_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -119374,11 +100509,6 @@ "id": "sc-18_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -119408,17 +100538,6 @@ "id": "sc-18_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-18a.", @@ -119510,23 +100629,6 @@ "id": "sc-18_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-18b.", @@ -119677,6 +100779,11 @@ "class": "SP800-53", "title": "Secure Name/Address Resolution Service (Authoritative Source)", "props": [ + { + "name": "label", + "value": "SC-20", + "class": "zero-padded" + }, { "name": "label", "value": "SC-20" @@ -119743,11 +100850,6 @@ "id": "sc-20_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -119759,11 +100861,6 @@ "id": "sc-20_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -119855,29 +100952,6 @@ "id": "sc-20_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-20a.", @@ -119944,29 +101018,6 @@ "id": "sc-20_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-20b.[01]", @@ -119985,29 +101036,6 @@ "id": "sc-20_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-20b.[02]", @@ -120112,9 +101140,9 @@ "title": "Secure Name/Address Resolution Service (Recursive or Caching Resolver)", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-21", + "class": "zero-padded" }, { "name": "label", @@ -120153,13 +101181,6 @@ { "id": "sc-21_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Request and perform data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources.", "parts": [ { @@ -120224,29 +101245,6 @@ "id": "sc-21_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-21", @@ -120407,6 +101405,11 @@ "class": "SP800-53", "title": "Architecture and Provisioning for Name/Address Resolution Service", "props": [ + { + "name": "label", + "value": "SC-22", + "class": "zero-padded" + }, { "name": "label", "value": "SC-22" @@ -120452,13 +101455,6 @@ { "id": "sc-22_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Ensure the systems that collectively provide name/address resolution service for an organization are fault-tolerant and implement internal and external role separation." }, { @@ -120470,29 +101466,6 @@ "id": "sc-22_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-22", @@ -120635,6 +101608,11 @@ "class": "SP800-53", "title": "Session Authenticity", "props": [ + { + "name": "label", + "value": "SC-23", + "class": "zero-padded" + }, { "name": "label", "value": "SC-23" @@ -120692,13 +101670,6 @@ { "id": "sc-23_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the authenticity of communications sessions." }, { @@ -120710,29 +101681,6 @@ "id": "sc-23_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-23", @@ -120849,6 +101797,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-24", + "class": "zero-padded" + }, { "name": "label", "value": "SC-24" @@ -120911,13 +101864,6 @@ { "id": "sc-24_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Fail to a {{ insert: param, sc-24_odp.02 }} for the following failures on the indicated components while preserving {{ insert: param, sc-24_odp.03 }} in failure: {{ insert: param, sc-24_odp.01 }}." }, { @@ -120929,29 +101875,6 @@ "id": "sc-24_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-24", @@ -121066,9 +101989,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-28", + "class": "zero-padded" }, { "name": "label", @@ -121207,13 +102130,6 @@ { "id": "sc-28_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the {{ insert: param, sc-28_odp.01 }} of the following information at rest: {{ insert: param, sc-28_odp.02 }}.", "parts": [ { @@ -121267,29 +102183,6 @@ "id": "sc-28_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-28", @@ -121402,6 +102295,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-28(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-28(1)" @@ -121443,13 +102341,6 @@ { "id": "sc-28.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of the following information at rest on {{ insert: param, sc-28.01_odp.02 }}: {{ insert: param, sc-28.01_odp.01 }}.", "parts": [ { @@ -121481,29 +102372,6 @@ "id": "sc-28.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-28(01)", @@ -121630,6 +102498,11 @@ "class": "SP800-53", "title": "Process Isolation", "props": [ + { + "name": "label", + "value": "SC-39", + "class": "zero-padded" + }, { "name": "label", "value": "SC-39" @@ -121696,13 +102569,6 @@ { "id": "sc-39_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain a separate execution domain for each executing system process." }, { @@ -121714,29 +102580,6 @@ "id": "sc-39_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-39", @@ -121824,6 +102667,11 @@ "class": "SP800-53", "title": "System Time Synchronization", "props": [ + { + "name": "label", + "value": "SC-45", + "class": "zero-padded" + }, { "name": "label", "value": "SC-45" @@ -121869,13 +102717,6 @@ { "id": "sc-45_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Synchronize system clocks within and between systems and system components." }, { @@ -121887,29 +102728,6 @@ "id": "sc-45_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-45", @@ -122042,9 +102860,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-45(01)", + "class": "zero-padded" }, { "name": "label", @@ -122080,11 +102898,6 @@ "id": "sc-45.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -122096,11 +102909,6 @@ "id": "sc-45.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -122170,23 +102978,6 @@ "id": "sc-45.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-45(01)(a)", @@ -122205,17 +102996,6 @@ "id": "sc-45.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-45(01)(b)", @@ -122415,6 +103195,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-01", + "class": "zero-padded" + }, { "name": "label", "value": "SI-1" @@ -122478,12 +103263,6 @@ "id": "si-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -122543,11 +103322,6 @@ "id": "si-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -122559,12 +103333,6 @@ "id": "si-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -122629,23 +103397,6 @@ "id": "si-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[01]", @@ -122664,23 +103415,6 @@ "id": "si-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[02]", @@ -122699,17 +103433,6 @@ "id": "si-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[03]", @@ -122728,17 +103451,6 @@ "id": "si-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[04]", @@ -122768,17 +103480,6 @@ "id": "si-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.01(a)", @@ -122924,17 +103625,6 @@ "id": "si-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.01(b)", @@ -122969,23 +103659,6 @@ "id": "si-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01b.", @@ -123015,23 +103688,6 @@ "id": "si-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01c.01", @@ -123087,23 +103743,6 @@ "id": "si-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01c.02", @@ -123238,6 +103877,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-02", + "class": "zero-padded" + }, { "name": "label", "value": "SI-2" @@ -123356,11 +104000,6 @@ "id": "si-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -123372,11 +104011,6 @@ "id": "si-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -123388,11 +104022,6 @@ "id": "si-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -123404,11 +104033,6 @@ "id": "si-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -123438,29 +104062,6 @@ "id": "si-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-02a.", @@ -123534,23 +104135,6 @@ "id": "si-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02b.", @@ -123642,23 +104226,6 @@ "id": "si-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02c.", @@ -123714,23 +104281,6 @@ "id": "si-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02d.", @@ -123851,6 +104401,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-2(2)" @@ -123888,13 +104443,6 @@ { "id": "si-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Determine if system components have applicable security-relevant software and firmware updates installed using {{ insert: param, si-02.02_odp.01 }} {{ insert: param, si-02.02_odp.02 }}." }, { @@ -123906,29 +104454,6 @@ "id": "si-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-02(02)", @@ -124027,6 +104552,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-2(3)" @@ -124061,11 +104591,6 @@ "id": "si-2.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -124077,11 +104602,6 @@ "id": "si-2.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -124111,29 +104631,6 @@ "id": "si-2.3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-02(03)(a)", @@ -124152,23 +104649,6 @@ "id": "si-2.3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02(03)(b)", @@ -124352,9 +104832,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-03", + "class": "zero-padded" }, { "name": "label", @@ -124479,11 +104959,6 @@ "id": "si-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -124495,11 +104970,6 @@ "id": "si-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -124511,11 +104981,6 @@ "id": "si-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -124551,11 +105016,6 @@ "id": "si-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -124585,23 +105045,6 @@ "id": "si-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-03a.", @@ -124657,23 +105100,6 @@ "id": "si-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-03b.", @@ -124714,23 +105140,6 @@ "id": "si-3_obj.c.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.01[01]", @@ -124749,23 +105158,6 @@ "id": "si-3_obj.c.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.01[02]", @@ -124803,23 +105195,6 @@ "id": "si-3_obj.c.2-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.02[01]", @@ -124838,23 +105213,6 @@ "id": "si-3_obj.c.2-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.02[02]", @@ -124889,23 +105247,6 @@ "id": "si-3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03d.", @@ -125058,6 +105399,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4" @@ -125282,11 +105628,6 @@ "id": "si-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -125322,11 +105663,6 @@ "id": "si-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -125338,11 +105674,6 @@ "id": "si-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -125378,11 +105709,6 @@ "id": "si-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -125394,11 +105720,6 @@ "id": "si-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -125410,11 +105731,6 @@ "id": "si-4_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -125426,11 +105742,6 @@ "id": "si-4_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -125489,29 +105800,6 @@ "id": "si-4_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04a.01", @@ -125530,29 +105818,6 @@ "id": "si-4_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04a.02", @@ -125634,23 +105899,6 @@ "id": "si-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04b.", @@ -125680,29 +105928,6 @@ "id": "si-4_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04c.01", @@ -125721,29 +105946,6 @@ "id": "si-4_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04c.02", @@ -125770,23 +105972,6 @@ "id": "si-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04d.", @@ -125842,23 +106027,6 @@ "id": "si-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04e.", @@ -125877,23 +106045,6 @@ "id": "si-4_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04f.", @@ -125912,29 +106063,6 @@ "id": "si-4_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04g.", @@ -126031,9 +106159,9 @@ "title": "System-wide Intrusion Detection System", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(01)", + "class": "zero-padded" }, { "name": "label", @@ -126074,13 +106202,6 @@ { "id": "si-4.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Connect and configure individual intrusion detection tools into a system-wide intrusion detection system." }, { @@ -126103,23 +106224,6 @@ "id": "si-4.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(01)[01]", @@ -126138,23 +106242,6 @@ "id": "si-4.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(01)[02]", @@ -126251,9 +106338,9 @@ "title": "Automated Tools and Mechanisms for Real-time Analysis", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(02)", + "class": "zero-padded" }, { "name": "label", @@ -126297,13 +106384,6 @@ { "id": "si-4.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ automated tools and mechanisms to support near real-time analysis of events." }, { @@ -126315,29 +106395,6 @@ "id": "si-4.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(02)", @@ -126476,6 +106533,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04(04)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(4)" @@ -126515,11 +106577,6 @@ "id": "si-4.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -126531,11 +106588,6 @@ "id": "si-4.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -126565,23 +106617,6 @@ "id": "si-4.4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(04)(a)", @@ -126637,29 +106672,6 @@ "id": "si-4.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(04)(b)", @@ -126812,6 +106824,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04(05)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(5)" @@ -126858,13 +106875,6 @@ { "id": "si-4.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Alert {{ insert: param, si-04.05_odp.01 }} when the following system-generated indications of compromise or potential compromise occur: {{ insert: param, si-04.05_odp.02 }}.", "parts": [ { @@ -126896,29 +106906,6 @@ "id": "si-4.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(05)", @@ -127027,9 +107014,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(10)", + "class": "zero-padded" }, { "name": "label", @@ -127065,13 +107052,6 @@ { "id": "si-4.10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Make provisions so that {{ insert: param, si-04.10_odp.01 }} is visible to {{ insert: param, si-04.10_odp.02 }}.", "parts": [ { @@ -127103,23 +107083,6 @@ "id": "si-4.10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(10)", @@ -127218,6 +107181,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04(11)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(11)" @@ -127257,13 +107225,6 @@ { "id": "si-4.11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Analyze outbound communications traffic at the external interfaces to the system and selected {{ insert: param, si-04.11_odp }} to discover anomalies." }, { @@ -127275,29 +107236,6 @@ "id": "si-4.11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(11)", @@ -127451,6 +107389,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04(12)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(12)" @@ -127490,13 +107433,6 @@ { "id": "si-4.12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Alert {{ insert: param, si-04.12_odp.01 }} using {{ insert: param, si-04.12_odp.02 }} when the following indications of inappropriate or unusual activities with security or privacy implications occur: {{ insert: param, si-04.12_odp.03 }}." }, { @@ -127508,29 +107444,6 @@ "id": "si-4.12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(12)", @@ -127618,6 +107531,11 @@ "class": "SP800-53-enhancement", "title": "Wireless Intrusion Detection", "props": [ + { + "name": "label", + "value": "SI-04(14)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(14)" @@ -127660,13 +107578,6 @@ { "id": "si-4.14_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ a wireless intrusion detection system to identify rogue wireless devices and to detect attack attempts and potential compromises or breaches to the system." }, { @@ -127678,23 +107589,6 @@ "id": "si-4.14_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(14)", @@ -127838,9 +107732,9 @@ "title": "Correlate Monitoring Information", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(16)", + "class": "zero-padded" }, { "name": "label", @@ -127885,13 +107779,6 @@ { "id": "si-4.16_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Correlate information from monitoring tools and mechanisms employed throughout the system." }, { @@ -127903,23 +107790,6 @@ "id": "si-4.16_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(16)", @@ -128018,6 +107888,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04(18)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(18)" @@ -128057,13 +107932,6 @@ { "id": "si-4.18_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Analyze outbound communications traffic at external interfaces to the system and at the following interior points to detect covert exfiltration of information: {{ insert: param, si-04.18_odp }}." }, { @@ -128075,23 +107943,6 @@ "id": "si-4.18_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(18)", @@ -128237,9 +108088,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(19)", + "class": "zero-padded" }, { "name": "label", @@ -128275,13 +108126,6 @@ { "id": "si-4.19_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement {{ insert: param, si-04.19_odp.01 }} of individuals who have been identified by {{ insert: param, si-04.19_odp.02 }} as posing an increased level of risk." }, { @@ -128293,23 +108137,6 @@ "id": "si-4.19_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(19)", @@ -128409,9 +108236,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(20)", + "class": "zero-padded" }, { "name": "label", @@ -128451,13 +108278,6 @@ { "id": "si-4.20_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement the following additional monitoring of privileged users: {{ insert: param, si-04.20_odp }}." }, { @@ -128469,29 +108289,6 @@ "id": "si-4.20_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(20)", @@ -128609,6 +108406,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04(22)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(22)" @@ -128652,11 +108454,6 @@ "id": "si-4.22_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -128668,11 +108465,6 @@ "id": "si-4.22_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -128702,29 +108494,6 @@ "id": "si-4.22_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(22)(a)", @@ -128743,23 +108512,6 @@ "id": "si-4.22_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(22)(b)", @@ -128876,9 +108628,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(23)", + "class": "zero-padded" }, { "name": "label", @@ -128922,13 +108674,6 @@ { "id": "si-4.23_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement the following host-based monitoring mechanisms at {{ insert: param, si-04.23_odp.02 }}: {{ insert: param, si-04.23_odp.01 }}." }, { @@ -128940,29 +108685,6 @@ "id": "si-4.23_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(23)", @@ -129111,6 +108833,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-05", + "class": "zero-padded" + }, { "name": "label", "value": "SI-5" @@ -129162,11 +108889,6 @@ "id": "si-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -129178,11 +108900,6 @@ "id": "si-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -129194,11 +108911,6 @@ "id": "si-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -129210,11 +108922,6 @@ "id": "si-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -129256,29 +108963,6 @@ "id": "si-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05a.", @@ -129297,23 +108981,6 @@ "id": "si-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05b.", @@ -129332,29 +108999,6 @@ "id": "si-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05c.", @@ -129373,23 +109017,6 @@ "id": "si-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05d.", @@ -129496,6 +109123,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-5(1)" @@ -129530,13 +109162,6 @@ { "id": "si-5.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Broadcast security alert and advisory information throughout the organization using {{ insert: param, si-05.01_odp }}." }, { @@ -129548,23 +109173,6 @@ "id": "si-5.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-05(01)", @@ -129752,9 +109360,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-06", + "class": "zero-padded" }, { "name": "label", @@ -129811,11 +109419,6 @@ "id": "si-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -129827,11 +109430,6 @@ "id": "si-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -129843,11 +109441,6 @@ "id": "si-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -129859,11 +109452,6 @@ "id": "si-6_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -129893,23 +109481,6 @@ "id": "si-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-06a.", @@ -129965,23 +109536,6 @@ "id": "si-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-06b.", @@ -130037,23 +109591,6 @@ "id": "si-6_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-06c.", @@ -130109,23 +109646,6 @@ "id": "si-6_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-06d.", @@ -130286,9 +109806,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-07", + "class": "zero-padded" }, { "name": "label", @@ -130450,11 +109970,6 @@ "id": "si-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -130466,11 +109981,6 @@ "id": "si-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -130500,23 +110010,6 @@ "id": "si-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-07a.", @@ -130590,23 +110083,6 @@ "id": "si-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-07b.", @@ -130907,9 +110383,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-07(01)", + "class": "zero-padded" }, { "name": "label", @@ -130945,13 +110421,6 @@ { "id": "si-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Perform an integrity check of {{ insert: param, si-7.1_prm_1 }} {{ insert: param, si-7.1_prm_2 }}." }, { @@ -130963,29 +110432,6 @@ "id": "si-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-07(01)", @@ -131144,6 +110590,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-07(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-7(2)" @@ -131178,13 +110629,6 @@ { "id": "si-7.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ automated tools that provide notification to {{ insert: param, si-07.02_odp }} upon discovering discrepancies during integrity verification." }, { @@ -131196,29 +110640,6 @@ "id": "si-7.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-07(02)", @@ -131328,6 +110749,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-07(05)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-7(5)" @@ -131362,13 +110788,6 @@ { "id": "si-7.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Automatically {{ insert: param, si-07.05_odp.01 }} when integrity violations are discovered." }, { @@ -131380,29 +110799,6 @@ "id": "si-7.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-07(05)", @@ -131501,6 +110897,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-07(07)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-7(7)" @@ -131555,13 +110956,6 @@ { "id": "si-7.7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Incorporate the detection of the following unauthorized changes into the organizational incident response capability: {{ insert: param, si-07.07_odp }}." }, { @@ -131573,23 +110967,6 @@ "id": "si-7.7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-07(07)", @@ -131693,6 +111070,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-07(15)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-7(15)" @@ -131739,13 +111121,6 @@ { "id": "si-7.15_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to authenticate the following software or firmware components prior to installation: {{ insert: param, si-07.15_odp }}." }, { @@ -131757,23 +111132,6 @@ "id": "si-7.15_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-07(15)", @@ -131863,6 +111221,11 @@ "class": "SP800-53", "title": "Spam Protection", "props": [ + { + "name": "label", + "value": "SI-08", + "class": "zero-padded" + }, { "name": "label", "value": "SI-8" @@ -131925,11 +111288,6 @@ "id": "si-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -131941,11 +111299,6 @@ "id": "si-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -132004,23 +111357,6 @@ "id": "si-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-08a.", @@ -132112,23 +111448,6 @@ "id": "si-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-08b.", @@ -132235,6 +111554,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-08(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-8(2)" @@ -132264,13 +111588,6 @@ { "id": "si-8.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Automatically update spam protection mechanisms {{ insert: param, si-08.02_odp }}." }, { @@ -132282,23 +111599,6 @@ "id": "si-8.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-08(02)", @@ -132400,9 +111700,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-10", + "class": "zero-padded" }, { "name": "label", @@ -132438,13 +111738,6 @@ { "id": "si-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Check the validity of the following information inputs: {{ insert: param, si-10_odp }}.", "parts": [ { @@ -132476,17 +111769,6 @@ "id": "si-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-10", @@ -132590,6 +111872,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-11", + "class": "zero-padded" + }, { "name": "label", "value": "SI-11" @@ -132640,11 +111927,6 @@ "id": "si-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -132656,11 +111938,6 @@ "id": "si-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -132690,17 +111967,6 @@ "id": "si-11_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-11a.", @@ -132719,17 +111985,6 @@ "id": "si-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-11b.", @@ -132825,6 +112080,11 @@ "class": "SP800-53", "title": "Information Management and Retention", "props": [ + { + "name": "label", + "value": "SI-12", + "class": "zero-padded" + }, { "name": "label", "value": "SI-12" @@ -132982,13 +112242,6 @@ { "id": "si-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Manage and retain information within the system and information output from the system in accordance with applicable laws, executive orders, directives, regulations, policies, standards, guidelines and operational requirements." }, { @@ -133000,23 +112253,6 @@ "id": "si-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-12", @@ -133188,6 +112424,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-16", + "class": "zero-padded" + }, { "name": "label", "value": "SI-16" @@ -133230,13 +112471,6 @@ { "id": "si-16_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement the following controls to protect the system memory from unauthorized code execution: {{ insert: param, si-16_odp }}." }, { @@ -133248,23 +112482,6 @@ "id": "si-16_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-16", @@ -133459,6 +112676,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-01", + "class": "zero-padded" + }, { "name": "label", "value": "SR-1" @@ -133546,12 +112768,6 @@ "id": "sr-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -133611,11 +112827,6 @@ "id": "sr-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -133627,12 +112838,6 @@ "id": "sr-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -133697,23 +112902,6 @@ "id": "sr-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[01]", @@ -133732,23 +112920,6 @@ "id": "sr-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[02]", @@ -133767,17 +112938,6 @@ "id": "sr-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[03]", @@ -133796,17 +112956,6 @@ "id": "sr-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[04]", @@ -133836,17 +112985,6 @@ "id": "sr-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.01(a)", @@ -133992,17 +113130,6 @@ "id": "sr-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.01(b)", @@ -134037,23 +113164,6 @@ "id": "sr-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01b.", @@ -134083,23 +113193,6 @@ "id": "sr-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01c.01", @@ -134155,23 +113248,6 @@ "id": "sr-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01c.02", @@ -134315,6 +113391,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-02", + "class": "zero-padded" + }, { "name": "label", "value": "SR-2" @@ -134446,11 +113527,6 @@ "id": "sr-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -134462,11 +113538,6 @@ "id": "sr-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -134478,11 +113549,6 @@ "id": "sr-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -134523,23 +113589,6 @@ "id": "sr-2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[01]", @@ -134558,17 +113607,6 @@ "id": "sr-2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[02]", @@ -134587,17 +113625,6 @@ "id": "sr-2_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[03]", @@ -134616,17 +113643,6 @@ "id": "sr-2_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[04]", @@ -134645,17 +113661,6 @@ "id": "sr-2_obj.a-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[05]", @@ -134674,17 +113679,6 @@ "id": "sr-2_obj.a-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[06]", @@ -134703,17 +113697,6 @@ "id": "sr-2_obj.a-7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[07]", @@ -134732,17 +113715,6 @@ "id": "sr-2_obj.a-8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[08]", @@ -134761,17 +113733,6 @@ "id": "sr-2_obj.a-9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[09]", @@ -134798,23 +113759,6 @@ "id": "sr-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-02b.", @@ -134833,23 +113777,6 @@ "id": "sr-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-02c.", @@ -135002,6 +113929,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-2(1)" @@ -135036,13 +113968,6 @@ { "id": "sr-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish a supply chain risk management team consisting of {{ insert: param, sr-02.01_odp.01 }} to lead and support the following SCRM activities: {{ insert: param, sr-02.01_odp.02 }}." }, { @@ -135054,23 +113979,6 @@ "id": "sr-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-02(01)", @@ -135187,6 +114095,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-03", + "class": "zero-padded" + }, { "name": "label", "value": "SR-3" @@ -135347,11 +114260,6 @@ "id": "sr-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -135363,11 +114271,6 @@ "id": "sr-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -135379,11 +114282,6 @@ "id": "sr-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -135442,23 +114340,6 @@ "id": "sr-3_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-03a.[01]", @@ -135477,23 +114358,6 @@ "id": "sr-3_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-03a.[02]", @@ -135520,23 +114384,6 @@ "id": "sr-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-03b.", @@ -135555,23 +114402,6 @@ "id": "sr-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-03c.", @@ -135678,6 +114508,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-05", + "class": "zero-padded" + }, { "name": "label", "value": "SR-5" @@ -135796,13 +114631,6 @@ { "id": "sr-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ the following acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks: {{ insert: param, sr-05_odp }}." }, { @@ -135814,29 +114642,6 @@ "id": "sr-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-05", @@ -135995,6 +114800,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-06", + "class": "zero-padded" + }, { "name": "label", "value": "SR-6" @@ -136085,13 +114895,6 @@ { "id": "sr-6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Assess and review the supply chain-related risks associated with suppliers or contractors and the system, system component, or system service they provide {{ insert: param, sr-06_odp }}.", "parts": [ { @@ -136123,23 +114926,6 @@ "id": "sr-6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-06", @@ -136253,6 +115039,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-08", + "class": "zero-padded" + }, { "name": "label", "value": "SR-8" @@ -136323,13 +115114,6 @@ { "id": "sr-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the {{ insert: param, sr-08_odp.01 }}.", "parts": [ { @@ -136361,23 +115145,6 @@ "id": "sr-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-08", @@ -136465,6 +115232,11 @@ "class": "SP800-53", "title": "Tamper Resistance and Detection", "props": [ + { + "name": "label", + "value": "SR-09", + "class": "zero-padded" + }, { "name": "label", "value": "SR-9" @@ -136539,13 +115311,6 @@ { "id": "sr-9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement a tamper protection program for the system, system component, or system service.", "parts": [ { @@ -136577,23 +115342,6 @@ "id": "sr-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-09", @@ -136681,6 +115429,11 @@ "class": "SP800-53-enhancement", "title": "Multiple Stages of System Development Life Cycle", "props": [ + { + "name": "label", + "value": "SR-09(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-9(1)" @@ -136719,13 +115472,6 @@ { "id": "sr-9.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ anti-tamper technologies, tools, and techniques throughout the system development life cycle." }, { @@ -136737,23 +115483,6 @@ "id": "sr-9.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-09(01)", @@ -136883,6 +115612,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-10", + "class": "zero-padded" + }, { "name": "label", "value": "SR-10" @@ -136953,13 +115687,6 @@ { "id": "sr-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Inspect the following systems or system components {{ insert: param, sr-10_odp.02 }} to detect tampering: {{ insert: param, sr-10_odp.01 }}." }, { @@ -136971,23 +115698,6 @@ "id": "sr-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-10", @@ -137106,6 +115816,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11" @@ -137165,11 +115880,6 @@ "id": "sr-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -137181,11 +115891,6 @@ "id": "sr-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -137244,23 +115949,6 @@ "id": "sr-11_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[01]", @@ -137279,23 +115967,6 @@ "id": "sr-11_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[02]", @@ -137314,23 +115985,6 @@ "id": "sr-11_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[03]", @@ -137349,23 +116003,6 @@ "id": "sr-11_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[04]", @@ -137392,23 +116029,6 @@ "id": "sr-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11b.", @@ -137515,6 +116135,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11(1)" @@ -137553,13 +116178,6 @@ { "id": "sr-11.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Train {{ insert: param, sr-11.01_odp }} to detect counterfeit system components (including hardware, software, and firmware)." }, { @@ -137571,23 +116189,6 @@ "id": "sr-11.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11(01)", @@ -137691,6 +116292,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11(2)" @@ -137741,13 +116347,6 @@ { "id": "sr-11.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain configuration control over the following system components awaiting service or repair and serviced or repaired components awaiting return to service: {{ insert: param, sr-11.02_odp }}." }, { @@ -137759,23 +116358,6 @@ "id": "sr-11.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11(02)", @@ -137922,6 +116504,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-12", + "class": "zero-padded" + }, { "name": "label", "value": "SR-12" @@ -137956,13 +116543,6 @@ { "id": "sr-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Dispose of {{ insert: param, sr-12_odp.01 }} using the following techniques and methods: {{ insert: param, sr-12_odp.02 }}." }, { @@ -137974,23 +116554,6 @@ "id": "sr-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-12", diff --git a/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.json b/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.json index 2da005769..df1bf9e5d 100644 --- a/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.json +++ b/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.json @@ -1,11 +1,11 @@ { "catalog": { - "uuid": "552b6976-bcf9-4e3e-b078-e05cfefe86c3", + "uuid": "68275f5d-6150-4f90-aa61-b0479aabe6f0", "metadata": { "title": "FedRAMP Rev 5 High Baseline", "published": "2023-08-31T00:00:00Z", - "last-modified": "2024-01-19T14:49:42.881594-05:00", - "version": "5.1.1+fedramp-20240111-0", + "last-modified": "2024-02-06T11:17:03.015838-05:00", + "version": "5.1.1+20231218-1", "oscal-version": "1.1.1", "links": [ { @@ -205,6 +205,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-01", + "class": "zero-padded" + }, { "name": "label", "value": "AC-1" @@ -284,12 +289,6 @@ "id": "ac-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -349,11 +348,6 @@ "id": "ac-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -365,12 +359,6 @@ "id": "ac-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -435,23 +423,6 @@ "id": "ac-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[01]", @@ -470,23 +441,6 @@ "id": "ac-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[02]", @@ -505,17 +459,6 @@ "id": "ac-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[03]", @@ -534,17 +477,6 @@ "id": "ac-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[04]", @@ -574,17 +506,6 @@ "id": "ac-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.01(a)", @@ -730,17 +651,6 @@ "id": "ac-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.01(b)", @@ -775,23 +685,6 @@ "id": "ac-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01b.", @@ -821,23 +714,6 @@ "id": "ac-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01c.01", @@ -893,23 +769,6 @@ "id": "ac-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01c.02", @@ -1141,9 +1000,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02", + "class": "zero-padded" }, { "name": "label", @@ -1299,11 +1158,6 @@ "id": "ac-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -1315,11 +1169,6 @@ "id": "ac-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -1331,11 +1180,6 @@ "id": "ac-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -1347,11 +1191,6 @@ "id": "ac-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -1398,11 +1237,6 @@ "id": "ac-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -1414,11 +1248,6 @@ "id": "ac-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -1430,11 +1259,6 @@ "id": "ac-2_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -1446,11 +1270,6 @@ "id": "ac-2_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -1497,11 +1316,6 @@ "id": "ac-2_smt.i", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "i." @@ -1548,11 +1362,6 @@ "id": "ac-2_smt.j", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "j." @@ -1564,11 +1373,6 @@ "id": "ac-2_smt.k", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "k." @@ -1580,11 +1384,6 @@ "id": "ac-2_smt.l", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "l." @@ -1625,17 +1424,6 @@ "id": "ac-2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-02a.[01]", @@ -1654,17 +1442,6 @@ "id": "ac-2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-02a.[02]", @@ -1691,23 +1468,6 @@ "id": "ac-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02b.", @@ -1726,23 +1486,6 @@ "id": "ac-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02c.", @@ -1761,17 +1504,6 @@ "id": "ac-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-02d.", @@ -1882,23 +1614,6 @@ "id": "ac-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02e.", @@ -1917,23 +1632,6 @@ "id": "ac-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02f.", @@ -2043,23 +1741,6 @@ "id": "ac-2_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02g.", @@ -2078,23 +1759,6 @@ "id": "ac-2_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02h.", @@ -2179,23 +1843,6 @@ "id": "ac-2_obj.i.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02i.01", @@ -2214,23 +1861,6 @@ "id": "ac-2_obj.i.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02i.02", @@ -2249,23 +1879,6 @@ "id": "ac-2_obj.i.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02i.03", @@ -2292,23 +1905,6 @@ "id": "ac-2_obj.j", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02j.", @@ -2338,23 +1934,6 @@ "id": "ac-2_obj.k-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02k.[01]", @@ -2373,23 +1952,6 @@ "id": "ac-2_obj.k-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02k.[02]", @@ -2416,23 +1978,6 @@ "id": "ac-2_obj.l", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02l.", @@ -2577,9 +2122,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(01)", + "class": "zero-padded" }, { "name": "label", @@ -2610,13 +2155,6 @@ { "id": "ac-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Support the management of system accounts using {{ insert: param, ac-02.01_odp }}." }, { @@ -2628,23 +2166,6 @@ "id": "ac-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(01)", @@ -2763,9 +2284,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(02)", + "class": "zero-padded" }, { "name": "label", @@ -2796,13 +2317,6 @@ { "id": "ac-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Automatically {{ insert: param, ac-02.02_odp.01 }} temporary and emergency accounts after {{ insert: param, ac-02.02_odp.02 }}." }, { @@ -2814,17 +2328,6 @@ "id": "ac-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(02)", @@ -2943,9 +2446,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(03)", + "class": "zero-padded" }, { "name": "label", @@ -2982,11 +2485,6 @@ "id": "ac-2.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -2998,11 +2496,6 @@ "id": "ac-2.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -3014,11 +2507,6 @@ "id": "ac-2.3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -3030,11 +2518,6 @@ "id": "ac-2.3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -3104,23 +2587,6 @@ "id": "ac-2.3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(03)(a)", @@ -3139,23 +2605,6 @@ "id": "ac-2.3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(03)(b)", @@ -3174,23 +2623,6 @@ "id": "ac-2.3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(03)(c)", @@ -3209,23 +2641,6 @@ "id": "ac-2.3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(03)(d)", @@ -3322,9 +2737,9 @@ "title": "Automated Audit Actions", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(04)", + "class": "zero-padded" }, { "name": "label", @@ -3363,41 +2778,17 @@ { "id": "ac-2.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Automatically audit account creation, modification, enabling, disabling, and removal actions." }, { "id": "ac-2.4_gdn", "name": "guidance", - "prose": "Account management audit records are defined in accordance with [AU-2](#au-2) and reviewed, analyzed, and reported in accordance with [AU-6](#au-6)." + "prose": "Account management audit records are defined in accordance with [AU-02](#au-2) and reviewed, analyzed, and reported in accordance with [AU-06](#au-6)." }, { "id": "ac-2.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(04)", @@ -3593,9 +2984,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(05)", + "class": "zero-padded" }, { "name": "label", @@ -3635,13 +3026,6 @@ { "id": "ac-2.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require that users log out when {{ insert: param, ac-02.05_odp }}.", "parts": [ { @@ -3673,23 +3057,6 @@ "id": "ac-2.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(05)", @@ -3767,9 +3134,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(07)", + "class": "zero-padded" }, { "name": "label", @@ -3805,11 +3172,6 @@ "id": "ac-2.7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -3821,11 +3183,6 @@ "id": "ac-2.7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -3837,11 +3194,6 @@ "id": "ac-2.7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -3853,11 +3205,6 @@ "id": "ac-2.7_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -3887,23 +3234,6 @@ "id": "ac-2.7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(07)(a)", @@ -3922,23 +3252,6 @@ "id": "ac-2.7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(07)(b)", @@ -3957,23 +3270,6 @@ "id": "ac-2.7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(07)(c)", @@ -3992,23 +3288,6 @@ "id": "ac-2.7_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(07)(d)", @@ -4121,9 +3400,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(09)", + "class": "zero-padded" }, { "name": "label", @@ -4154,13 +3433,6 @@ { "id": "ac-2.9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Only permit the use of shared and group accounts that meet {{ insert: param, ac-02.09_odp }}.", "parts": [ { @@ -4192,23 +3464,6 @@ "id": "ac-2.9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(09)", @@ -4317,9 +3572,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(11)", + "class": "zero-padded" }, { "name": "label", @@ -4350,13 +3605,6 @@ { "id": "ac-2.11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Enforce {{ insert: param, ac-02.11_odp.01 }} for {{ insert: param, ac-02.11_odp.02 }}." }, { @@ -4368,23 +3616,6 @@ "id": "ac-2.11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(11)", @@ -4498,9 +3729,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(12)", + "class": "zero-padded" }, { "name": "label", @@ -4561,11 +3792,6 @@ "id": "ac-2.12_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -4577,11 +3803,6 @@ "id": "ac-2.12_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -4640,23 +3861,6 @@ "id": "ac-2.12_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(12)(a)", @@ -4675,23 +3879,6 @@ "id": "ac-2.12_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(12)(b)", @@ -4813,9 +4000,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(13)", + "class": "zero-padded" }, { "name": "label", @@ -4854,13 +4041,6 @@ { "id": "ac-2.13_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Disable accounts of individuals within {{ insert: param, ac-02.13_odp.01 }} of discovery of {{ insert: param, ac-02.13_odp.02 }}." }, { @@ -4872,23 +4052,6 @@ "id": "ac-2.13_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(13)", @@ -4979,9 +4142,9 @@ "title": "Access Enforcement", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-03", + "class": "zero-padded" }, { "name": "label", @@ -5216,13 +4379,6 @@ { "id": "ac-3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies." }, { @@ -5234,23 +4390,6 @@ "id": "ac-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-03", @@ -5349,6 +4488,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-04", + "class": "zero-padded" + }, { "name": "label", "value": "AC-4" @@ -5458,13 +4602,6 @@ { "id": "ac-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Enforce approved authorizations for controlling the flow of information within the system and between connected systems based on {{ insert: param, ac-04_odp }}." }, { @@ -5476,23 +4613,6 @@ "id": "ac-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-04", @@ -5617,6 +4737,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-04(04)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-4(4)" @@ -5650,13 +4775,6 @@ { "id": "ac-4.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent encrypted information from bypassing {{ insert: param, ac-04.04_odp.01 }} by {{ insert: param, ac-04.04_odp.02 }}.", "parts": [ { @@ -5688,23 +4806,6 @@ "id": "ac-4.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-04(04)", @@ -5825,6 +4926,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-04(21)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-4(21)" @@ -5863,13 +4969,6 @@ { "id": "ac-4.21_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Separate information flows logically or physically using {{ insert: param, ac-4.21_prm_1 }} to accomplish {{ insert: param, ac-04.21_odp.03 }}." }, { @@ -5881,23 +4980,6 @@ "id": "ac-4.21_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-04(21)", @@ -6035,6 +5117,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-05", + "class": "zero-padded" + }, { "name": "label", "value": "AC-5" @@ -6129,11 +5216,6 @@ "id": "ac-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -6145,11 +5227,6 @@ "id": "ac-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -6197,17 +5274,6 @@ "id": "ac-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-05a.", @@ -6226,17 +5292,6 @@ "id": "ac-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-05b.", @@ -6333,9 +5388,9 @@ "title": "Least Privilege", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06", + "class": "zero-padded" }, { "name": "label", @@ -6410,13 +5465,6 @@ { "id": "ac-6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks." }, { @@ -6428,23 +5476,6 @@ "id": "ac-6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06", @@ -6593,6 +5624,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-06(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-6(1)" @@ -6648,11 +5684,6 @@ "id": "ac-6.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -6664,11 +5695,6 @@ "id": "ac-6.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -6698,23 +5724,6 @@ "id": "ac-6.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(01)(a)", @@ -6788,23 +5797,6 @@ "id": "ac-6.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(01)(b)", @@ -6917,9 +5909,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06(02)", + "class": "zero-padded" }, { "name": "label", @@ -6966,13 +5958,6 @@ { "id": "ac-6.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require that users of system accounts (or roles) with access to {{ insert: param, ac-06.02_odp }} use non-privileged accounts or roles, when accessing nonsecurity functions.", "parts": [ { @@ -7004,23 +5989,6 @@ "id": "ac-6.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(02)", @@ -7134,9 +6102,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06(03)", + "class": "zero-padded" }, { "name": "label", @@ -7179,13 +6147,6 @@ { "id": "ac-6.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Authorize network access to {{ insert: param, ac-06.03_odp.01 }} only for {{ insert: param, ac-06.03_odp.02 }} and document the rationale for such access in the security plan for the system." }, { @@ -7208,23 +6169,6 @@ "id": "ac-6.3_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(03)[01]", @@ -7243,17 +6187,6 @@ "id": "ac-6.3_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(03)[02]", @@ -7361,9 +6294,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06(05)", + "class": "zero-padded" }, { "name": "label", @@ -7406,13 +6339,6 @@ { "id": "ac-6.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Restrict privileged accounts on the system to {{ insert: param, ac-06.05_odp }}." }, { @@ -7424,23 +6350,6 @@ "id": "ac-6.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(05)", @@ -7558,6 +6467,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-06(07)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-6(7)" @@ -7596,11 +6510,6 @@ "id": "ac-6.7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -7612,11 +6521,6 @@ "id": "ac-6.7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -7646,23 +6550,6 @@ "id": "ac-6.7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(07)(a)", @@ -7681,23 +6568,6 @@ "id": "ac-6.7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(07)(b)", @@ -7810,9 +6680,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06(08)", + "class": "zero-padded" }, { "name": "label", @@ -7843,13 +6713,6 @@ { "id": "ac-6.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent the following software from executing at higher privilege levels than users executing the software: {{ insert: param, ac-06.08_odp }}." }, { @@ -7861,23 +6724,6 @@ "id": "ac-6.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(08)", @@ -7965,6 +6811,11 @@ "class": "SP800-53-enhancement", "title": "Log Use of Privileged Functions", "props": [ + { + "name": "label", + "value": "AC-06(09)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-6(9)" @@ -8006,13 +6857,6 @@ { "id": "ac-6.9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Log the execution of privileged functions." }, { @@ -8024,23 +6868,6 @@ "id": "ac-6.9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(09)", @@ -8129,9 +6956,9 @@ "title": "Prohibit Non-privileged Users from Executing Privileged Functions", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06(10)", + "class": "zero-padded" }, { "name": "label", @@ -8162,13 +6989,6 @@ { "id": "ac-6.10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent non-privileged users from executing privileged functions." }, { @@ -8180,23 +7000,6 @@ "id": "ac-6.10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(10)", @@ -8346,6 +7149,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-07", + "class": "zero-padded" + }, { "name": "label", "value": "AC-7" @@ -8404,11 +7212,6 @@ "id": "ac-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -8420,11 +7223,6 @@ "id": "ac-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -8472,23 +7270,6 @@ "id": "ac-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-07a.", @@ -8507,23 +7288,6 @@ "id": "ac-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-07b.", @@ -8649,6 +7413,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-08", + "class": "zero-padded" + }, { "name": "label", "value": "AC-8" @@ -8696,11 +7465,6 @@ "id": "ac-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -8758,11 +7522,6 @@ "id": "ac-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -8774,11 +7533,6 @@ "id": "ac-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -8894,23 +7648,6 @@ "id": "ac-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.", @@ -8923,17 +7660,6 @@ "id": "ac-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.01", @@ -8952,17 +7678,6 @@ "id": "ac-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.02", @@ -8981,17 +7696,6 @@ "id": "ac-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.03", @@ -9010,17 +7714,6 @@ "id": "ac-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.04", @@ -9047,23 +7740,6 @@ "id": "ac-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-08b.", @@ -9082,17 +7758,6 @@ "id": "ac-8_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08c.", @@ -9268,6 +7933,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-10", + "class": "zero-padded" + }, { "name": "label", "value": "AC-10" @@ -9297,13 +7967,6 @@ { "id": "ac-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Limit the number of concurrent sessions for each {{ insert: param, ac-10_odp.01 }} to {{ insert: param, ac-10_odp.02 }}." }, { @@ -9315,23 +7978,6 @@ "id": "ac-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-10", @@ -9445,6 +8091,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-11", + "class": "zero-padded" + }, { "name": "label", "value": "AC-11" @@ -9491,11 +8142,6 @@ "id": "ac-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -9507,11 +8153,6 @@ "id": "ac-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -9541,23 +8182,6 @@ "id": "ac-11_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-11a.", @@ -9576,23 +8200,6 @@ "id": "ac-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-11b.", @@ -9688,6 +8295,11 @@ "class": "SP800-53-enhancement", "title": "Pattern-hiding Displays", "props": [ + { + "name": "label", + "value": "AC-11(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-11(1)" @@ -9717,13 +8329,6 @@ { "id": "ac-11.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Conceal, via the device lock, information previously visible on the display with a publicly viewable image." }, { @@ -9735,23 +8340,6 @@ "id": "ac-11.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-11(01)", @@ -9852,6 +8440,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-12", + "class": "zero-padded" + }, { "name": "label", "value": "AC-12" @@ -9889,13 +8482,6 @@ { "id": "ac-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Automatically terminate a user session after {{ insert: param, ac-12_odp }}." }, { @@ -9907,23 +8493,6 @@ "id": "ac-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-12", @@ -10022,6 +8591,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-14", + "class": "zero-padded" + }, { "name": "label", "value": "AC-14" @@ -10064,11 +8638,6 @@ "id": "ac-14_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -10080,11 +8649,6 @@ "id": "ac-14_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -10114,23 +8678,6 @@ "id": "ac-14_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-14a.", @@ -10149,17 +8696,6 @@ "id": "ac-14_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-14b.", @@ -10270,6 +8806,11 @@ "class": "SP800-53", "title": "Remote Access", "props": [ + { + "name": "label", + "value": "AC-17", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17" @@ -10400,11 +8941,6 @@ "id": "ac-17_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -10416,11 +8952,6 @@ "id": "ac-17_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -10450,23 +8981,6 @@ "id": "ac-17_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-17a.", @@ -10540,23 +9054,6 @@ "id": "ac-17_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17b.", @@ -10652,6 +9149,11 @@ "class": "SP800-53-enhancement", "title": "Monitoring and Control", "props": [ + { + "name": "label", + "value": "AC-17(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17(1)" @@ -10702,13 +9204,6 @@ { "id": "ac-17.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ automated mechanisms to monitor and control remote access methods." }, { @@ -10720,23 +9215,6 @@ "id": "ac-17.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(01)", @@ -10862,9 +9340,9 @@ "title": "Protection of Confidentiality and Integrity Using Encryption", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-17(02)", + "class": "zero-padded" }, { "name": "label", @@ -10907,13 +9385,6 @@ { "id": "ac-17.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to protect the confidentiality and integrity of remote access sessions." }, { @@ -10925,23 +9396,6 @@ "id": "ac-17.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(02)", @@ -11029,6 +9483,11 @@ "class": "SP800-53-enhancement", "title": "Managed Access Control Points", "props": [ + { + "name": "label", + "value": "AC-17(03)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17(3)" @@ -11062,13 +9521,6 @@ { "id": "ac-17.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Route remote accesses through authorized and managed network access control points." }, { @@ -11080,23 +9532,6 @@ "id": "ac-17.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(03)", @@ -11208,6 +9643,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-17(04)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17(4)" @@ -11254,11 +9694,6 @@ "id": "ac-17.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -11270,11 +9705,6 @@ "id": "ac-17.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -11315,23 +9745,6 @@ "id": "ac-17.4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(a)[01]", @@ -11350,23 +9763,6 @@ "id": "ac-17.4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(a)[02]", @@ -11385,23 +9781,6 @@ "id": "ac-17.4_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(a)[03]", @@ -11420,23 +9799,6 @@ "id": "ac-17.4_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(a)[04]", @@ -11463,17 +9825,6 @@ "id": "ac-17.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(b)", @@ -11571,6 +9922,11 @@ "class": "SP800-53", "title": "Wireless Access", "props": [ + { + "name": "label", + "value": "AC-18", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18" @@ -11661,11 +10017,6 @@ "id": "ac-18_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -11677,11 +10028,6 @@ "id": "ac-18_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -11711,23 +10057,6 @@ "id": "ac-18_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-18a.", @@ -11801,23 +10130,6 @@ "id": "ac-18_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18b.", @@ -11925,6 +10237,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-18(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18(1)" @@ -11966,13 +10283,6 @@ { "id": "ac-18.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect wireless access to the system using authentication of {{ insert: param, ac-18.01_odp }} and encryption." }, { @@ -11995,23 +10305,6 @@ "id": "ac-18.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18(01)[01]", @@ -12030,23 +10323,6 @@ "id": "ac-18.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18(01)[02]", @@ -12142,6 +10418,11 @@ "class": "SP800-53-enhancement", "title": "Disable Wireless Networking", "props": [ + { + "name": "label", + "value": "AC-18(03)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18(3)" @@ -12176,13 +10457,6 @@ { "id": "ac-18.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Disable, when not intended for use, wireless networking capabilities embedded within system components prior to issuance and deployment." }, { @@ -12194,23 +10468,6 @@ "id": "ac-18.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18(03)", @@ -12298,6 +10555,11 @@ "class": "SP800-53-enhancement", "title": "Restrict Configurations by Users", "props": [ + { + "name": "label", + "value": "AC-18(04)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18(4)" @@ -12335,13 +10597,6 @@ { "id": "ac-18.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify and explicitly authorize users allowed to independently configure wireless networking capabilities." }, { @@ -12353,23 +10608,6 @@ "id": "ac-18.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-18(04)", @@ -12494,6 +10732,11 @@ "class": "SP800-53-enhancement", "title": "Antennas and Transmission Power Levels", "props": [ + { + "name": "label", + "value": "AC-18(05)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18(5)" @@ -12527,13 +10770,6 @@ { "id": "ac-18.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Select radio antennas and calibrate transmission power levels to reduce the probability that signals from wireless access points can be received outside of organization-controlled boundaries." }, { @@ -12556,23 +10792,6 @@ "id": "ac-18.5_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18(05)[01]", @@ -12591,23 +10810,6 @@ "id": "ac-18.5_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18(05)[02]", @@ -12705,6 +10907,11 @@ "class": "SP800-53", "title": "Access Control for Mobile Devices", "props": [ + { + "name": "label", + "value": "AC-19", + "class": "zero-padded" + }, { "name": "label", "value": "AC-19" @@ -12831,11 +11038,6 @@ "id": "ac-19_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -12847,11 +11049,6 @@ "id": "ac-19_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -12881,23 +11078,6 @@ "id": "ac-19_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-19a.", @@ -12971,23 +11151,6 @@ "id": "ac-19_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-19b.", @@ -13103,6 +11266,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-19(05)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-19(5)" @@ -13144,13 +11312,6 @@ { "id": "ac-19.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ {{ insert: param, ac-19.05_odp.01 }} to protect the confidentiality and integrity of information on {{ insert: param, ac-19.05_odp.02 }}." }, { @@ -13162,23 +11323,6 @@ "id": "ac-19.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-19(05)", @@ -13307,6 +11451,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-20", + "class": "zero-padded" + }, { "name": "label", "value": "AC-20" @@ -13385,11 +11534,6 @@ "id": "ac-20_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -13425,11 +11569,6 @@ "id": "ac-20_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -13477,23 +11616,6 @@ "id": "ac-20_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-20a.", @@ -13549,23 +11671,6 @@ "id": "ac-20_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-20b.", @@ -13661,6 +11766,11 @@ "class": "SP800-53-enhancement", "title": "Limits on Authorized Use", "props": [ + { + "name": "label", + "value": "AC-20(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-20(1)" @@ -13700,11 +11810,6 @@ "id": "ac-20.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -13716,11 +11821,6 @@ "id": "ac-20.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -13750,23 +11850,6 @@ "id": "ac-20.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-20(01)(a)", @@ -13785,23 +11868,6 @@ "id": "ac-20.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-20(01)(b)", @@ -13908,6 +11974,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-20(02)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-20(2)" @@ -13945,13 +12016,6 @@ { "id": "ac-20.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Restrict the use of organization-controlled portable storage devices by authorized individuals on external systems using {{ insert: param, ac-20.02_odp }}." }, { @@ -13963,23 +12027,6 @@ "id": "ac-20.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-20(02)", @@ -14089,6 +12136,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-21", + "class": "zero-padded" + }, { "name": "label", "value": "AC-21" @@ -14159,11 +12211,6 @@ "id": "ac-21_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -14175,11 +12222,6 @@ "id": "ac-21_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -14209,23 +12251,6 @@ "id": "ac-21_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-21a.", @@ -14244,23 +12269,6 @@ "id": "ac-21_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-21b.", @@ -14372,6 +12380,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-22", + "class": "zero-padded" + }, { "name": "label", "value": "AC-22" @@ -14422,11 +12435,6 @@ "id": "ac-22_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -14438,11 +12446,6 @@ "id": "ac-22_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -14454,11 +12457,6 @@ "id": "ac-22_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -14470,11 +12468,6 @@ "id": "ac-22_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -14504,23 +12497,6 @@ "id": "ac-22_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-22a.", @@ -14539,23 +12515,6 @@ "id": "ac-22_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-22b.", @@ -14574,23 +12533,6 @@ "id": "ac-22_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-22c.", @@ -14609,23 +12551,6 @@ "id": "ac-22_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-22d.", @@ -14860,6 +12785,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-01", + "class": "zero-padded" + }, { "name": "label", "value": "AT-1" @@ -14931,12 +12861,6 @@ "id": "at-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -14996,11 +12920,6 @@ "id": "at-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -15012,12 +12931,6 @@ "id": "at-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -15082,23 +12995,6 @@ "id": "at-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[01]", @@ -15117,23 +13013,6 @@ "id": "at-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[02]", @@ -15152,17 +13031,6 @@ "id": "at-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[03]", @@ -15181,17 +13049,6 @@ "id": "at-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[04]", @@ -15221,17 +13078,6 @@ "id": "at-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.01(a)", @@ -15377,17 +13223,6 @@ "id": "at-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.01(b)", @@ -15422,23 +13257,6 @@ "id": "at-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01b.", @@ -15468,23 +13286,6 @@ "id": "at-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01c.01", @@ -15540,23 +13341,6 @@ "id": "at-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01c.02", @@ -15758,6 +13542,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-02", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2" @@ -15881,11 +13670,6 @@ "id": "at-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -15921,11 +13705,6 @@ "id": "at-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -15937,11 +13716,6 @@ "id": "at-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -15953,11 +13727,6 @@ "id": "at-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -16009,23 +13778,6 @@ "id": "at-2_obj.a.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[01]", @@ -16044,23 +13796,6 @@ "id": "at-2_obj.a.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[02]", @@ -16079,23 +13814,6 @@ "id": "at-2_obj.a.1-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[03]", @@ -16114,23 +13832,6 @@ "id": "at-2_obj.a.1-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[04]", @@ -16157,23 +13858,6 @@ "id": "at-2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.02", @@ -16237,17 +13921,6 @@ "id": "at-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AT-02b.", @@ -16266,23 +13939,6 @@ "id": "at-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02c.", @@ -16338,23 +13994,6 @@ "id": "at-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02d.", @@ -16450,6 +14089,11 @@ "class": "SP800-53-enhancement", "title": "Insider Threat", "props": [ + { + "name": "label", + "value": "AT-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2(2)" @@ -16488,13 +14132,6 @@ { "id": "at-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide literacy training on recognizing and reporting potential indicators of insider threat." }, { @@ -16506,23 +14143,6 @@ "id": "at-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02(02)", @@ -16625,6 +14245,11 @@ "class": "SP800-53-enhancement", "title": "Social Engineering and Mining", "props": [ + { + "name": "label", + "value": "AT-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2(3)" @@ -16659,13 +14284,6 @@ { "id": "at-2.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide literacy training on recognizing and reporting potential and actual instances of social engineering and social mining." }, { @@ -16677,23 +14295,6 @@ "id": "at-2.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02(03)", @@ -16895,6 +14496,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-03", + "class": "zero-padded" + }, { "name": "label", "value": "AT-3" @@ -17030,11 +14636,6 @@ "id": "at-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -17070,11 +14671,6 @@ "id": "at-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -17086,11 +14682,6 @@ "id": "at-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -17131,23 +14722,6 @@ "id": "at-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-03a.01", @@ -17239,23 +14813,6 @@ "id": "at-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-03a.02", @@ -17319,17 +14876,6 @@ "id": "at-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AT-03b.", @@ -17385,23 +14931,6 @@ "id": "at-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-03c.", @@ -17513,6 +15042,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-04", + "class": "zero-padded" + }, { "name": "label", "value": "AT-4" @@ -17576,11 +15110,6 @@ "id": "at-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -17592,11 +15121,6 @@ "id": "at-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -17626,23 +15150,6 @@ "id": "at-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-04a.", @@ -17698,17 +15205,6 @@ "id": "at-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AT-04b.", @@ -17906,6 +15402,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-01", + "class": "zero-padded" + }, { "name": "label", "value": "AU-1" @@ -17969,12 +15470,6 @@ "id": "au-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -18034,11 +15529,6 @@ "id": "au-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -18050,12 +15540,6 @@ "id": "au-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -18120,23 +15604,6 @@ "id": "au-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[01]", @@ -18155,23 +15622,6 @@ "id": "au-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[02]", @@ -18190,17 +15640,6 @@ "id": "au-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[03]", @@ -18219,17 +15658,6 @@ "id": "au-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[04]", @@ -18259,17 +15687,6 @@ "id": "au-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.01(a)", @@ -18415,17 +15832,6 @@ "id": "au-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.01(b)", @@ -18460,23 +15866,6 @@ "id": "au-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01b.", @@ -18506,23 +15895,6 @@ "id": "au-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01c.01", @@ -18578,23 +15950,6 @@ "id": "au-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01c.02", @@ -18771,9 +16126,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-02", + "class": "zero-padded" }, { "name": "label", @@ -18949,11 +16304,6 @@ "id": "au-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -18965,11 +16315,6 @@ "id": "au-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -18981,11 +16326,6 @@ "id": "au-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -18997,11 +16337,6 @@ "id": "au-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -19013,11 +16348,6 @@ "id": "au-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -19076,23 +16406,6 @@ "id": "au-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02a.", @@ -19111,23 +16424,6 @@ "id": "au-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02b.", @@ -19157,23 +16453,6 @@ "id": "au-2_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02c.[01]", @@ -19192,17 +16471,6 @@ "id": "au-2_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-02c.[02]", @@ -19229,23 +16497,6 @@ "id": "au-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02d.", @@ -19264,17 +16515,6 @@ "id": "au-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-02e.", @@ -19371,9 +16611,9 @@ "title": "Content of Audit Records", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-03", + "class": "zero-padded" }, { "name": "label", @@ -19450,11 +16690,6 @@ "id": "au-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -19466,11 +16701,6 @@ "id": "au-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -19482,11 +16712,6 @@ "id": "au-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -19498,11 +16723,6 @@ "id": "au-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -19514,11 +16734,6 @@ "id": "au-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -19530,11 +16745,6 @@ "id": "au-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -19553,23 +16763,6 @@ "id": "au-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-03", @@ -19783,9 +16976,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-03(01)", + "class": "zero-padded" }, { "name": "label", @@ -19816,13 +17009,6 @@ { "id": "au-3.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Generate audit records containing the following additional information: {{ insert: param, au-03.01_odp }}.", "parts": [ { @@ -19854,23 +17040,6 @@ "id": "au-3.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-03(01)", @@ -19972,9 +17141,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-04", + "class": "zero-padded" }, { "name": "label", @@ -20042,13 +17211,6 @@ { "id": "au-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Allocate audit log storage capacity to accommodate {{ insert: param, au-04_odp }}." }, { @@ -20060,23 +17222,6 @@ "id": "au-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-04", @@ -20199,9 +17344,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-05", + "class": "zero-padded" }, { "name": "label", @@ -20269,11 +17414,6 @@ "id": "au-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -20285,11 +17425,6 @@ "id": "au-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -20319,23 +17454,6 @@ "id": "au-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-05a.", @@ -20354,23 +17472,6 @@ "id": "au-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-05b.", @@ -20501,9 +17602,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-05(01)", + "class": "zero-padded" }, { "name": "label", @@ -20534,13 +17635,6 @@ { "id": "au-5.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide a warning to {{ insert: param, au-05.01_odp.01 }} within {{ insert: param, au-05.01_odp.02 }} when allocated audit log storage volume reaches {{ insert: param, au-05.01_odp.03 }} of repository maximum audit log storage capacity." }, { @@ -20552,23 +17646,6 @@ "id": "au-5.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-05(01)", @@ -20701,9 +17778,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-05(02)", + "class": "zero-padded" }, { "name": "label", @@ -20734,13 +17811,6 @@ { "id": "au-5.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide an alert within {{ insert: param, au-05.02_odp.01 }} to {{ insert: param, au-05.02_odp.02 }} when the following audit failure events occur: {{ insert: param, au-05.02_odp.03 }}." }, { @@ -20752,23 +17822,6 @@ "id": "au-5.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-05(02)", @@ -20871,9 +17924,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06", + "class": "zero-padded" }, { "name": "label", @@ -21038,11 +18091,6 @@ "id": "au-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -21054,11 +18102,6 @@ "id": "au-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -21070,11 +18113,6 @@ "id": "au-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -21122,23 +18160,6 @@ "id": "au-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06a.", @@ -21157,23 +18178,6 @@ "id": "au-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06b.", @@ -21192,23 +18196,6 @@ "id": "au-6_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06c.", @@ -21294,9 +18281,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06(01)", + "class": "zero-padded" }, { "name": "label", @@ -21336,13 +18323,6 @@ { "id": "au-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Integrate audit record review, analysis, and reporting processes using {{ insert: param, au-06.01_odp }}." }, { @@ -21354,23 +18334,6 @@ "id": "au-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06(01)", @@ -21459,9 +18422,9 @@ "title": "Correlate Audit Record Repositories", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06(03)", + "class": "zero-padded" }, { "name": "label", @@ -21505,13 +18468,6 @@ { "id": "au-6.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Analyze and correlate audit records across different repositories to gain organization-wide situational awareness." }, { @@ -21523,23 +18479,6 @@ "id": "au-6.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06(03)", @@ -21628,9 +18567,9 @@ "title": "Central Review and Analysis", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06(04)", + "class": "zero-padded" }, { "name": "label", @@ -21674,13 +18613,6 @@ { "id": "au-6.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide and implement the capability to centrally review and analyze audit records from multiple components within the system." }, { @@ -21692,23 +18624,6 @@ "id": "au-6.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06(04)", @@ -21862,9 +18777,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06(05)", + "class": "zero-padded" }, { "name": "label", @@ -21908,13 +18823,6 @@ { "id": "au-6.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Integrate analysis of audit records with analysis of {{ insert: param, au-06.05_odp.01 }} to further enhance the ability to identify inappropriate or unusual activity." }, { @@ -21926,23 +18834,6 @@ "id": "au-6.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06(05)", @@ -22031,9 +18922,9 @@ "title": "Correlation with Physical Monitoring", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06(06)", + "class": "zero-padded" }, { "name": "label", @@ -22069,13 +18960,6 @@ { "id": "au-6.6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Correlate information from audit records with information obtained from monitoring physical access to further enhance the ability to identify suspicious, inappropriate, unusual, or malevolent activity.", "parts": [ { @@ -22107,23 +18991,6 @@ "id": "au-6.6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06(06)", @@ -22230,9 +19097,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06(07)", + "class": "zero-padded" }, { "name": "label", @@ -22268,13 +19135,6 @@ { "id": "au-6.7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Specify the permitted actions for each {{ insert: param, au-06.07_odp }} associated with the review, analysis, and reporting of audit record information." }, { @@ -22286,23 +19146,6 @@ "id": "au-6.7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-06(07)", @@ -22392,6 +19235,11 @@ "class": "SP800-53", "title": "Audit Record Reduction and Report Generation", "props": [ + { + "name": "label", + "value": "AU-07", + "class": "zero-padded" + }, { "name": "label", "value": "AU-7" @@ -22480,11 +19328,6 @@ "id": "au-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -22496,11 +19339,6 @@ "id": "au-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -22530,29 +19368,6 @@ "id": "au-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-07a.", @@ -22608,23 +19423,6 @@ "id": "au-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-07b.", @@ -22768,6 +19566,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-07(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AU-7(1)" @@ -22802,13 +19605,6 @@ { "id": "au-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide and implement the capability to process, sort, and search audit records for events of interest based on the following content: {{ insert: param, au-07.01_odp }}." }, { @@ -22820,23 +19616,6 @@ "id": "au-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-07(01)", @@ -22980,9 +19759,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-08", + "class": "zero-padded" }, { "name": "label", @@ -23030,11 +19809,6 @@ "id": "au-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -23046,11 +19820,6 @@ "id": "au-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -23080,23 +19849,6 @@ "id": "au-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-08a.", @@ -23115,23 +19867,6 @@ "id": "au-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-08b.", @@ -23238,6 +19973,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-09", + "class": "zero-padded" + }, { "name": "label", "value": "AU-9" @@ -23336,11 +20076,6 @@ "id": "au-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -23352,11 +20087,6 @@ "id": "au-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -23386,23 +20116,6 @@ "id": "au-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09a.", @@ -23421,23 +20134,6 @@ "id": "au-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09b.", @@ -23549,6 +20245,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-09(02)", + "class": "zero-padded" + }, { "name": "label", "value": "AU-9(2)" @@ -23586,13 +20287,6 @@ { "id": "au-9.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Store audit records {{ insert: param, au-09.02_odp }} in a repository that is part of a physically different system or system component than the system or component being audited." }, { @@ -23604,23 +20298,6 @@ "id": "au-9.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09(02)", @@ -23708,6 +20385,11 @@ "class": "SP800-53-enhancement", "title": "Cryptographic Protection", "props": [ + { + "name": "label", + "value": "AU-09(03)", + "class": "zero-padded" + }, { "name": "label", "value": "AU-9(3)" @@ -23749,13 +20431,6 @@ { "id": "au-9.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to protect the integrity of audit information and audit tools.", "parts": [ { @@ -23787,23 +20462,6 @@ "id": "au-9.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09(03)", @@ -23902,6 +20560,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-09(04)", + "class": "zero-padded" + }, { "name": "label", "value": "AU-9(4)" @@ -23935,13 +20598,6 @@ { "id": "au-9.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Authorize access to management of audit logging functionality to only {{ insert: param, au-09.04_odp }}." }, { @@ -23953,23 +20609,6 @@ "id": "au-9.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09(04)", @@ -24076,9 +20715,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-10", + "class": "zero-padded" }, { "name": "label", @@ -24166,13 +20805,6 @@ { "id": "au-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide irrefutable evidence that an individual (or process acting on behalf of an individual) has performed {{ insert: param, au-10_odp }}." }, { @@ -24184,23 +20816,6 @@ "id": "au-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-10", @@ -24305,9 +20920,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-11", + "class": "zero-padded" }, { "name": "label", @@ -24374,13 +20989,6 @@ { "id": "au-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Retain audit records for {{ insert: param, au-11_odp }} to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.", "parts": [ { @@ -24434,23 +21042,6 @@ "id": "au-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-11", @@ -24542,9 +21133,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-12", + "class": "zero-padded" }, { "name": "label", @@ -24652,11 +21243,6 @@ "id": "au-12_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -24668,11 +21254,6 @@ "id": "au-12_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -24684,11 +21265,6 @@ "id": "au-12_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -24718,23 +21294,6 @@ "id": "au-12_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-12a.", @@ -24753,23 +21312,6 @@ "id": "au-12_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-12b.", @@ -24788,17 +21330,6 @@ "id": "au-12_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-12c.", @@ -24920,9 +21451,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-12(01)", + "class": "zero-padded" }, { "name": "label", @@ -24961,13 +21492,6 @@ { "id": "au-12.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Compile audit records from {{ insert: param, au-12.01_odp.01 }} into a system-wide (logical or physical) audit trail that is time-correlated to within {{ insert: param, au-12.01_odp.02 }}." }, { @@ -24979,23 +21503,6 @@ "id": "au-12.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-12(01)", @@ -25132,9 +21639,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-12(03)", + "class": "zero-padded" }, { "name": "label", @@ -25169,13 +21676,6 @@ { "id": "au-12.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide and implement the capability for {{ insert: param, au-12.03_odp.01 }} to change the logging to be performed on {{ insert: param, au-12.03_odp.02 }} based on {{ insert: param, au-12.03_odp.03 }} within {{ insert: param, au-12.03_odp.04 }}." }, { @@ -25187,23 +21687,6 @@ "id": "au-12.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-12(03)", @@ -25432,6 +21915,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-01", + "class": "zero-padded" + }, { "name": "label", "value": "CA-1" @@ -25519,12 +22007,6 @@ "id": "ca-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -25584,11 +22066,6 @@ "id": "ca-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -25600,12 +22077,6 @@ "id": "ca-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -25670,23 +22141,6 @@ "id": "ca-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[01]", @@ -25705,23 +22159,6 @@ "id": "ca-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[02]", @@ -25740,17 +22177,6 @@ "id": "ca-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[03]", @@ -25769,17 +22195,6 @@ "id": "ca-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[04]", @@ -25809,17 +22224,6 @@ "id": "ca-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.01(a)", @@ -25965,17 +22369,6 @@ "id": "ca-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.01(b)", @@ -26010,23 +22403,6 @@ "id": "ca-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01b.", @@ -26056,23 +22432,6 @@ "id": "ca-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01c.01", @@ -26128,23 +22487,6 @@ "id": "ca-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01c.02", @@ -26293,6 +22635,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-02", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2" @@ -26420,11 +22767,6 @@ "id": "ca-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -26436,11 +22778,6 @@ "id": "ca-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -26487,11 +22824,6 @@ "id": "ca-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -26503,11 +22835,6 @@ "id": "ca-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -26519,11 +22846,6 @@ "id": "ca-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -26535,11 +22857,6 @@ "id": "ca-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -26587,17 +22904,6 @@ "id": "ca-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-02a.", @@ -26627,23 +22933,6 @@ "id": "ca-2_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02b.01", @@ -26662,23 +22951,6 @@ "id": "ca-2_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02b.02", @@ -26697,23 +22969,6 @@ "id": "ca-2_obj.b.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02b.03", @@ -26795,23 +23050,6 @@ "id": "ca-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02c.", @@ -26830,23 +23068,6 @@ "id": "ca-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02d.", @@ -26902,17 +23123,6 @@ "id": "ca-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-02e.", @@ -26931,17 +23141,6 @@ "id": "ca-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-02f.", @@ -27037,6 +23236,11 @@ "class": "SP800-53-enhancement", "title": "Independent Assessors", "props": [ + { + "name": "label", + "value": "CA-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2(1)" @@ -27071,13 +23275,6 @@ { "id": "ca-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ independent assessors or assessment teams to conduct control assessments.", "parts": [ { @@ -27109,23 +23306,6 @@ "id": "ca-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02(01)", @@ -27242,6 +23422,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2(2)" @@ -27284,13 +23469,6 @@ { "id": "ca-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Include as part of control assessments, {{ insert: param, ca-02.02_odp.01 }}, {{ insert: param, ca-02.02_odp.02 }}, {{ insert: param, ca-02.02_odp.03 }}.", "parts": [ { @@ -27322,23 +23500,6 @@ "id": "ca-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02(02)", @@ -27465,6 +23626,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2(3)" @@ -27503,13 +23669,6 @@ { "id": "ca-2.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Leverage the results of control assessments performed by {{ insert: param, ca-02.03_odp.01 }} on {{ insert: param, ca-02.03_odp.02 }} when the assessment meets {{ insert: param, ca-02.03_odp.03 }}." }, { @@ -27521,23 +23680,6 @@ "id": "ca-2.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02(03)", @@ -27645,6 +23787,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-03", + "class": "zero-padded" + }, { "name": "label", "value": "CA-3" @@ -27740,11 +23887,6 @@ "id": "ca-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -27756,11 +23898,6 @@ "id": "ca-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -27772,11 +23909,6 @@ "id": "ca-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -27806,23 +23938,6 @@ "id": "ca-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-03a.", @@ -27841,17 +23956,6 @@ "id": "ca-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-03b.", @@ -27979,23 +24083,6 @@ "id": "ca-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-03c.", @@ -28069,6 +24156,11 @@ "class": "SP800-53-enhancement", "title": "Transfer Authorizations", "props": [ + { + "name": "label", + "value": "CA-03(06)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-3(6)" @@ -28120,13 +24212,6 @@ { "id": "ca-3.6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Verify that individuals or systems transferring data between interconnecting systems have the requisite authorizations (i.e., write permissions or privileges) prior to accepting such data." }, { @@ -28138,23 +24223,6 @@ "id": "ca-3.6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-03(06)", @@ -28260,6 +24328,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-05", + "class": "zero-padded" + }, { "name": "label", "value": "CA-5" @@ -28331,11 +24404,6 @@ "id": "ca-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -28347,11 +24415,6 @@ "id": "ca-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -28410,23 +24473,6 @@ "id": "ca-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-05a.", @@ -28445,23 +24491,6 @@ "id": "ca-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-05b.", @@ -28573,6 +24602,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-06", + "class": "zero-padded" + }, { "name": "label", "value": "CA-6" @@ -28652,11 +24686,6 @@ "id": "ca-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -28668,11 +24697,6 @@ "id": "ca-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -28684,11 +24708,6 @@ "id": "ca-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -28724,11 +24743,6 @@ "id": "ca-6_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -28740,11 +24754,6 @@ "id": "ca-6_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -28792,23 +24801,6 @@ "id": "ca-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06a.", @@ -28827,23 +24819,6 @@ "id": "ca-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06b.", @@ -28873,23 +24848,6 @@ "id": "ca-6_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06c.01", @@ -28908,23 +24866,6 @@ "id": "ca-6_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06c.02", @@ -28951,23 +24892,6 @@ "id": "ca-6_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06d.", @@ -28986,17 +24910,6 @@ "id": "ca-6_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-06e.", @@ -29170,6 +25083,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-07", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7" @@ -29442,11 +25360,6 @@ "id": "ca-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -29458,11 +25371,6 @@ "id": "ca-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -29474,11 +25382,6 @@ "id": "ca-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -29490,11 +25393,6 @@ "id": "ca-7_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -29506,11 +25404,6 @@ "id": "ca-7_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -29522,11 +25415,6 @@ "id": "ca-7_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -29538,11 +25426,6 @@ "id": "ca-7_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -29612,23 +25495,6 @@ "id": "ca-7_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07[01]", @@ -29647,23 +25513,6 @@ "id": "ca-7_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07[02]", @@ -29682,23 +25531,6 @@ "id": "ca-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07a.", @@ -29717,23 +25549,6 @@ "id": "ca-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07b.", @@ -29789,23 +25604,6 @@ "id": "ca-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07c.", @@ -29824,23 +25622,6 @@ "id": "ca-7_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07d.", @@ -29859,23 +25640,6 @@ "id": "ca-7_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07e.", @@ -29894,23 +25658,6 @@ "id": "ca-7_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07f.", @@ -29929,23 +25676,6 @@ "id": "ca-7_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07g.", @@ -30078,6 +25808,11 @@ "class": "SP800-53-enhancement", "title": "Independent Assessment", "props": [ + { + "name": "label", + "value": "CA-07(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7(1)" @@ -30112,13 +25847,6 @@ { "id": "ca-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ independent assessors or assessment teams to monitor the controls in the system on an ongoing basis." }, { @@ -30130,23 +25858,6 @@ "id": "ca-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(01)", @@ -30212,6 +25923,11 @@ "class": "SP800-53-enhancement", "title": "Risk Monitoring", "props": [ + { + "name": "label", + "value": "CA-07(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7(4)" @@ -30257,11 +25973,6 @@ "id": "ca-7.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -30273,11 +25984,6 @@ "id": "ca-7.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -30289,11 +25995,6 @@ "id": "ca-7.4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -30312,23 +26013,6 @@ "id": "ca-7.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)", @@ -30341,23 +26025,6 @@ "id": "ca-7.4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)(a)", @@ -30376,23 +26043,6 @@ "id": "ca-7.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)(b)", @@ -30411,23 +26061,6 @@ "id": "ca-7.4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)(c)", @@ -30550,6 +26183,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-08", + "class": "zero-padded" + }, { "name": "label", "value": "CA-8" @@ -30600,13 +26238,6 @@ { "id": "ca-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Conduct penetration testing {{ insert: param, ca-08_odp.01 }} on {{ insert: param, ca-08_odp.02 }}.", "parts": [ { @@ -30638,23 +26269,6 @@ "id": "ca-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-08", @@ -30742,6 +26356,11 @@ "class": "SP800-53-enhancement", "title": "Independent Penetration Testing Agent or Team", "props": [ + { + "name": "label", + "value": "CA-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-8(1)" @@ -30780,13 +26399,6 @@ { "id": "ca-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ an independent penetration testing agent or team to perform penetration testing on the system or system components." }, { @@ -30798,23 +26410,6 @@ "id": "ca-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-08(01)", @@ -30892,9 +26487,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CA-08(02)", + "class": "zero-padded" }, { "name": "label", @@ -30930,19 +26525,12 @@ { "id": "ca-8.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ the following red-team exercises to simulate attempts by adversaries to compromise organizational systems in accordance with applicable rules of engagement: {{ insert: param, ca-08.02_odp }}.", "parts": [ { "id": "ca-8.2_fr", "name": "item", - "title": "CA-8(2) Additional FedRAMP Requirements and Guidance", + "title": "CM-2 Additional FedRAMP Requirements and Guidance", "parts": [ { "id": "ca-8.2_fr_gdn.1", @@ -30968,23 +26556,6 @@ "id": "ca-8.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-08(02)", @@ -31108,6 +26679,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-09", + "class": "zero-padded" + }, { "name": "label", "value": "CA-9" @@ -31183,11 +26759,6 @@ "id": "ca-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -31199,11 +26770,6 @@ "id": "ca-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -31215,11 +26781,6 @@ "id": "ca-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -31231,11 +26792,6 @@ "id": "ca-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -31265,23 +26821,6 @@ "id": "ca-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-09a.", @@ -31300,17 +26839,6 @@ "id": "ca-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-09b.", @@ -31402,23 +26930,6 @@ "id": "ca-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-09c.", @@ -31437,23 +26948,6 @@ "id": "ca-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-09d.", @@ -31651,6 +27145,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-01", + "class": "zero-padded" + }, { "name": "label", "value": "CM-1" @@ -31722,12 +27221,6 @@ "id": "cm-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -31787,11 +27280,6 @@ "id": "cm-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -31803,12 +27291,6 @@ "id": "cm-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -31873,23 +27355,6 @@ "id": "cm-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[01]", @@ -31908,23 +27373,6 @@ "id": "cm-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[02]", @@ -31943,17 +27391,6 @@ "id": "cm-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[03]", @@ -31972,17 +27409,6 @@ "id": "cm-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[04]", @@ -32012,17 +27438,6 @@ "id": "cm-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.01(a)", @@ -32168,17 +27583,6 @@ "id": "cm-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.01(b)", @@ -32213,23 +27617,6 @@ "id": "cm-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01b.", @@ -32259,23 +27646,6 @@ "id": "cm-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01c.01", @@ -32331,23 +27701,6 @@ "id": "cm-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01c.02", @@ -32496,6 +27849,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2" @@ -32615,11 +27973,6 @@ "id": "cm-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -32631,11 +27984,6 @@ "id": "cm-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -32718,17 +28066,6 @@ "id": "cm-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-02a.", @@ -32795,23 +28132,6 @@ "id": "cm-2_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02b.01", @@ -32830,23 +28150,6 @@ "id": "cm-2_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02b.02", @@ -32865,23 +28168,6 @@ "id": "cm-2_obj.b.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02b.03", @@ -32996,6 +28282,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2(2)" @@ -33042,13 +28333,6 @@ { "id": "cm-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain the currency, completeness, accuracy, and availability of the baseline configuration of the system using {{ insert: param, cm-02.02_odp }}." }, { @@ -33060,23 +28344,6 @@ "id": "cm-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02(02)", @@ -33253,6 +28520,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2(3)" @@ -33287,13 +28559,6 @@ { "id": "cm-2.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Retain {{ insert: param, cm-02.03_odp }} of previous versions of baseline configurations of the system to support rollback." }, { @@ -33305,17 +28570,6 @@ "id": "cm-2.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-02(03)", @@ -33432,6 +28686,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02(07)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2(7)" @@ -33479,11 +28738,6 @@ "id": "cm-2.7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -33495,11 +28749,6 @@ "id": "cm-2.7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -33529,23 +28778,6 @@ "id": "cm-2.7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02(07)(a)", @@ -33564,23 +28796,6 @@ "id": "cm-2.7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02(07)(b)", @@ -33726,6 +28941,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-03", + "class": "zero-padded" + }, { "name": "label", "value": "CM-3" @@ -33865,11 +29085,6 @@ "id": "cm-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -33881,11 +29096,6 @@ "id": "cm-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -33897,11 +29107,6 @@ "id": "cm-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -33913,11 +29118,6 @@ "id": "cm-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -33929,11 +29129,6 @@ "id": "cm-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -33945,11 +29140,6 @@ "id": "cm-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -33961,11 +29151,6 @@ "id": "cm-3_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -34024,23 +29209,6 @@ "id": "cm-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03a.", @@ -34059,23 +29227,6 @@ "id": "cm-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03b.", @@ -34131,23 +29282,6 @@ "id": "cm-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03c.", @@ -34166,17 +29300,6 @@ "id": "cm-3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-03d.", @@ -34195,17 +29318,6 @@ "id": "cm-3_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-03e.", @@ -34224,23 +29336,6 @@ "id": "cm-3_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03f.", @@ -34307,23 +29402,6 @@ "id": "cm-3_obj.g-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03g.[01]", @@ -34342,23 +29420,6 @@ "id": "cm-3_obj.g-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03g.[02]", @@ -34510,6 +29571,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-03(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-3(1)" @@ -34550,11 +29616,6 @@ "id": "cm-3.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -34566,11 +29627,6 @@ "id": "cm-3.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -34582,11 +29638,6 @@ "id": "cm-3.1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -34598,11 +29649,6 @@ "id": "cm-3.1_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -34614,11 +29660,6 @@ "id": "cm-3.1_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(e)" @@ -34630,11 +29671,6 @@ "id": "cm-3.1_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(f)" @@ -34664,23 +29700,6 @@ "id": "cm-3.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(01)(a)", @@ -34699,23 +29718,6 @@ "id": "cm-3.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(01)(b)", @@ -34734,23 +29736,6 @@ "id": "cm-3.1_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(01)(c)", @@ -34769,23 +29754,6 @@ "id": "cm-3.1_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(01)(d)", @@ -34804,23 +29772,6 @@ "id": "cm-3.1_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(01)(e)", @@ -34839,23 +29790,6 @@ "id": "cm-3.1_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(01)(f)", @@ -34951,6 +29885,11 @@ "class": "SP800-53-enhancement", "title": "Testing, Validation, and Documentation of Changes", "props": [ + { + "name": "label", + "value": "CM-03(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-3(2)" @@ -34985,13 +29924,6 @@ { "id": "cm-3.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Test, validate, and document changes to the system before finalizing the implementation of the changes." }, { @@ -35003,23 +29935,6 @@ "id": "cm-3.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(02)", @@ -35200,6 +30115,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-03(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-3(4)" @@ -35229,13 +30149,6 @@ { "id": "cm-3.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require {{ insert: param, cm-3.4_prm_1 }} to be members of the {{ insert: param, cm-03.04_odp.03 }}." }, { @@ -35247,23 +30160,6 @@ "id": "cm-3.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(04)", @@ -35404,6 +30300,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-03(06)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-3(6)" @@ -35437,13 +30338,6 @@ { "id": "cm-3.6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Ensure that cryptographic mechanisms used to provide the following controls are under configuration management: {{ insert: param, cm-03.06_odp }}." }, { @@ -35455,23 +30349,6 @@ "id": "cm-3.6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(06)", @@ -35561,6 +30438,11 @@ "class": "SP800-53", "title": "Impact Analyses", "props": [ + { + "name": "label", + "value": "CM-04", + "class": "zero-padded" + }, { "name": "label", "value": "CM-4" @@ -35643,13 +30525,6 @@ { "id": "cm-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Analyze changes to the system to determine potential security and privacy impacts prior to change implementation." }, { @@ -35661,23 +30536,6 @@ "id": "cm-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04", @@ -35802,6 +30660,11 @@ "class": "SP800-53-enhancement", "title": "Separate Test Environments", "props": [ + { + "name": "label", + "value": "CM-04(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-4(1)" @@ -35844,13 +30707,6 @@ { "id": "cm-4.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Analyze changes to the system in a separate test environment before implementation in an operational environment, looking for security and privacy impacts due to flaws, weaknesses, incompatibility, or intentional malice." }, { @@ -35873,23 +30729,6 @@ "id": "cm-4.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(01)[01]", @@ -35908,23 +30747,6 @@ "id": "cm-4.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(01)[02]", @@ -35943,23 +30765,6 @@ "id": "cm-4.1_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(01)[03]", @@ -35978,23 +30783,6 @@ "id": "cm-4.1_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(01)[04]", @@ -36013,23 +30801,6 @@ "id": "cm-4.1_obj-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(01)[05]", @@ -36048,23 +30819,6 @@ "id": "cm-4.1_obj-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(01)[06]", @@ -36083,23 +30837,6 @@ "id": "cm-4.1_obj-7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(01)[07]", @@ -36118,23 +30855,6 @@ "id": "cm-4.1_obj-8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(01)[08]", @@ -36153,23 +30873,6 @@ "id": "cm-4.1_obj-9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(01)[09]", @@ -36265,6 +30968,11 @@ "class": "SP800-53-enhancement", "title": "Verification of Controls", "props": [ + { + "name": "label", + "value": "CM-04(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-4(2)" @@ -36311,13 +31019,6 @@ { "id": "cm-4.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "After system changes, verify that the impacted controls are implemented correctly, operating as intended, and producing the desired outcome with regard to meeting the security and privacy requirements for the system." }, { @@ -36329,23 +31030,6 @@ "id": "cm-4.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(02)", @@ -36545,9 +31229,9 @@ "title": "Access Restrictions for Change", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-05", + "class": "zero-padded" }, { "name": "label", @@ -36622,13 +31306,6 @@ { "id": "cm-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system." }, { @@ -36640,23 +31317,6 @@ "id": "cm-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-05", @@ -36864,6 +31524,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-5(1)" @@ -36926,11 +31591,6 @@ "id": "cm-5.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -36942,11 +31602,6 @@ "id": "cm-5.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -36976,17 +31631,6 @@ "id": "cm-5.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-05(01)(a)", @@ -37005,23 +31649,6 @@ "id": "cm-5.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-05(01)(b)", @@ -37146,6 +31773,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-05(05)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-5(5)" @@ -37184,11 +31816,6 @@ "id": "cm-5.5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -37200,11 +31827,6 @@ "id": "cm-5.5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -37234,17 +31856,6 @@ "id": "cm-5.5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-05(05)(a)", @@ -37300,23 +31911,6 @@ "id": "cm-5.5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-05(05)(b)", @@ -37481,9 +32075,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-06", + "class": "zero-padded" }, { "name": "label", @@ -37656,11 +32250,6 @@ "id": "cm-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -37672,11 +32261,6 @@ "id": "cm-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -37688,11 +32272,6 @@ "id": "cm-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -37704,11 +32283,6 @@ "id": "cm-6_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -37752,7 +32326,7 @@ "value": "Guidance:" } ], - "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP's Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." + "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP’s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." } ] } @@ -37778,17 +32352,6 @@ "id": "cm-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-06a.", @@ -37807,23 +32370,6 @@ "id": "cm-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06b.", @@ -37842,23 +32388,6 @@ "id": "cm-6_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06c.", @@ -37914,23 +32443,6 @@ "id": "cm-6_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06d.", @@ -38106,9 +32618,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-06(01)", + "class": "zero-padded" }, { "name": "label", @@ -38143,13 +32655,6 @@ { "id": "cm-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Manage, apply, and verify configuration settings for {{ insert: param, cm-06.01_odp.01 }} using {{ insert: param, cm-6.1_prm_2 }}." }, { @@ -38161,17 +32666,6 @@ "id": "cm-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-06(01)", @@ -38335,9 +32829,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-06(02)", + "class": "zero-padded" }, { "name": "label", @@ -38380,13 +32874,6 @@ { "id": "cm-6.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Take the following actions in response to unauthorized changes to {{ insert: param, cm-06.02_odp.02 }}: {{ insert: param, cm-06.02_odp.01 }}." }, { @@ -38398,23 +32885,6 @@ "id": "cm-6.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06(02)", @@ -38565,9 +33035,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-07", + "class": "zero-padded" }, { "name": "label", @@ -38692,11 +33162,6 @@ "id": "cm-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -38708,11 +33173,6 @@ "id": "cm-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -38760,23 +33220,6 @@ "id": "cm-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07a.", @@ -38795,17 +33238,6 @@ "id": "cm-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-07b.", @@ -39058,9 +33490,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-07(01)", + "class": "zero-padded" }, { "name": "label", @@ -39105,11 +33537,6 @@ "id": "cm-7.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -39121,11 +33548,6 @@ "id": "cm-7.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -39155,23 +33577,6 @@ "id": "cm-7.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(01)(a)", @@ -39190,23 +33595,6 @@ "id": "cm-7.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(01)(b)", @@ -39415,9 +33803,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-07(02)", + "class": "zero-padded" }, { "name": "label", @@ -39468,13 +33856,6 @@ { "id": "cm-7.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent program execution in accordance with {{ insert: param, cm-07.02_odp.01 }}.", "parts": [ { @@ -39506,17 +33887,6 @@ "id": "cm-7.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(02)", @@ -39630,9 +34000,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-07(05)", + "class": "zero-padded" }, { "name": "label", @@ -39709,11 +34079,6 @@ "id": "cm-7.5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -39725,11 +34090,6 @@ "id": "cm-7.5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -39741,11 +34101,6 @@ "id": "cm-7.5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -39775,23 +34130,6 @@ "id": "cm-7.5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(05)(a)", @@ -39810,17 +34148,6 @@ "id": "cm-7.5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(05)(b)", @@ -39839,23 +34166,6 @@ "id": "cm-7.5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(05)(c)", @@ -39979,9 +34289,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-08", + "class": "zero-padded" }, { "name": "label", @@ -40114,11 +34424,6 @@ "id": "cm-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -40187,11 +34492,6 @@ "id": "cm-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -40250,23 +34550,6 @@ "id": "cm-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.01", @@ -40285,23 +34568,6 @@ "id": "cm-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.02", @@ -40320,23 +34586,6 @@ "id": "cm-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.03", @@ -40355,23 +34604,6 @@ "id": "cm-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.04", @@ -40390,23 +34622,6 @@ "id": "cm-8_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.05", @@ -40433,23 +34648,6 @@ "id": "cm-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08b.", @@ -40545,6 +34743,11 @@ "class": "SP800-53-enhancement", "title": "Updates During Installation and Removal", "props": [ + { + "name": "label", + "value": "CM-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-8(1)" @@ -40583,13 +34786,6 @@ { "id": "cm-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Update the inventory of system components as part of component installations, removals, and system updates." }, { @@ -40601,23 +34797,6 @@ "id": "cm-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08(01)", @@ -40802,6 +34981,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-08(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-8(2)" @@ -40836,13 +35020,6 @@ { "id": "cm-8.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain the currency, completeness, accuracy, and availability of the inventory of system components using {{ insert: param, cm-8.2_prm_1 }}." }, { @@ -40854,23 +35031,6 @@ "id": "cm-8.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08(02)", @@ -41103,6 +35263,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-08(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-8(3)" @@ -41178,11 +35343,6 @@ "id": "cm-8.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -41194,11 +35354,6 @@ "id": "cm-8.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -41228,17 +35383,6 @@ "id": "cm-8.3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-08(03)(a)", @@ -41312,17 +35456,6 @@ "id": "cm-8.3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-08(03)(b)", @@ -41491,6 +35624,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-08(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-8(4)" @@ -41529,13 +35667,6 @@ { "id": "cm-8.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Include in the system component inventory information, a means for identifying by {{ insert: param, cm-08.04_odp }} , individuals responsible and accountable for administering those components." }, { @@ -41547,23 +35678,6 @@ "id": "cm-8.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08(04)", @@ -41664,6 +35778,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-09", + "class": "zero-padded" + }, { "name": "label", "value": "CM-9" @@ -41735,11 +35854,6 @@ "id": "cm-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -41751,11 +35865,6 @@ "id": "cm-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -41767,11 +35876,6 @@ "id": "cm-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -41783,11 +35887,6 @@ "id": "cm-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -41799,11 +35898,6 @@ "id": "cm-9_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -41833,17 +35927,6 @@ "id": "cm-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09", @@ -41891,17 +35974,6 @@ "id": "cm-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09a.", @@ -41986,23 +36058,6 @@ "id": "cm-9_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-09b.[01]", @@ -42021,17 +36076,6 @@ "id": "cm-9_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09b.[02]", @@ -42069,17 +36113,6 @@ "id": "cm-9_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09c.[01]", @@ -42098,17 +36131,6 @@ "id": "cm-9_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09c.[02]", @@ -42135,23 +36157,6 @@ "id": "cm-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-09d.", @@ -42170,17 +36175,6 @@ "id": "cm-9_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-09e.", @@ -42313,6 +36307,11 @@ "class": "SP800-53", "title": "Software Usage Restrictions", "props": [ + { + "name": "label", + "value": "CM-10", + "class": "zero-padded" + }, { "name": "label", "value": "CM-10" @@ -42367,11 +36366,6 @@ "id": "cm-10_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -42383,11 +36377,6 @@ "id": "cm-10_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -42399,11 +36388,6 @@ "id": "cm-10_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -42433,23 +36417,6 @@ "id": "cm-10_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-10a.", @@ -42468,23 +36435,6 @@ "id": "cm-10_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-10b.", @@ -42503,23 +36453,6 @@ "id": "cm-10_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-10c.", @@ -42649,6 +36582,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-11", + "class": "zero-padded" + }, { "name": "label", "value": "CM-11" @@ -42723,11 +36661,6 @@ "id": "cm-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -42739,11 +36672,6 @@ "id": "cm-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -42755,11 +36683,6 @@ "id": "cm-11_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -42789,23 +36712,6 @@ "id": "cm-11_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-11a.", @@ -42824,23 +36730,6 @@ "id": "cm-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-11b.", @@ -42859,17 +36748,6 @@ "id": "cm-11_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-11c.", @@ -42976,6 +36854,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-12", + "class": "zero-padded" + }, { "name": "label", "value": "CM-12" @@ -43087,11 +36970,6 @@ "id": "cm-12_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -43103,11 +36981,6 @@ "id": "cm-12_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -43119,11 +36992,6 @@ "id": "cm-12_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -43182,23 +37050,6 @@ "id": "cm-12_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12a.[01]", @@ -43217,23 +37068,6 @@ "id": "cm-12_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12a.[02]", @@ -43252,23 +37086,6 @@ "id": "cm-12_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12a.[03]", @@ -43295,23 +37112,6 @@ "id": "cm-12_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12b.", @@ -43367,23 +37167,6 @@ "id": "cm-12_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12c.", @@ -43541,6 +37324,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-12(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-12(1)" @@ -43575,13 +37363,6 @@ { "id": "cm-12.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Use automated tools to identify {{ insert: param, cm-12.01_odp.01 }} on {{ insert: param, cm-12.01_odp.02 }} to ensure controls are in place to protect organizational information and individual privacy.", "parts": [ { @@ -43613,17 +37394,6 @@ "id": "cm-12.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-12(01)", @@ -43737,6 +37507,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-14", + "class": "zero-padded" + }, { "name": "label", "value": "CM-14" @@ -43792,13 +37567,6 @@ { "id": "cm-14_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent the installation of {{ insert: param, cm-14_prm_1 }} without verification that the component has been digitally signed using a certificate that is recognized and approved by the organization.", "parts": [ { @@ -43823,23 +37591,6 @@ "id": "cm-14_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-14", @@ -44066,6 +37817,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-01", + "class": "zero-padded" + }, { "name": "label", "value": "CP-1" @@ -44137,12 +37893,6 @@ "id": "cp-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -44202,11 +37952,6 @@ "id": "cp-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -44218,12 +37963,6 @@ "id": "cp-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -44288,23 +38027,6 @@ "id": "cp-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[01]", @@ -44323,23 +38045,6 @@ "id": "cp-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[02]", @@ -44358,17 +38063,6 @@ "id": "cp-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[03]", @@ -44387,17 +38081,6 @@ "id": "cp-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[04]", @@ -44427,17 +38110,6 @@ "id": "cp-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.01(a)", @@ -44583,17 +38255,6 @@ "id": "cp-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.01(b)", @@ -44628,23 +38289,6 @@ "id": "cp-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01b.", @@ -44674,23 +38318,6 @@ "id": "cp-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01c.01", @@ -44746,23 +38373,6 @@ "id": "cp-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01c.02", @@ -44963,6 +38573,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-02", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2" @@ -45101,11 +38716,6 @@ "id": "cp-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -45196,11 +38806,6 @@ "id": "cp-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -45212,11 +38817,6 @@ "id": "cp-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -45228,11 +38828,6 @@ "id": "cp-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -45244,11 +38839,6 @@ "id": "cp-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -45260,11 +38850,6 @@ "id": "cp-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -45276,11 +38861,6 @@ "id": "cp-2_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -45292,11 +38872,6 @@ "id": "cp-2_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -45366,17 +38941,6 @@ "id": "cp-2_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.01", @@ -45395,17 +38959,6 @@ "id": "cp-2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.02", @@ -45479,17 +39032,6 @@ "id": "cp-2_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.03", @@ -45563,17 +39105,6 @@ "id": "cp-2_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.04", @@ -45592,17 +39123,6 @@ "id": "cp-2_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.05", @@ -45621,17 +39141,6 @@ "id": "cp-2_obj.a.6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.06", @@ -45650,17 +39159,6 @@ "id": "cp-2_obj.a.7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.07", @@ -45735,23 +39233,6 @@ "id": "cp-2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02b.[01]", @@ -45770,23 +39251,6 @@ "id": "cp-2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02b.[02]", @@ -45813,23 +39277,6 @@ "id": "cp-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02c.", @@ -45848,23 +39295,6 @@ "id": "cp-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02d.", @@ -45894,23 +39324,6 @@ "id": "cp-2_obj.e-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02e.[01]", @@ -45929,23 +39342,6 @@ "id": "cp-2_obj.e-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02e.[02]", @@ -45972,23 +39368,6 @@ "id": "cp-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02f.", @@ -46044,29 +39423,6 @@ "id": "cp-2_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-02g.", @@ -46122,29 +39478,6 @@ "id": "cp-2_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-02h.", @@ -46277,6 +39610,11 @@ "class": "SP800-53-enhancement", "title": "Coordinate with Related Plans", "props": [ + { + "name": "label", + "value": "CP-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2(1)" @@ -46306,13 +39644,6 @@ { "id": "cp-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Coordinate contingency plan development with organizational elements responsible for related plans." }, { @@ -46324,23 +39655,6 @@ "id": "cp-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02(01)", @@ -46406,6 +39720,11 @@ "class": "SP800-53-enhancement", "title": "Capacity Planning", "props": [ + { + "name": "label", + "value": "CP-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2(2)" @@ -46459,13 +39778,6 @@ { "id": "cp-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Conduct capacity planning so that necessary capacity for information processing, telecommunications, and environmental support exists during contingency operations." }, { @@ -46477,29 +39789,6 @@ "id": "cp-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-02(02)", @@ -46650,6 +39939,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2(3)" @@ -46679,13 +39973,6 @@ { "id": "cp-2.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Plan for the resumption of {{ insert: param, cp-02.03_odp.01 }} mission and business functions within {{ insert: param, cp-02.03_odp.02 }} of contingency plan activation." }, { @@ -46697,23 +39984,6 @@ "id": "cp-2.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02(03)", @@ -46817,6 +40087,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-02(05)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2(5)" @@ -46846,13 +40121,6 @@ { "id": "cp-2.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Plan for the continuance of {{ insert: param, cp-02.05_odp }} mission and business functions with minimal or no loss of operational continuity and sustains that continuity until full system restoration at primary processing and/or storage sites." }, { @@ -46875,29 +40143,6 @@ "id": "cp-2.5_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-02(05)[01]", @@ -46916,29 +40161,6 @@ "id": "cp-2.5_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-02(05)[02]", @@ -47045,6 +40267,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-02(08)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2(8)" @@ -47082,13 +40309,6 @@ { "id": "cp-2.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify critical system assets supporting {{ insert: param, cp-02.08_odp }} mission and business functions." }, { @@ -47100,23 +40320,6 @@ "id": "cp-2.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02(08)", @@ -47237,6 +40440,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-03", + "class": "zero-padded" + }, { "name": "label", "value": "CP-3" @@ -47312,11 +40520,6 @@ "id": "cp-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -47363,11 +40566,6 @@ "id": "cp-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -47426,23 +40624,6 @@ "id": "cp-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-03a.01", @@ -47461,23 +40642,6 @@ "id": "cp-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03a.02", @@ -47496,23 +40660,6 @@ "id": "cp-3_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03a.03", @@ -47550,23 +40697,6 @@ "id": "cp-3_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03b.[01]", @@ -47585,23 +40715,6 @@ "id": "cp-3_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03b.[02]", @@ -47705,6 +40818,11 @@ "class": "SP800-53-enhancement", "title": "Simulated Events", "props": [ + { + "name": "label", + "value": "CP-03(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-3(1)" @@ -47739,13 +40857,6 @@ { "id": "cp-3.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Incorporate simulated events into contingency training to facilitate effective response by personnel in crisis situations." }, { @@ -47757,29 +40868,6 @@ "id": "cp-3.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03(01)", @@ -47913,9 +41001,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CP-04", + "class": "zero-padded" }, { "name": "label", @@ -48008,11 +41096,6 @@ "id": "cp-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -48024,11 +41107,6 @@ "id": "cp-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -48040,11 +41118,6 @@ "id": "cp-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -48114,29 +41187,6 @@ "id": "cp-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04a.[01]", @@ -48155,29 +41205,6 @@ "id": "cp-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04a.[02]", @@ -48196,29 +41223,6 @@ "id": "cp-4_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04a.[03]", @@ -48245,23 +41249,6 @@ "id": "cp-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04b.", @@ -48280,23 +41267,6 @@ "id": "cp-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04c.", @@ -48392,6 +41362,11 @@ "class": "SP800-53-enhancement", "title": "Coordinate with Related Plans", "props": [ + { + "name": "label", + "value": "CP-04(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-4(1)" @@ -48434,13 +41409,6 @@ { "id": "cp-4.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Coordinate contingency plan testing with organizational elements responsible for related plans." }, { @@ -48452,29 +41420,6 @@ "id": "cp-4.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04(01)", @@ -48540,6 +41485,11 @@ "class": "SP800-53-enhancement", "title": "Alternate Processing Site", "props": [ + { + "name": "label", + "value": "CP-04(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-4(2)" @@ -48584,11 +41534,6 @@ "id": "cp-4.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -48600,11 +41545,6 @@ "id": "cp-4.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -48634,29 +41574,6 @@ "id": "cp-4.2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04(02)(a)", @@ -48675,29 +41592,6 @@ "id": "cp-4.2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04(02)(b)", @@ -48795,6 +41689,11 @@ "class": "SP800-53", "title": "Alternate Storage Site", "props": [ + { + "name": "label", + "value": "CP-06", + "class": "zero-padded" + }, { "name": "label", "value": "CP-6" @@ -48869,11 +41768,6 @@ "id": "cp-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -48885,11 +41779,6 @@ "id": "cp-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -48930,29 +41819,6 @@ "id": "cp-6_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-06a.[01]", @@ -48971,29 +41837,6 @@ "id": "cp-6_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-06a.[02]", @@ -49020,29 +41863,6 @@ "id": "cp-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-06b.", @@ -49138,6 +41958,11 @@ "class": "SP800-53-enhancement", "title": "Separation from Primary Site", "props": [ + { + "name": "label", + "value": "CP-06(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-6(1)" @@ -49171,13 +41996,6 @@ { "id": "cp-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify an alternate storage site that is sufficiently separated from the primary storage site to reduce susceptibility to the same threats." }, { @@ -49189,29 +42007,6 @@ "id": "cp-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-06(01)", @@ -49277,6 +42072,11 @@ "class": "SP800-53-enhancement", "title": "Recovery Time and Recovery Point Objectives", "props": [ + { + "name": "label", + "value": "CP-06(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-6(2)" @@ -49306,13 +42106,6 @@ { "id": "cp-6.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Configure the alternate storage site to facilitate recovery operations in accordance with recovery time and recovery point objectives." }, { @@ -49324,29 +42117,6 @@ "id": "cp-6.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-06(02)", @@ -49471,6 +42241,11 @@ "class": "SP800-53-enhancement", "title": "Accessibility", "props": [ + { + "name": "label", + "value": "CP-06(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-6(3)" @@ -49504,13 +42279,6 @@ { "id": "cp-6.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outline explicit mitigation actions." }, { @@ -49533,23 +42301,6 @@ "id": "cp-6.3_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-06(03)[01]", @@ -49568,23 +42319,6 @@ "id": "cp-6.3_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-06(03)[02]", @@ -49680,6 +42414,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-07", + "class": "zero-padded" + }, { "name": "label", "value": "CP-7" @@ -49762,11 +42501,6 @@ "id": "cp-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -49778,11 +42512,6 @@ "id": "cp-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -49794,11 +42523,6 @@ "id": "cp-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -49846,29 +42570,6 @@ "id": "cp-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-07a.", @@ -49898,29 +42599,6 @@ "id": "cp-7_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-07b.[01]", @@ -49939,29 +42617,6 @@ "id": "cp-7_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-07b.[02]", @@ -49988,29 +42643,6 @@ "id": "cp-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-07c.", @@ -50106,6 +42738,11 @@ "class": "SP800-53-enhancement", "title": "Separation from Primary Site", "props": [ + { + "name": "label", + "value": "CP-07(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-7(1)" @@ -50139,13 +42776,6 @@ { "id": "cp-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats.", "parts": [ { @@ -50177,23 +42807,6 @@ "id": "cp-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-07(01)", @@ -50259,6 +42872,11 @@ "class": "SP800-53-enhancement", "title": "Accessibility", "props": [ + { + "name": "label", + "value": "CP-07(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-7(2)" @@ -50292,13 +42910,6 @@ { "id": "cp-7.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify potential accessibility problems to alternate processing sites in the event of an area-wide disruption or disaster and outlines explicit mitigation actions." }, { @@ -50321,23 +42932,6 @@ "id": "cp-7.2_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-07(02)[01]", @@ -50356,23 +42950,6 @@ "id": "cp-7.2_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-07(02)[02]", @@ -50446,6 +43023,11 @@ "class": "SP800-53-enhancement", "title": "Priority of Service", "props": [ + { + "name": "label", + "value": "CP-07(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-7(3)" @@ -50475,13 +43057,6 @@ { "id": "cp-7.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Develop alternate processing site agreements that contain priority-of-service provisions in accordance with availability requirements (including recovery time objectives)." }, { @@ -50493,23 +43068,6 @@ "id": "cp-7.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-07(03)", @@ -50575,6 +43133,11 @@ "class": "SP800-53-enhancement", "title": "Preparation for Use", "props": [ + { + "name": "label", + "value": "CP-07(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-7(4)" @@ -50616,13 +43179,6 @@ { "id": "cp-7.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prepare the alternate processing site so that the site can serve as the operational site supporting essential mission and business functions." }, { @@ -50634,29 +43190,6 @@ "id": "cp-7.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-07(04)", @@ -50766,6 +43299,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-08", + "class": "zero-padded" + }, { "name": "label", "value": "CP-8" @@ -50815,13 +43353,6 @@ { "id": "cp-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish alternate telecommunications services, including necessary agreements to permit the resumption of {{ insert: param, cp-08_odp.01 }} for essential mission and business functions within {{ insert: param, cp-08_odp.02 }} when the primary telecommunications capabilities are unavailable at either the primary or alternate processing or storage sites.", "parts": [ { @@ -50853,29 +43384,6 @@ "id": "cp-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-08", @@ -50963,6 +43471,11 @@ "class": "SP800-53-enhancement", "title": "Priority of Service Provisions", "props": [ + { + "name": "label", + "value": "CP-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-8(1)" @@ -50997,11 +43510,6 @@ "id": "cp-8.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -51013,11 +43521,6 @@ "id": "cp-8.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -51047,29 +43550,6 @@ "id": "cp-8.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(01)(a)", @@ -51125,29 +43605,6 @@ "id": "cp-8.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(01)(b)", @@ -51243,6 +43700,11 @@ "class": "SP800-53-enhancement", "title": "Single Points of Failure", "props": [ + { + "name": "label", + "value": "CP-08(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-8(2)" @@ -51272,13 +43734,6 @@ { "id": "cp-8.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Obtain alternate telecommunications services to reduce the likelihood of sharing a single point of failure with primary telecommunications services." }, { @@ -51290,23 +43745,6 @@ "id": "cp-8.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(02)", @@ -51372,6 +43810,11 @@ "class": "SP800-53-enhancement", "title": "Separation of Primary and Alternate Providers", "props": [ + { + "name": "label", + "value": "CP-08(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-8(3)" @@ -51401,13 +43844,6 @@ { "id": "cp-8.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Obtain alternate telecommunications services from providers that are separated from primary service providers to reduce susceptibility to the same threats." }, { @@ -51419,23 +43855,6 @@ "id": "cp-8.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(03)", @@ -51530,6 +43949,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-08(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-8(4)" @@ -51572,11 +43996,6 @@ "id": "cp-8.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -51588,11 +44007,6 @@ "id": "cp-8.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -51604,11 +44018,6 @@ "id": "cp-8.4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -51638,23 +44047,6 @@ "id": "cp-8.4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(04)(a)", @@ -51710,23 +44102,6 @@ "id": "cp-8.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(04)(b)", @@ -51745,23 +44120,6 @@ "id": "cp-8.4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(04)(c)", @@ -51927,6 +44285,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9" @@ -52017,11 +44380,6 @@ "id": "cp-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -52033,11 +44391,6 @@ "id": "cp-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -52049,11 +44402,6 @@ "id": "cp-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -52065,11 +44413,6 @@ "id": "cp-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -52150,29 +44493,6 @@ "id": "cp-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09a.", @@ -52191,29 +44511,6 @@ "id": "cp-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09b.", @@ -52232,29 +44529,6 @@ "id": "cp-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09c.", @@ -52273,23 +44547,6 @@ "id": "cp-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09d.", @@ -52469,6 +44726,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9(1)" @@ -52502,13 +44764,6 @@ { "id": "cp-9.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Test backup information {{ insert: param, cp-9.1_prm_1 }} to verify media reliability and information integrity." }, { @@ -52520,29 +44775,6 @@ "id": "cp-9.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09(01)", @@ -52667,6 +44899,11 @@ "class": "SP800-53-enhancement", "title": "Test Restoration Using Sampling", "props": [ + { + "name": "label", + "value": "CP-09(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9(2)" @@ -52700,13 +44937,6 @@ { "id": "cp-9.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Use a sample of backup information in the restoration of selected system functions as part of contingency plan testing." }, { @@ -52718,23 +44948,6 @@ "id": "cp-9.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09(02)", @@ -52833,6 +45046,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9(3)" @@ -52874,13 +45092,6 @@ { "id": "cp-9.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Store backup copies of {{ insert: param, cp-09.03_odp }} in a separate facility or in a fire rated container that is not collocated with the operational system." }, { @@ -52892,29 +45103,6 @@ "id": "cp-9.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09(03)", @@ -53009,6 +45197,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09(05)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9(5)" @@ -53054,13 +45247,6 @@ { "id": "cp-9.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Transfer system backup information to the alternate storage site {{ insert: param, cp-9.5_prm_1 }}." }, { @@ -53083,29 +45269,6 @@ "id": "cp-9.5_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09(05)[01]", @@ -53124,29 +45287,6 @@ "id": "cp-9.5_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09(05)[02]", @@ -53258,6 +45398,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09(08)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9(8)" @@ -53299,13 +45444,6 @@ { "id": "cp-9.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of {{ insert: param, cp-09.08_odp }}.", "parts": [ { @@ -53337,29 +45475,6 @@ "id": "cp-9.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09(08)", @@ -53473,6 +45588,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-10", + "class": "zero-padded" + }, { "name": "label", "value": "CP-10" @@ -53538,13 +45658,6 @@ { "id": "cp-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide for the recovery and reconstitution of the system to a known state within {{ insert: param, cp-10_prm_1 }} after a disruption, compromise, or failure." }, { @@ -53556,29 +45669,6 @@ "id": "cp-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-10", @@ -53703,6 +45793,11 @@ "class": "SP800-53-enhancement", "title": "Transaction Recovery", "props": [ + { + "name": "label", + "value": "CP-10(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-10(2)" @@ -53732,13 +45827,6 @@ { "id": "cp-10.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement transaction recovery for systems that are transaction-based." }, { @@ -53750,29 +45838,6 @@ "id": "cp-10.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-10(02)", @@ -53876,6 +45941,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-10(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-10(4)" @@ -53913,13 +45983,6 @@ { "id": "cp-10.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide the capability to restore system components within {{ insert: param, cp-10.04_odp }} from configuration-controlled and integrity-protected information representing a known, operational state for the components." }, { @@ -53931,29 +45994,6 @@ "id": "cp-10.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-10(04)", @@ -54145,6 +46185,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-01", + "class": "zero-padded" + }, { "name": "label", "value": "IA-1" @@ -54240,12 +46285,6 @@ "id": "ia-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -54305,11 +46344,6 @@ "id": "ia-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -54321,12 +46355,6 @@ "id": "ia-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -54391,23 +46419,6 @@ "id": "ia-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[01]", @@ -54426,23 +46437,6 @@ "id": "ia-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[02]", @@ -54461,17 +46455,6 @@ "id": "ia-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[03]", @@ -54490,17 +46473,6 @@ "id": "ia-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[04]", @@ -54530,17 +46502,6 @@ "id": "ia-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.01(a)", @@ -54686,17 +46647,6 @@ "id": "ia-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.01(b)", @@ -54731,23 +46681,6 @@ "id": "ia-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01b.", @@ -54777,23 +46710,6 @@ "id": "ia-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01c.01", @@ -54849,23 +46765,6 @@ "id": "ia-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01c.02", @@ -54985,9 +46884,9 @@ "title": "Identification and Authentication (Organizational Users)", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02", + "class": "zero-padded" }, { "name": "label", @@ -55159,13 +47058,6 @@ { "id": "ia-2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.", "parts": [ { @@ -55241,29 +47133,6 @@ "id": "ia-2_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02[01]", @@ -55282,29 +47151,6 @@ "id": "ia-2_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02[02]", @@ -55401,9 +47247,9 @@ "title": "Multi-factor Authentication to Privileged Accounts", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(01)", + "class": "zero-padded" }, { "name": "label", @@ -55442,13 +47288,6 @@ { "id": "ia-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement multi-factor authentication for access to privileged accounts.", "parts": [ { @@ -55502,17 +47341,6 @@ "id": "ia-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(01)", @@ -55601,9 +47429,9 @@ "title": "Multi-factor Authentication to Non-privileged Accounts", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(02)", + "class": "zero-padded" }, { "name": "label", @@ -55638,13 +47466,6 @@ { "id": "ia-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement multi-factor authentication for access to non-privileged accounts.", "parts": [ { @@ -55698,17 +47519,6 @@ "id": "ia-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(02)", @@ -55797,9 +47607,9 @@ "title": "Individual Authentication with Group Authentication", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(05)", + "class": "zero-padded" }, { "name": "label", @@ -55835,13 +47645,6 @@ { "id": "ia-2.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "When shared accounts or authenticators are employed, require users to be individually authenticated before granting access to the shared accounts or resources." }, { @@ -55853,17 +47656,6 @@ "id": "ia-2.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(05)", @@ -55999,9 +47791,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(06)", + "class": "zero-padded" }, { "name": "label", @@ -56042,11 +47834,6 @@ "id": "ia-2.6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -56058,11 +47845,6 @@ "id": "ia-2.6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -56121,23 +47903,6 @@ "id": "ia-2.6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(06)(a)", @@ -56156,23 +47921,6 @@ "id": "ia-2.6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(06)(b)", @@ -56286,9 +48034,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(08)", + "class": "zero-padded" }, { "name": "label", @@ -56319,13 +48067,6 @@ { "id": "ia-2.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement replay-resistant authentication mechanisms for access to {{ insert: param, ia-02.08_odp }}." }, { @@ -56337,23 +48078,6 @@ "id": "ia-2.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(08)", @@ -56442,9 +48166,9 @@ "title": "Acceptance of PIV Credentials", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(12)", + "class": "zero-padded" }, { "name": "label", @@ -56475,13 +48199,6 @@ { "id": "ia-2.12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Accept and electronically verify Personal Identity Verification-compliant credentials.", "parts": [ { @@ -56513,23 +48230,6 @@ "id": "ia-2.12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(12)", @@ -56641,6 +48341,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-03", + "class": "zero-padded" + }, { "name": "label", "value": "IA-3" @@ -56714,13 +48419,6 @@ { "id": "ia-3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Uniquely identify and authenticate {{ insert: param, ia-03_odp.01 }} before establishing a {{ insert: param, ia-03_odp.02 }} connection." }, { @@ -56732,23 +48430,6 @@ "id": "ia-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-03", @@ -56867,9 +48548,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-04", + "class": "zero-padded" }, { "name": "label", @@ -56990,11 +48671,6 @@ "id": "ia-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -57006,11 +48682,6 @@ "id": "ia-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -57022,11 +48693,6 @@ "id": "ia-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -57038,11 +48704,6 @@ "id": "ia-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -57072,23 +48733,6 @@ "id": "ia-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04a.", @@ -57107,23 +48751,6 @@ "id": "ia-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04b.", @@ -57142,23 +48769,6 @@ "id": "ia-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04c.", @@ -57177,23 +48787,6 @@ "id": "ia-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04d.", @@ -57305,6 +48898,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-04(04)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-4(4)" @@ -57334,13 +48932,6 @@ { "id": "ia-4.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Manage individual identifiers by uniquely identifying each individual as {{ insert: param, ia-04.04_odp }}." }, { @@ -57352,23 +48943,6 @@ "id": "ia-4.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04(04)", @@ -57479,9 +49053,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-05", + "class": "zero-padded" }, { "name": "label", @@ -57623,11 +49197,6 @@ "id": "ia-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -57639,11 +49208,6 @@ "id": "ia-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -57655,11 +49219,6 @@ "id": "ia-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -57671,11 +49230,6 @@ "id": "ia-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -57687,11 +49241,6 @@ "id": "ia-5_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -57703,11 +49252,6 @@ "id": "ia-5_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -57719,11 +49263,6 @@ "id": "ia-5_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -57735,11 +49274,6 @@ "id": "ia-5_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -57751,11 +49285,6 @@ "id": "ia-5_smt.i", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "i." @@ -57814,23 +49343,6 @@ "id": "ia-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05a.", @@ -57849,23 +49361,6 @@ "id": "ia-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05b.", @@ -57884,23 +49379,6 @@ "id": "ia-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05c.", @@ -57919,23 +49397,6 @@ "id": "ia-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05d.", @@ -57954,23 +49415,6 @@ "id": "ia-5_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05e.", @@ -57989,23 +49433,6 @@ "id": "ia-5_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05f.", @@ -58024,23 +49451,6 @@ "id": "ia-5_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05g.", @@ -58070,23 +49480,6 @@ "id": "ia-5_obj.h-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05h.[01]", @@ -58105,23 +49498,6 @@ "id": "ia-5_obj.h-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05h.[02]", @@ -58148,23 +49524,6 @@ "id": "ia-5_obj.i", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05i.", @@ -58280,6 +49639,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(1)" @@ -58324,11 +49688,6 @@ "id": "ia-5.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -58340,11 +49699,6 @@ "id": "ia-5.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -58356,11 +49710,6 @@ "id": "ia-5.1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -58372,11 +49721,6 @@ "id": "ia-5.1_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -58388,11 +49732,6 @@ "id": "ia-5.1_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(e)" @@ -58404,11 +49743,6 @@ "id": "ia-5.1_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(f)" @@ -58420,11 +49754,6 @@ "id": "ia-5.1_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(g)" @@ -58436,11 +49765,6 @@ "id": "ia-5.1_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(h)" @@ -58473,7 +49797,7 @@ "value": "(h) Requirement:" } ], - "prose": "For cases where technology doesn't allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." + "prose": "For cases where technology doesn’t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." }, { "id": "ia-5.1_fr_gdn.1", @@ -58510,23 +49834,6 @@ "id": "ia-5.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(a)", @@ -58545,23 +49852,6 @@ "id": "ia-5.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(b)", @@ -58580,17 +49870,6 @@ "id": "ia-5.1_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(c)", @@ -58609,17 +49888,6 @@ "id": "ia-5.1_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(d)", @@ -58638,17 +49906,6 @@ "id": "ia-5.1_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(e)", @@ -58667,17 +49924,6 @@ "id": "ia-5.1_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(f)", @@ -58696,17 +49942,6 @@ "id": "ia-5.1_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(g)", @@ -58725,23 +49960,6 @@ "id": "ia-5.1_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(h)", @@ -58837,6 +50055,11 @@ "class": "SP800-53-enhancement", "title": "Public Key-based Authentication", "props": [ + { + "name": "label", + "value": "IA-05(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(2)" @@ -58879,11 +50102,6 @@ "id": "ia-5.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -58919,11 +50137,6 @@ "id": "ia-5.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -58988,17 +50201,6 @@ "id": "ia-5.2_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(02)(a)(01)", @@ -59017,17 +50219,6 @@ "id": "ia-5.2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(02)(a)(02)", @@ -59065,17 +50256,6 @@ "id": "ia-5.2_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(02)(b)(01)", @@ -59094,17 +50274,6 @@ "id": "ia-5.2_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(02)(b)(02)", @@ -59208,6 +50377,11 @@ "class": "SP800-53-enhancement", "title": "Protection of Authenticators", "props": [ + { + "name": "label", + "value": "IA-05(06)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(6)" @@ -59241,13 +50415,6 @@ { "id": "ia-5.6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect authenticators commensurate with the security category of the information to which use of the authenticator permits access." }, { @@ -59259,17 +50426,6 @@ "id": "ia-5.6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(06)", @@ -59357,6 +50513,11 @@ "class": "SP800-53-enhancement", "title": "No Embedded Unencrypted Static Authenticators", "props": [ + { + "name": "label", + "value": "IA-05(07)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(7)" @@ -59386,13 +50547,6 @@ { "id": "ia-5.7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Ensure that unencrypted static authenticators are not embedded in applications or other forms of static storage.", "parts": [ { @@ -59424,17 +50578,6 @@ "id": "ia-5.7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(07)", @@ -59538,6 +50681,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-05(08)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(8)" @@ -59571,13 +50719,6 @@ { "id": "ia-5.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement {{ insert: param, ia-05.08_odp }} to manage the risk of compromise due to individuals having accounts on multiple systems.", "parts": [ { @@ -59609,23 +50750,6 @@ "id": "ia-5.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(08)", @@ -59724,6 +50848,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-05(13)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(13)" @@ -59753,13 +50882,6 @@ { "id": "ia-5.13_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prohibit the use of cached authenticators after {{ insert: param, ia-05.13_odp }}.", "parts": [ { @@ -59791,23 +50913,6 @@ "id": "ia-5.13_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(13)", @@ -59897,6 +51002,11 @@ "class": "SP800-53", "title": "Authentication Feedback", "props": [ + { + "name": "label", + "value": "IA-06", + "class": "zero-padded" + }, { "name": "label", "value": "IA-6" @@ -59926,13 +51036,6 @@ { "id": "ia-6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals." }, { @@ -59944,17 +51047,6 @@ "id": "ia-6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-06", @@ -60042,6 +51134,11 @@ "class": "SP800-53", "title": "Cryptographic Module Authentication", "props": [ + { + "name": "label", + "value": "IA-07", + "class": "zero-padded" + }, { "name": "label", "value": "IA-7" @@ -60091,13 +51188,6 @@ { "id": "ia-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication." }, { @@ -60109,29 +51199,6 @@ "id": "ia-7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-07", @@ -60219,6 +51286,11 @@ "class": "SP800-53", "title": "Identification and Authentication (Non-organizational Users)", "props": [ + { + "name": "label", + "value": "IA-08", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8" @@ -60336,13 +51408,6 @@ { "id": "ia-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users." }, { @@ -60354,17 +51419,6 @@ "id": "ia-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08", @@ -60452,6 +51506,11 @@ "class": "SP800-53-enhancement", "title": "Acceptance of PIV Credentials from Other Agencies", "props": [ + { + "name": "label", + "value": "IA-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(1)" @@ -60485,13 +51544,6 @@ { "id": "ia-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Accept and electronically verify Personal Identity Verification-compliant credentials from other federal agencies." }, { @@ -60503,17 +51555,6 @@ "id": "ia-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(01)", @@ -60638,6 +51679,11 @@ "class": "SP800-53-enhancement", "title": "Acceptance of External Authenticators", "props": [ + { + "name": "label", + "value": "IA-08(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(2)" @@ -60672,11 +51718,6 @@ "id": "ia-8.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -60688,11 +51729,6 @@ "id": "ia-8.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -60722,17 +51758,6 @@ "id": "ia-8.2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(02)(a)", @@ -60751,23 +51776,6 @@ "id": "ia-8.2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(02)(b)", @@ -60911,6 +51919,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-08(04)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(4)" @@ -60940,13 +51953,6 @@ { "id": "ia-8.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Conform to the following profiles for identity management {{ insert: param, ia-08.04_odp }}." }, { @@ -60958,29 +51964,6 @@ "id": "ia-8.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(04)", @@ -61081,6 +52064,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-11", + "class": "zero-padded" + }, { "name": "label", "value": "IA-11" @@ -61135,13 +52123,6 @@ { "id": "ia-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require users to re-authenticate when {{ insert: param, ia-11_odp }}.", "parts": [ { @@ -61173,29 +52154,6 @@ "id": "ia-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-11", @@ -61283,6 +52241,11 @@ "class": "SP800-53", "title": "Identity Proofing", "props": [ + { + "name": "label", + "value": "IA-12", + "class": "zero-padded" + }, { "name": "label", "value": "IA-12" @@ -61365,11 +52328,6 @@ "id": "ia-12_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -61381,11 +52339,6 @@ "id": "ia-12_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -61397,11 +52350,6 @@ "id": "ia-12_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -61449,29 +52397,6 @@ "id": "ia-12_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12a.", @@ -61490,23 +52415,6 @@ "id": "ia-12_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12b.", @@ -61525,23 +52433,6 @@ "id": "ia-12_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12c.", @@ -61692,6 +52583,11 @@ "class": "SP800-53-enhancement", "title": "Identity Evidence", "props": [ + { + "name": "label", + "value": "IA-12(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-12(2)" @@ -61721,13 +52617,6 @@ { "id": "ia-12.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require evidence of individual identification be presented to the registration authority." }, { @@ -61739,23 +52628,6 @@ "id": "ia-12.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12(02)", @@ -61854,6 +52726,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-12(03)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-12(3)" @@ -61883,13 +52760,6 @@ { "id": "ia-12.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require that the presented identity evidence be validated and verified through {{ insert: param, ia-12.03_odp }}." }, { @@ -61901,29 +52771,6 @@ "id": "ia-12.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12(03)", @@ -62011,6 +52858,11 @@ "class": "SP800-53-enhancement", "title": "In-person Validation and Verification", "props": [ + { + "name": "label", + "value": "IA-12(04)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-12(4)" @@ -62040,13 +52892,6 @@ { "id": "ia-12.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require that the validation and verification of identity evidence be conducted in person before a designated registration authority." }, { @@ -62058,23 +52903,6 @@ "id": "ia-12.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12(04)", @@ -62173,6 +53001,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-12(05)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-12(5)" @@ -62206,13 +53039,6 @@ { "id": "ia-12.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require that a {{ insert: param, ia-12.05_odp }} be delivered through an out-of-band channel to verify the users address (physical or digital) of record.", "parts": [ { @@ -62244,23 +53070,6 @@ "id": "ia-12.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12(05)", @@ -62452,6 +53261,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-01", + "class": "zero-padded" + }, { "name": "label", "value": "IR-1" @@ -62531,12 +53345,6 @@ "id": "ir-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -62596,11 +53404,6 @@ "id": "ir-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -62612,12 +53415,6 @@ "id": "ir-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -62682,23 +53479,6 @@ "id": "ir-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[01]", @@ -62717,23 +53497,6 @@ "id": "ir-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[02]", @@ -62752,17 +53515,6 @@ "id": "ir-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[03]", @@ -62781,17 +53533,6 @@ "id": "ir-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[04]", @@ -62821,17 +53562,6 @@ "id": "ir-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.01(a)", @@ -62977,17 +53707,6 @@ "id": "ir-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.01(b)", @@ -63022,23 +53741,6 @@ "id": "ir-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01b.", @@ -63068,23 +53770,6 @@ "id": "ir-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01c.01", @@ -63140,23 +53825,6 @@ "id": "ir-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01c.02", @@ -63328,6 +53996,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-02", + "class": "zero-padded" + }, { "name": "label", "value": "IR-2" @@ -63403,11 +54076,6 @@ "id": "ir-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -63454,11 +54122,6 @@ "id": "ir-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -63499,23 +54162,6 @@ "id": "ir-2_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02a.01", @@ -63534,23 +54180,6 @@ "id": "ir-2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02a.02", @@ -63569,23 +54198,6 @@ "id": "ir-2_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02a.03", @@ -63623,23 +54235,6 @@ "id": "ir-2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02b.[01]", @@ -63658,23 +54253,6 @@ "id": "ir-2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02b.[02]", @@ -63756,6 +54334,11 @@ "class": "SP800-53-enhancement", "title": "Simulated Events", "props": [ + { + "name": "label", + "value": "IR-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-2(1)" @@ -63790,13 +54373,6 @@ { "id": "ir-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Incorporate simulated events into incident response training to facilitate the required response by personnel in crisis situations." }, { @@ -63808,23 +54384,6 @@ "id": "ir-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02(01)", @@ -63923,6 +54482,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-2(2)" @@ -63957,13 +54521,6 @@ { "id": "ir-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide an incident response training environment using {{ insert: param, ir-02.02_odp }}." }, { @@ -63975,17 +54532,6 @@ "id": "ir-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-02(02)", @@ -64101,9 +54647,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-03", + "class": "zero-padded" }, { "name": "label", @@ -64171,13 +54717,6 @@ { "id": "ir-3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Test the effectiveness of the incident response capability for the system {{ insert: param, ir-03_odp.01 }} using the following tests: {{ insert: param, ir-03_odp.02 }}.", "parts": [ { @@ -64209,23 +54748,6 @@ "id": "ir-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-03", @@ -64291,6 +54813,11 @@ "class": "SP800-53-enhancement", "title": "Coordination with Related Plans", "props": [ + { + "name": "label", + "value": "IR-03(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-3(2)" @@ -64325,13 +54852,6 @@ { "id": "ir-3.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Coordinate incident response testing with organizational elements responsible for related plans." }, { @@ -64343,23 +54863,6 @@ "id": "ir-3.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-03(02)", @@ -64428,9 +54931,9 @@ "title": "Incident Handling", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-04", + "class": "zero-padded" }, { "name": "label", @@ -64586,11 +55089,6 @@ "id": "ir-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -64602,11 +55100,6 @@ "id": "ir-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -64618,11 +55111,6 @@ "id": "ir-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -64634,11 +55122,6 @@ "id": "ir-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -64708,23 +55191,6 @@ "id": "ir-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04a.[01]", @@ -64743,23 +55209,6 @@ "id": "ir-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04a.[02]", @@ -64858,23 +55307,6 @@ "id": "ir-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04b.", @@ -64904,23 +55336,6 @@ "id": "ir-4_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04c.[01]", @@ -64939,23 +55354,6 @@ "id": "ir-4_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04c.[02]", @@ -64982,23 +55380,6 @@ "id": "ir-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04d.", @@ -65179,9 +55560,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-04(01)", + "class": "zero-padded" }, { "name": "label", @@ -65212,13 +55593,6 @@ { "id": "ir-4.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Support the incident handling process using {{ insert: param, ir-04.01_odp }}." }, { @@ -65230,23 +55604,6 @@ "id": "ir-4.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04(01)", @@ -65360,9 +55717,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-04(02)", + "class": "zero-padded" }, { "name": "label", @@ -65405,13 +55762,6 @@ { "id": "ir-4.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Include the following types of dynamic reconfiguration for {{ insert: param, ir-04.02_odp.02 }} as part of the incident response capability: {{ insert: param, ir-04.02_odp.01 }}." }, { @@ -65423,23 +55773,6 @@ "id": "ir-4.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04(02)", @@ -65528,9 +55861,9 @@ "title": "Information Correlation", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-04(04)", + "class": "zero-padded" }, { "name": "label", @@ -65561,13 +55894,6 @@ { "id": "ir-4.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Correlate incident information and individual incident responses to achieve an organization-wide perspective on incident awareness and response." }, { @@ -65579,23 +55905,6 @@ "id": "ir-4.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04(04)", @@ -65684,9 +55993,9 @@ "title": "Insider Threats", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-04(06)", + "class": "zero-padded" }, { "name": "label", @@ -65717,13 +56026,6 @@ { "id": "ir-4.6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement an incident handling capability for incidents involving insider threats." }, { @@ -65735,23 +56037,6 @@ "id": "ir-4.6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-04(06)", @@ -65850,6 +56135,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-04(11)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-4(11)" @@ -65883,13 +56173,6 @@ { "id": "ir-4.11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish and maintain an integrated incident response team that can be deployed to any location identified by the organization in {{ insert: param, ir-04.11_odp }}." }, { @@ -65912,23 +56195,6 @@ "id": "ir-4.11_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-04(11)[01]", @@ -65947,23 +56213,6 @@ "id": "ir-4.11_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-04(11)[02]", @@ -66039,6 +56288,11 @@ "class": "SP800-53", "title": "Incident Monitoring", "props": [ + { + "name": "label", + "value": "IR-05", + "class": "zero-padded" + }, { "name": "label", "value": "IR-5" @@ -66121,13 +56375,6 @@ { "id": "ir-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Track and document incidents." }, { @@ -66139,23 +56386,6 @@ "id": "ir-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-05", @@ -66313,6 +56543,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-5(1)" @@ -66347,13 +56582,6 @@ { "id": "ir-5.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Track incidents and collect and analyze incident information using {{ insert: param, ir-5.1_prm_1 }}." }, { @@ -66365,29 +56593,6 @@ "id": "ir-5.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-05(01)", @@ -66557,6 +56762,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-06", + "class": "zero-padded" + }, { "name": "label", "value": "IR-6" @@ -66627,11 +56837,6 @@ "id": "ir-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -66643,11 +56848,6 @@ "id": "ir-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -66695,23 +56895,6 @@ "id": "ir-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-06a.", @@ -66730,23 +56913,6 @@ "id": "ir-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-06b.", @@ -66853,6 +57019,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-06(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-6(1)" @@ -66886,13 +57057,6 @@ { "id": "ir-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Report incidents using {{ insert: param, ir-06.01_odp }}." }, { @@ -66904,29 +57068,6 @@ "id": "ir-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-06(01)", @@ -67014,6 +57155,11 @@ "class": "SP800-53-enhancement", "title": "Supply Chain Coordination", "props": [ + { + "name": "label", + "value": "IR-06(03)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-6(3)" @@ -67047,13 +57193,6 @@ { "id": "ir-6.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide incident information to the provider of the product or service and other organizations involved in the supply chain or supply chain governance for systems or system components related to the incident." }, { @@ -67065,23 +57204,6 @@ "id": "ir-6.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-06(03)", @@ -67171,6 +57293,11 @@ "class": "SP800-53", "title": "Incident Response Assistance", "props": [ + { + "name": "label", + "value": "IR-07", + "class": "zero-padded" + }, { "name": "label", "value": "IR-7" @@ -67240,13 +57367,6 @@ { "id": "ir-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide an incident response support resource, integral to the organizational incident response capability, that offers advice and assistance to users of the system for the handling and reporting of incidents." }, { @@ -67269,23 +57389,6 @@ "id": "ir-7_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-07[01]", @@ -67304,23 +57407,6 @@ "id": "ir-7_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-07[02]", @@ -67427,6 +57513,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-07(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-7(1)" @@ -67456,13 +57547,6 @@ { "id": "ir-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Increase the availability of incident response information and support using {{ insert: param, ir-07.01_odp }}." }, { @@ -67474,29 +57558,6 @@ "id": "ir-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-07(01)", @@ -67670,6 +57731,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-08", + "class": "zero-padded" + }, { "name": "label", "value": "IR-8" @@ -67756,11 +57822,6 @@ "id": "ir-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -67884,11 +57945,6 @@ "id": "ir-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -67900,11 +57956,6 @@ "id": "ir-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -67916,11 +57967,6 @@ "id": "ir-8_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -67932,11 +57978,6 @@ "id": "ir-8_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -68006,17 +58047,6 @@ "id": "ir-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.01", @@ -68035,17 +58065,6 @@ "id": "ir-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.02", @@ -68064,17 +58083,6 @@ "id": "ir-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.03", @@ -68093,17 +58101,6 @@ "id": "ir-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.04", @@ -68122,17 +58119,6 @@ "id": "ir-8_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.05", @@ -68151,17 +58137,6 @@ "id": "ir-8_obj.a.6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.06", @@ -68180,17 +58155,6 @@ "id": "ir-8_obj.a.7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.07", @@ -68209,17 +58173,6 @@ "id": "ir-8_obj.a.8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.08", @@ -68238,17 +58191,6 @@ "id": "ir-8_obj.a.9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.09", @@ -68267,17 +58209,6 @@ "id": "ir-8_obj.a.10", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.10", @@ -68304,17 +58235,6 @@ "id": "ir-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-08b.", @@ -68370,23 +58290,6 @@ "id": "ir-8_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-08c.", @@ -68405,23 +58308,6 @@ "id": "ir-8_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-08d.", @@ -68477,17 +58363,6 @@ "id": "ir-8_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-08e.", @@ -68649,6 +58524,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-09", + "class": "zero-padded" + }, { "name": "label", "value": "IR-9" @@ -68712,11 +58592,6 @@ "id": "ir-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -68728,11 +58603,6 @@ "id": "ir-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -68744,11 +58614,6 @@ "id": "ir-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -68760,11 +58625,6 @@ "id": "ir-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -68776,11 +58636,6 @@ "id": "ir-9_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -68792,11 +58647,6 @@ "id": "ir-9_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -68808,11 +58658,6 @@ "id": "ir-9_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -68842,23 +58687,6 @@ "id": "ir-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-09a.", @@ -68877,23 +58705,6 @@ "id": "ir-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-09b.", @@ -68912,23 +58723,6 @@ "id": "ir-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09c.", @@ -68947,23 +58741,6 @@ "id": "ir-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09d.", @@ -68982,23 +58759,6 @@ "id": "ir-9_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09e.", @@ -69017,23 +58777,6 @@ "id": "ir-9_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09f.", @@ -69052,23 +58795,6 @@ "id": "ir-9_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09g.", @@ -69180,6 +58906,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-09(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-9(2)" @@ -69225,13 +58956,6 @@ { "id": "ir-9.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide information spillage response training {{ insert: param, ir-09.02_odp }}." }, { @@ -69243,17 +58967,6 @@ "id": "ir-9.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09(02)", @@ -69330,6 +59043,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-09(03)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-9(3)" @@ -69359,13 +59077,6 @@ { "id": "ir-9.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement the following procedures to ensure that organizational personnel impacted by information spills can continue to carry out assigned tasks while contaminated systems are undergoing corrective actions: {{ insert: param, ir-09.03_odp }}." }, { @@ -69377,17 +59088,6 @@ "id": "ir-9.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-09(03)", @@ -69486,6 +59186,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-09(04)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-9(4)" @@ -69515,13 +59220,6 @@ { "id": "ir-9.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ the following controls for personnel exposed to information not within assigned access authorizations: {{ insert: param, ir-09.04_odp }}." }, { @@ -69533,17 +59231,6 @@ "id": "ir-9.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09(04)", @@ -69735,6 +59422,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-01", + "class": "zero-padded" + }, { "name": "label", "value": "MA-1" @@ -69802,12 +59494,6 @@ "id": "ma-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -69867,11 +59553,6 @@ "id": "ma-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -69883,12 +59564,6 @@ "id": "ma-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -69953,23 +59628,6 @@ "id": "ma-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[01]", @@ -69988,23 +59646,6 @@ "id": "ma-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[02]", @@ -70023,17 +59664,6 @@ "id": "ma-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[03]", @@ -70052,17 +59682,6 @@ "id": "ma-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[04]", @@ -70092,17 +59711,6 @@ "id": "ma-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.01(a)", @@ -70248,17 +59856,6 @@ "id": "ma-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.01(b)", @@ -70293,23 +59890,6 @@ "id": "ma-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01b.", @@ -70339,23 +59919,6 @@ "id": "ma-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01c.01", @@ -70411,23 +59974,6 @@ "id": "ma-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01c.02", @@ -70575,6 +60121,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-02", + "class": "zero-padded" + }, { "name": "label", "value": "MA-2" @@ -70661,11 +60212,6 @@ "id": "ma-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -70677,11 +60223,6 @@ "id": "ma-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -70693,11 +60234,6 @@ "id": "ma-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -70709,11 +60245,6 @@ "id": "ma-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -70725,11 +60256,6 @@ "id": "ma-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -70741,11 +60267,6 @@ "id": "ma-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -70775,29 +60296,6 @@ "id": "ma-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02a.", @@ -70871,23 +60369,6 @@ "id": "ma-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-02b.", @@ -70943,23 +60424,6 @@ "id": "ma-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-02c.", @@ -70978,23 +60442,6 @@ "id": "ma-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-02d.", @@ -71013,17 +60460,6 @@ "id": "ma-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02e.", @@ -71042,17 +60478,6 @@ "id": "ma-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02f.", @@ -71181,6 +60606,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "MA-2(2)" @@ -71219,11 +60649,6 @@ "id": "ma-2.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -71235,11 +60660,6 @@ "id": "ma-2.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -71269,23 +60689,6 @@ "id": "ma-2.2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02(02)(a)", @@ -71359,23 +60762,6 @@ "id": "ma-2.2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02(02)(b)", @@ -71544,6 +60930,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-03", + "class": "zero-padded" + }, { "name": "label", "value": "MA-3" @@ -71586,11 +60977,6 @@ "id": "ma-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -71602,11 +60988,6 @@ "id": "ma-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -71636,29 +61017,6 @@ "id": "ma-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03a.", @@ -71732,29 +61090,6 @@ "id": "ma-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03b.", @@ -71850,6 +61185,11 @@ "class": "SP800-53-enhancement", "title": "Inspect Tools", "props": [ + { + "name": "label", + "value": "MA-03(01)", + "class": "zero-padded" + }, { "name": "label", "value": "MA-3(1)" @@ -71883,13 +61223,6 @@ { "id": "ma-3.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Inspect the maintenance tools used by maintenance personnel for improper or unauthorized modifications." }, { @@ -71901,29 +61234,6 @@ "id": "ma-3.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03(01)", @@ -72012,9 +61322,9 @@ "title": "Inspect Media", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "MA-03(02)", + "class": "zero-padded" }, { "name": "label", @@ -72049,13 +61359,6 @@ { "id": "ma-3.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Check media containing diagnostic and test programs for malicious code before the media are used in the system." }, { @@ -72067,29 +61370,6 @@ "id": "ma-3.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03(02)", @@ -72193,6 +61473,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-03(03)", + "class": "zero-padded" + }, { "name": "label", "value": "MA-3(3)" @@ -72232,11 +61517,6 @@ "id": "ma-3.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -72248,11 +61528,6 @@ "id": "ma-3.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -72264,11 +61539,6 @@ "id": "ma-3.3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -72280,11 +61550,6 @@ "id": "ma-3.3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -72303,29 +61568,6 @@ "id": "ma-3.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03(03)", @@ -72488,6 +61730,11 @@ "class": "SP800-53", "title": "Nonlocal Maintenance", "props": [ + { + "name": "label", + "value": "MA-04", + "class": "zero-padded" + }, { "name": "label", "value": "MA-4" @@ -72598,11 +61845,6 @@ "id": "ma-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -72614,11 +61856,6 @@ "id": "ma-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -72630,11 +61867,6 @@ "id": "ma-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -72646,11 +61878,6 @@ "id": "ma-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -72662,11 +61889,6 @@ "id": "ma-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -72696,23 +61918,6 @@ "id": "ma-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04a.", @@ -72779,23 +61984,6 @@ "id": "ma-4_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04b.[01]", @@ -72814,17 +62002,6 @@ "id": "ma-4_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-04b.[02]", @@ -72851,29 +62028,6 @@ "id": "ma-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04c.", @@ -72892,17 +62046,6 @@ "id": "ma-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04d.", @@ -72921,17 +62064,6 @@ "id": "ma-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04e.", @@ -73064,6 +62196,11 @@ "class": "SP800-53-enhancement", "title": "Comparable Security and Sanitization", "props": [ + { + "name": "label", + "value": "MA-04(03)", + "class": "zero-padded" + }, { "name": "label", "value": "MA-4(3)" @@ -73110,11 +62247,6 @@ "id": "ma-4.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -73126,11 +62258,6 @@ "id": "ma-4.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -73160,23 +62287,6 @@ "id": "ma-4.3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04(03)(a)", @@ -73243,17 +62353,6 @@ "id": "ma-4.3_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04(03)(b)[01]", @@ -73272,17 +62371,6 @@ "id": "ma-4.3_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04(03)(b)[02]", @@ -73301,17 +62389,6 @@ "id": "ma-4.3_obj.b-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04(03)(b)[03]", @@ -73417,6 +62494,11 @@ "class": "SP800-53", "title": "Maintenance Personnel", "props": [ + { + "name": "label", + "value": "MA-05", + "class": "zero-padded" + }, { "name": "label", "value": "MA-5" @@ -73495,11 +62577,6 @@ "id": "ma-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -73511,11 +62588,6 @@ "id": "ma-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -73527,11 +62599,6 @@ "id": "ma-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -73561,17 +62628,6 @@ "id": "ma-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-05a.", @@ -73627,29 +62683,6 @@ "id": "ma-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05b.", @@ -73668,29 +62701,6 @@ "id": "ma-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05c.", @@ -73797,6 +62807,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "MA-5(1)" @@ -73839,11 +62854,6 @@ "id": "ma-5.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -73879,11 +62889,6 @@ "id": "ma-5.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -73924,23 +62929,6 @@ "id": "ma-5.1_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05(01)(a)(01)", @@ -73959,23 +62947,6 @@ "id": "ma-5.1_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05(01)(a)(02)", @@ -74002,29 +62973,6 @@ "id": "ma-5.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05(01)(b)", @@ -74147,6 +63095,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-06", + "class": "zero-padded" + }, { "name": "label", "value": "MA-6" @@ -74208,13 +63161,6 @@ { "id": "ma-6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Obtain maintenance support and/or spare parts for {{ insert: param, ma-06_odp.01 }} within {{ insert: param, ma-06_odp.02 }} of failure." }, { @@ -74226,29 +63172,6 @@ "id": "ma-6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-06", @@ -74438,6 +63361,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-01", + "class": "zero-padded" + }, { "name": "label", "value": "MP-1" @@ -74505,12 +63433,6 @@ "id": "mp-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -74570,11 +63492,6 @@ "id": "mp-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -74586,12 +63503,6 @@ "id": "mp-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -74656,23 +63567,6 @@ "id": "mp-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[01]", @@ -74691,23 +63585,6 @@ "id": "mp-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[02]", @@ -74726,17 +63603,6 @@ "id": "mp-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[03]", @@ -74755,17 +63621,6 @@ "id": "mp-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[04]", @@ -74795,17 +63650,6 @@ "id": "mp-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.01(a)", @@ -74951,17 +63795,6 @@ "id": "mp-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.01(b)", @@ -74996,23 +63829,6 @@ "id": "mp-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01b.", @@ -75042,23 +63858,6 @@ "id": "mp-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01c.01", @@ -75114,23 +63913,6 @@ "id": "mp-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01c.02", @@ -75300,6 +64082,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-02", + "class": "zero-padded" + }, { "name": "label", "value": "MP-2" @@ -75393,13 +64180,6 @@ { "id": "mp-2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Restrict access to {{ insert: param, mp-2_prm_1 }} to {{ insert: param, mp-2_prm_2 }}." }, { @@ -75422,29 +64202,6 @@ "id": "mp-2_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-02[01]", @@ -75463,29 +64220,6 @@ "id": "mp-2_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-02[02]", @@ -75611,6 +64345,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-03", + "class": "zero-padded" + }, { "name": "label", "value": "MP-3" @@ -75673,11 +64412,6 @@ "id": "mp-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -75689,11 +64423,6 @@ "id": "mp-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -75741,17 +64470,6 @@ "id": "mp-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-03a.", @@ -75770,17 +64488,6 @@ "id": "mp-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-03b.", @@ -75950,6 +64657,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-04", + "class": "zero-padded" + }, { "name": "label", "value": "MP-4" @@ -76068,11 +64780,6 @@ "id": "mp-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -76084,11 +64791,6 @@ "id": "mp-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -76147,29 +64849,6 @@ "id": "mp-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04a.[01]", @@ -76188,29 +64867,6 @@ "id": "mp-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04a.[02]", @@ -76229,29 +64885,6 @@ "id": "mp-4_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04a.[03]", @@ -76270,29 +64903,6 @@ "id": "mp-4_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04a.[04]", @@ -76319,29 +64929,6 @@ "id": "mp-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04b.", @@ -76480,6 +65067,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-05", + "class": "zero-padded" + }, { "name": "label", "value": "MP-5" @@ -76570,11 +65162,6 @@ "id": "mp-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -76586,11 +65173,6 @@ "id": "mp-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -76602,11 +65184,6 @@ "id": "mp-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -76618,11 +65195,6 @@ "id": "mp-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -76670,29 +65242,6 @@ "id": "mp-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-05a.", @@ -76748,29 +65297,6 @@ "id": "mp-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-05b.", @@ -76789,17 +65315,6 @@ "id": "mp-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-05c.", @@ -76829,23 +65344,6 @@ "id": "mp-5_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-05d.[01]", @@ -76864,17 +65362,6 @@ "id": "mp-5_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-05d.[02]", @@ -77047,6 +65534,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-06", + "class": "zero-padded" + }, { "name": "label", "value": "MP-6" @@ -77165,11 +65657,6 @@ "id": "mp-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -77181,11 +65668,6 @@ "id": "mp-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -77215,29 +65697,6 @@ "id": "mp-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-06a.", @@ -77311,29 +65770,6 @@ "id": "mp-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-06b.", @@ -77429,6 +65865,11 @@ "class": "SP800-53-enhancement", "title": "Review, Approve, Track, Document, and Verify", "props": [ + { + "name": "label", + "value": "MP-06(01)", + "class": "zero-padded" + }, { "name": "label", "value": "MP-6(1)" @@ -77458,13 +65899,6 @@ { "id": "mp-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Review, approve, track, document, and verify media sanitization and disposal actions.", "parts": [ { @@ -77496,17 +65930,6 @@ "id": "mp-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-06(01)", @@ -77714,6 +66137,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-06(02)", + "class": "zero-padded" + }, { "name": "label", "value": "MP-6(2)" @@ -77743,13 +66171,6 @@ { "id": "mp-6.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Test sanitization equipment and procedures {{ insert: param, mp-6.2_prm_1 }} to ensure that the intended sanitization is being achieved.", "parts": [ { @@ -77781,17 +66202,6 @@ "id": "mp-6.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-06(02)", @@ -77927,6 +66337,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-06(03)", + "class": "zero-padded" + }, { "name": "label", "value": "MP-6(3)" @@ -77956,13 +66371,6 @@ { "id": "mp-6.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Apply nondestructive sanitization techniques to portable storage devices prior to connecting such devices to the system under the following circumstances: {{ insert: param, mp-06.03_odp }}.", "parts": [ { @@ -77994,23 +66402,6 @@ "id": "mp-6.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-06(03)", @@ -78138,6 +66529,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-07", + "class": "zero-padded" + }, { "name": "label", "value": "MP-7" @@ -78200,11 +66596,6 @@ "id": "mp-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -78216,11 +66607,6 @@ "id": "mp-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -78250,29 +66636,6 @@ "id": "mp-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-07a.", @@ -78291,29 +66654,6 @@ "id": "mp-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-07b.", @@ -78511,6 +66851,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-01", + "class": "zero-padded" + }, { "name": "label", "value": "PE-1" @@ -78578,12 +66923,6 @@ "id": "pe-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -78643,11 +66982,6 @@ "id": "pe-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -78659,12 +66993,6 @@ "id": "pe-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -78729,23 +67057,6 @@ "id": "pe-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[01]", @@ -78764,23 +67075,6 @@ "id": "pe-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[02]", @@ -78799,17 +67093,6 @@ "id": "pe-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[03]", @@ -78828,17 +67111,6 @@ "id": "pe-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[04]", @@ -78868,17 +67140,6 @@ "id": "pe-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.01(a)", @@ -79024,17 +67285,6 @@ "id": "pe-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.01(b)", @@ -79069,23 +67319,6 @@ "id": "pe-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01b.", @@ -79115,23 +67348,6 @@ "id": "pe-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01c.01", @@ -79187,23 +67403,6 @@ "id": "pe-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01c.02", @@ -79338,6 +67537,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-02", + "class": "zero-padded" + }, { "name": "label", "value": "PE-2" @@ -79440,11 +67644,6 @@ "id": "pe-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -79456,11 +67655,6 @@ "id": "pe-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -79472,11 +67666,6 @@ "id": "pe-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -79488,11 +67677,6 @@ "id": "pe-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -79522,23 +67706,6 @@ "id": "pe-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-02a.", @@ -79612,17 +67779,6 @@ "id": "pe-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-02b.", @@ -79641,17 +67797,6 @@ "id": "pe-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-02c.", @@ -79670,17 +67815,6 @@ "id": "pe-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-02d.", @@ -79894,9 +68028,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "PE-03", + "class": "zero-padded" }, { "name": "label", @@ -80040,11 +68174,6 @@ "id": "pe-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -80080,11 +68209,6 @@ "id": "pe-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -80096,11 +68220,6 @@ "id": "pe-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -80112,11 +68231,6 @@ "id": "pe-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -80128,11 +68242,6 @@ "id": "pe-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -80144,11 +68253,6 @@ "id": "pe-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -80160,11 +68264,6 @@ "id": "pe-3_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -80205,17 +68304,6 @@ "id": "pe-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03a.01", @@ -80234,23 +68322,6 @@ "id": "pe-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03a.02", @@ -80277,23 +68348,6 @@ "id": "pe-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-03b.", @@ -80312,17 +68366,6 @@ "id": "pe-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03c.", @@ -80352,17 +68395,6 @@ "id": "pe-3_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03d.[01]", @@ -80381,23 +68413,6 @@ "id": "pe-3_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03d.[02]", @@ -80424,17 +68439,6 @@ "id": "pe-3_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03e.", @@ -80508,23 +68512,6 @@ "id": "pe-3_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-03f.", @@ -80554,17 +68541,6 @@ "id": "pe-3_obj.g-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03g.[01]", @@ -80583,17 +68559,6 @@ "id": "pe-3_obj.g-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03g.[02]", @@ -80708,6 +68673,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-03(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-3(1)" @@ -80737,13 +68707,6 @@ { "id": "pe-3.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Enforce physical access authorizations to the system in addition to the physical access controls for the facility at {{ insert: param, pe-03.01_odp }}." }, { @@ -80766,17 +68729,6 @@ "id": "pe-3.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03(01)[01]", @@ -80795,17 +68747,6 @@ "id": "pe-3.1_obj.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03(01)[02]", @@ -80923,6 +68864,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-04", + "class": "zero-padded" + }, { "name": "label", "value": "PE-4" @@ -80988,13 +68934,6 @@ { "id": "pe-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Control physical access to {{ insert: param, pe-04_odp.01 }} within organizational facilities using {{ insert: param, pe-04_odp.02 }}." }, { @@ -81006,23 +68945,6 @@ "id": "pe-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-04", @@ -81121,6 +69043,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-05", + "class": "zero-padded" + }, { "name": "label", "value": "PE-5" @@ -81166,13 +69093,6 @@ { "id": "pe-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Control physical access to output from {{ insert: param, pe-05_odp }} to prevent unauthorized individuals from obtaining the output." }, { @@ -81184,17 +69104,6 @@ "id": "pe-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-05", @@ -81307,6 +69216,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-06", + "class": "zero-padded" + }, { "name": "label", "value": "PE-6" @@ -81374,11 +69288,6 @@ "id": "pe-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -81390,11 +69299,6 @@ "id": "pe-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -81406,11 +69310,6 @@ "id": "pe-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -81440,23 +69339,6 @@ "id": "pe-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06a.", @@ -81486,17 +69368,6 @@ "id": "pe-6_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06b.[01]", @@ -81515,17 +69386,6 @@ "id": "pe-6_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06b.[02]", @@ -81563,23 +69423,6 @@ "id": "pe-6_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-06c.[01]", @@ -81598,23 +69441,6 @@ "id": "pe-6_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-06c.[02]", @@ -81718,6 +69544,11 @@ "class": "SP800-53-enhancement", "title": "Intrusion Alarms and Surveillance Equipment", "props": [ + { + "name": "label", + "value": "PE-06(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-6(1)" @@ -81752,13 +69583,6 @@ { "id": "pe-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Monitor physical access to the facility where the system resides using physical intrusion alarms and surveillance equipment." }, { @@ -81770,17 +69594,6 @@ "id": "pe-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06(01)", @@ -81916,6 +69729,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-06(04)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-6(4)" @@ -81950,13 +69768,6 @@ { "id": "pe-6.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Monitor physical access to the system in addition to the physical access monitoring of the facility at {{ insert: param, pe-06.04_odp }}." }, { @@ -81968,17 +69779,6 @@ "id": "pe-6.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06(04)", @@ -82107,6 +69907,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-08", + "class": "zero-padded" + }, { "name": "label", "value": "PE-8" @@ -82154,11 +69959,6 @@ "id": "pe-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -82170,11 +69970,6 @@ "id": "pe-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -82186,11 +69981,6 @@ "id": "pe-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -82220,23 +70010,6 @@ "id": "pe-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-08a.", @@ -82255,17 +70028,6 @@ "id": "pe-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-08b.", @@ -82284,23 +70046,6 @@ "id": "pe-8_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-08c.", @@ -82420,6 +70165,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-8(1)" @@ -82449,13 +70199,6 @@ { "id": "pe-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain and review visitor access records using {{ insert: param, pe-8.1_prm_1 }}." }, { @@ -82478,23 +70221,6 @@ "id": "pe-8.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-08(01)[01]", @@ -82513,17 +70239,6 @@ "id": "pe-8.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-08(01)[02]", @@ -82621,6 +70336,11 @@ "class": "SP800-53", "title": "Power Equipment and Cabling", "props": [ + { + "name": "label", + "value": "PE-09", + "class": "zero-padded" + }, { "name": "label", "value": "PE-9" @@ -82650,13 +70370,6 @@ { "id": "pe-9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect power equipment and power cabling for the system from damage and destruction." }, { @@ -82668,17 +70381,6 @@ "id": "pe-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-09", @@ -82828,6 +70530,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-10", + "class": "zero-padded" + }, { "name": "label", "value": "PE-10" @@ -82862,11 +70569,6 @@ "id": "pe-10_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -82878,11 +70580,6 @@ "id": "pe-10_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -82894,11 +70591,6 @@ "id": "pe-10_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -82928,23 +70620,6 @@ "id": "pe-10_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-10a.", @@ -82963,17 +70638,6 @@ "id": "pe-10_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-10b.", @@ -82992,23 +70656,6 @@ "id": "pe-10_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-10c.", @@ -83115,6 +70762,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-11", + "class": "zero-padded" + }, { "name": "label", "value": "PE-11" @@ -83152,13 +70804,6 @@ { "id": "pe-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide an uninterruptible power supply to facilitate {{ insert: param, pe-11_odp }} in the event of a primary power source loss." }, { @@ -83170,23 +70815,6 @@ "id": "pe-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-11", @@ -83290,6 +70918,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-11(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-11(1)" @@ -83319,13 +70952,6 @@ { "id": "pe-11.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide an alternate power supply for the system that is activated {{ insert: param, pe-11.01_odp }} and that can maintain minimally required operational capability in the event of an extended loss of the primary power source." }, { @@ -83348,23 +70974,6 @@ "id": "pe-11.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-11(01)[01]", @@ -83383,23 +70992,6 @@ "id": "pe-11.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-11(01)[02]", @@ -83497,6 +71089,11 @@ "class": "SP800-53", "title": "Emergency Lighting", "props": [ + { + "name": "label", + "value": "PE-12", + "class": "zero-padded" + }, { "name": "label", "value": "PE-12" @@ -83530,13 +71127,6 @@ { "id": "pe-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ and maintain automatic emergency lighting for the system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility." }, { @@ -83559,17 +71149,6 @@ "id": "pe-12_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[01]", @@ -83588,17 +71167,6 @@ "id": "pe-12_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[02]", @@ -83617,17 +71185,6 @@ "id": "pe-12_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[03]", @@ -83646,17 +71203,6 @@ "id": "pe-12_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[04]", @@ -83752,6 +71298,11 @@ "class": "SP800-53", "title": "Fire Protection", "props": [ + { + "name": "label", + "value": "PE-13", + "class": "zero-padded" + }, { "name": "label", "value": "PE-13" @@ -83781,13 +71332,6 @@ { "id": "pe-13_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ and maintain fire detection and suppression systems that are supported by an independent energy source." }, { @@ -83810,23 +71354,6 @@ "id": "pe-13_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[01]", @@ -83845,23 +71372,6 @@ "id": "pe-13_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[02]", @@ -83880,23 +71390,6 @@ "id": "pe-13_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[03]", @@ -83915,23 +71408,6 @@ "id": "pe-13_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[04]", @@ -83950,23 +71426,6 @@ "id": "pe-13_obj-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[05]", @@ -83985,23 +71444,6 @@ "id": "pe-13_obj-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[06]", @@ -84127,6 +71569,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-13(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-13(1)" @@ -84156,13 +71603,6 @@ { "id": "pe-13.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ fire detection systems that activate automatically and notify {{ insert: param, pe-13.01_odp.01 }} and {{ insert: param, pe-13.01_odp.02 }} in the event of a fire." }, { @@ -84185,17 +71625,6 @@ "id": "pe-13.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(01)[01]", @@ -84214,23 +71643,6 @@ "id": "pe-13.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(01)[02]", @@ -84249,23 +71661,6 @@ "id": "pe-13.1_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(01)[03]", @@ -84381,6 +71776,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-13(02)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-13(2)" @@ -84415,11 +71815,6 @@ "id": "pe-13.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -84431,11 +71826,6 @@ "id": "pe-13.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -84476,17 +71866,6 @@ "id": "pe-13.2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(02)(a)[01]", @@ -84505,23 +71884,6 @@ "id": "pe-13.2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(02)(a)[02]", @@ -84540,23 +71902,6 @@ "id": "pe-13.2_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(02)(a)[03]", @@ -84583,23 +71928,6 @@ "id": "pe-13.2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(02)(b)", @@ -84749,6 +72077,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-14", + "class": "zero-padded" + }, { "name": "label", "value": "PE-14" @@ -84787,11 +72120,6 @@ "id": "pe-14_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -84803,11 +72131,6 @@ "id": "pe-14_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -84855,23 +72178,6 @@ "id": "pe-14_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-14a.", @@ -84890,23 +72196,6 @@ "id": "pe-14_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-14b.", @@ -85013,6 +72302,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-14(02)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-14(2)" @@ -85042,13 +72336,6 @@ { "id": "pe-14.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ environmental control monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment to {{ insert: param, pe-14.02_odp }}." }, { @@ -85071,17 +72358,6 @@ "id": "pe-14.2_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-14(02)[01]", @@ -85100,23 +72376,6 @@ "id": "pe-14.2_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-14(02)[02]", @@ -85214,6 +72473,11 @@ "class": "SP800-53", "title": "Water Damage Protection", "props": [ + { + "name": "label", + "value": "PE-15", + "class": "zero-padded" + }, { "name": "label", "value": "PE-15" @@ -85247,13 +72511,6 @@ { "id": "pe-15_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel." }, { @@ -85276,23 +72533,6 @@ "id": "pe-15_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[01]", @@ -85311,23 +72551,6 @@ "id": "pe-15_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[02]", @@ -85346,23 +72569,6 @@ "id": "pe-15_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[03]", @@ -85381,23 +72587,6 @@ "id": "pe-15_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[04]", @@ -85518,6 +72707,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-15(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-15(1)" @@ -85547,13 +72741,6 @@ { "id": "pe-15.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Detect the presence of water near the system and alert {{ insert: param, pe-15.01_odp.01 }} using {{ insert: param, pe-15.01_odp.02 }}." }, { @@ -85576,17 +72763,6 @@ "id": "pe-15.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15(01)[01]", @@ -85605,23 +72781,6 @@ "id": "pe-15.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15(01)[02]", @@ -85748,6 +72907,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-16", + "class": "zero-padded" + }, { "name": "label", "value": "PE-16" @@ -85818,11 +72982,6 @@ "id": "pe-16_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -85834,11 +72993,6 @@ "id": "pe-16_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -85879,23 +73033,6 @@ "id": "pe-16_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[01]", @@ -85914,23 +73051,6 @@ "id": "pe-16_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[02]", @@ -85949,23 +73069,6 @@ "id": "pe-16_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[03]", @@ -85984,23 +73087,6 @@ "id": "pe-16_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[04]", @@ -86027,23 +73113,6 @@ "id": "pe-16_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-16b.", @@ -86159,6 +73228,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-17", + "class": "zero-padded" + }, { "name": "label", "value": "PE-17" @@ -86205,11 +73279,6 @@ "id": "pe-17_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -86221,11 +73290,6 @@ "id": "pe-17_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -86237,11 +73301,6 @@ "id": "pe-17_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -86253,11 +73312,6 @@ "id": "pe-17_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -86287,23 +73341,6 @@ "id": "pe-17_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-17a.", @@ -86322,23 +73359,6 @@ "id": "pe-17_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-17b.", @@ -86357,23 +73377,6 @@ "id": "pe-17_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-17c.", @@ -86392,23 +73395,6 @@ "id": "pe-17_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-17d.", @@ -86520,6 +73506,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-18", + "class": "zero-padded" + }, { "name": "label", "value": "PE-18" @@ -86565,13 +73556,6 @@ { "id": "pe-18_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Position system components within the facility to minimize potential damage from {{ insert: param, pe-18_odp }} and to minimize the opportunity for unauthorized access." }, { @@ -86583,23 +73567,6 @@ "id": "pe-18_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-18", @@ -86789,6 +73756,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-01", + "class": "zero-padded" + }, { "name": "label", "value": "PL-1" @@ -86860,12 +73832,6 @@ "id": "pl-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -86925,11 +73891,6 @@ "id": "pl-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -86941,12 +73902,6 @@ "id": "pl-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -87011,23 +73966,6 @@ "id": "pl-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[01]", @@ -87046,23 +73984,6 @@ "id": "pl-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[02]", @@ -87081,17 +74002,6 @@ "id": "pl-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[03]", @@ -87110,17 +74020,6 @@ "id": "pl-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[04]", @@ -87150,17 +74049,6 @@ "id": "pl-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.01(a)", @@ -87306,17 +74194,6 @@ "id": "pl-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.01(b)", @@ -87351,23 +74228,6 @@ "id": "pl-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01b.", @@ -87397,23 +74257,6 @@ "id": "pl-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01c.01", @@ -87469,23 +74312,6 @@ "id": "pl-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01c.02", @@ -87648,6 +74474,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-02", + "class": "zero-padded" + }, { "name": "label", "value": "PL-2" @@ -87851,11 +74682,6 @@ "id": "pl-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -88034,11 +74860,6 @@ "id": "pl-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -88050,11 +74871,6 @@ "id": "pl-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -88066,11 +74882,6 @@ "id": "pl-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -88082,11 +74893,6 @@ "id": "pl-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -88138,57 +74944,6 @@ "id": "pl-2_obj.a.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.01[01]", @@ -88207,57 +74962,6 @@ "id": "pl-2_obj.a.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.01[02]", @@ -88405,17 +75109,6 @@ "id": "pl-2_obj.a.4-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.04[01]", @@ -88434,17 +75127,6 @@ "id": "pl-2_obj.a.4-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.04[02]", @@ -88471,17 +75153,6 @@ "id": "pl-2_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.05", @@ -88537,17 +75208,6 @@ "id": "pl-2_obj.a.6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.06", @@ -88603,17 +75263,6 @@ "id": "pl-2_obj.a.7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.07", @@ -88669,17 +75318,6 @@ "id": "pl-2_obj.a.8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.08", @@ -88735,23 +75373,6 @@ "id": "pl-2_obj.a.9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.09", @@ -88818,17 +75439,6 @@ "id": "pl-2_obj.a.10-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.10[01]", @@ -88847,17 +75457,6 @@ "id": "pl-2_obj.a.10-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.10[02]", @@ -88884,17 +75483,6 @@ "id": "pl-2_obj.a.11", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.11", @@ -88961,17 +75549,6 @@ "id": "pl-2_obj.a.12-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.12[01]", @@ -88990,17 +75567,6 @@ "id": "pl-2_obj.a.12-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.12[02]", @@ -89038,23 +75604,6 @@ "id": "pl-2_obj.a.13-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.13[01]", @@ -89073,23 +75622,6 @@ "id": "pl-2_obj.a.13-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.13[02]", @@ -89127,23 +75659,6 @@ "id": "pl-2_obj.a.14-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.14[01]", @@ -89162,23 +75677,6 @@ "id": "pl-2_obj.a.14-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.14[02]", @@ -89216,23 +75714,6 @@ "id": "pl-2_obj.a.15-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.15[01]", @@ -89251,23 +75732,6 @@ "id": "pl-2_obj.a.15-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.15[02]", @@ -89302,23 +75766,6 @@ "id": "pl-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02b.", @@ -89374,23 +75821,6 @@ "id": "pl-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02c.", @@ -89409,23 +75839,6 @@ "id": "pl-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02d.", @@ -89499,23 +75912,6 @@ "id": "pl-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02e.", @@ -89688,6 +76084,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-04", + "class": "zero-padded" + }, { "name": "label", "value": "PL-4" @@ -89807,11 +76208,6 @@ "id": "pl-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -89823,11 +76219,6 @@ "id": "pl-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -89839,11 +76230,6 @@ "id": "pl-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -89855,11 +76241,6 @@ "id": "pl-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -89889,23 +76270,6 @@ "id": "pl-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04a.", @@ -89961,23 +76325,6 @@ "id": "pl-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04b.", @@ -89996,23 +76343,6 @@ "id": "pl-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-04c.", @@ -90031,23 +76361,6 @@ "id": "pl-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-04d.", @@ -90143,6 +76456,11 @@ "class": "SP800-53-enhancement", "title": "Social Media and External Site/Application Usage Restrictions", "props": [ + { + "name": "label", + "value": "PL-04(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PL-4(1)" @@ -90191,11 +76509,6 @@ "id": "pl-4.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -90207,11 +76520,6 @@ "id": "pl-4.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -90223,11 +76531,6 @@ "id": "pl-4.1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -90257,23 +76560,6 @@ "id": "pl-4.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04(01)(a)", @@ -90292,23 +76578,6 @@ "id": "pl-4.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04(01)(b)", @@ -90327,23 +76596,6 @@ "id": "pl-4.1_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04(01)(c)", @@ -90457,6 +76709,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-08", + "class": "zero-padded" + }, { "name": "label", "value": "PL-8" @@ -90556,11 +76813,6 @@ "id": "pl-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -90618,11 +76870,6 @@ "id": "pl-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -90634,11 +76881,6 @@ "id": "pl-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -90697,23 +76939,6 @@ "id": "pl-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.01", @@ -90732,23 +76957,6 @@ "id": "pl-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.02", @@ -90767,17 +76975,6 @@ "id": "pl-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.03", @@ -90833,17 +77030,6 @@ "id": "pl-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.04", @@ -90907,23 +77093,6 @@ "id": "pl-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-08b.", @@ -90953,23 +77122,6 @@ "id": "pl-8_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[01]", @@ -90988,23 +77140,6 @@ "id": "pl-8_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[02]", @@ -91023,23 +77158,6 @@ "id": "pl-8_obj.c-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[03]", @@ -91058,23 +77176,6 @@ "id": "pl-8_obj.c-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[04]", @@ -91093,23 +77194,6 @@ "id": "pl-8_obj.c-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[05]", @@ -91128,23 +77212,6 @@ "id": "pl-8_obj.c-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[06]", @@ -91248,217 +77315,23 @@ "class": "SP800-53", "title": "Baseline Selection", "props": [ - { - "name": "label", - "value": "PL-10" - }, { "name": "label", "value": "PL-10", - "class": "sp800-53a" - }, - { - "name": "sort-id", - "value": "pl-10" - }, - { - "name": "implementation-level", - "ns": "http://csrc.nist.gov/ns/rmf", - "value": "organization" - } - ], - "links": [ - { - "href": "#628d22a1-6a11-4784-bc59-5cd9497b5445", - "rel": "reference" - }, - { - "href": "#599fb53d-5041-444e-a7fe-640d6d30ad05", - "rel": "reference" - }, - { - "href": "#08b07465-dbdc-48d6-8a0b-37279602ac16", - "rel": "reference" - }, - { - "href": "#482e4c99-9dc4-41ad-bba8-0f3f0032c1f8", - "rel": "reference" - }, - { - "href": "#cec037f3-8aba-4c97-84b4-4082f9e515d2", - "rel": "reference" - }, - { - "href": "#46d9e201-840e-440e-987c-2c773333c752", - "rel": "reference" - }, - { - "href": "#e72fde0b-6fc2-497e-a9db-d8fce5a11b8a", - "rel": "reference" - }, - { - "href": "#9be5d661-421f-41ad-854e-86f98b811891", - "rel": "reference" - }, - { - "href": "#e3cc0520-a366-4fc9-abc2-5272db7e3564", - "rel": "reference" - }, - { - "href": "#4e4fbc93-333d-45e6-a875-de36b878b6b9", - "rel": "reference" - }, - { - "href": "#pl-2", - "rel": "related" - }, - { - "href": "#pl-11", - "rel": "related" - }, - { - "href": "#ra-2", - "rel": "related" + "class": "zero-padded" }, - { - "href": "#ra-3", - "rel": "related" - }, - { - "href": "#sa-8", - "rel": "related" - } - ], - "parts": [ - { - "id": "pl-10_smt", - "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], - "prose": "Select a control baseline for the system.", - "parts": [ - { - "id": "pl-10_fr", - "name": "item", - "title": "PL-10 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pl-10_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Select the appropriate FedRAMP Baseline" - } - ] - } - ] - }, - { - "id": "pl-10_gdn", - "name": "guidance", - "prose": "Control baselines are predefined sets of controls specifically assembled to address the protection needs of a group, organization, or community of interest. Controls are chosen for baselines to either satisfy mandates imposed by laws, executive orders, directives, regulations, policies, standards, and guidelines or address threats common to all users of the baseline under the assumptions specific to the baseline. Baselines represent a starting point for the protection of individuals’ privacy, information, and information systems with subsequent tailoring actions to manage risk in accordance with mission, business, or other constraints (see [PL-11](#pl-11) ). Federal control baselines are provided in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) . The selection of a control baseline is determined by the needs of stakeholders. Stakeholder needs consider mission and business requirements as well as mandates imposed by applicable laws, executive orders, directives, policies, regulations, standards, and guidelines. For example, the control baselines in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) are based on the requirements from [FISMA](#0c67b2a9-bede-43d2-b86d-5f35b8be36e9) and [PRIVACT](#18e71fec-c6fd-475a-925a-5d8495cf8455) . The requirements, along with the NIST standards and guidelines implementing the legislation, direct organizations to select one of the control baselines after the reviewing the information types and the information that is processed, stored, and transmitted on the system; analyzing the potential adverse impact of the loss or compromise of the information or system on the organization’s operations and assets, individuals, other organizations, or the Nation; and considering the results from system and organizational risk assessments. [CNSSI 1253](#4e4fbc93-333d-45e6-a875-de36b878b6b9) provides guidance on control baselines for national security systems." - }, - { - "id": "pl-10_obj", - "name": "assessment-objective", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "label", - "value": "PL-10", - "class": "sp800-53a" - } - ], - "prose": "a control baseline for the system is selected.", - "links": [ - { - "href": "#pl-10_smt", - "rel": "assessment-for" - } - ] - }, - { - "id": "pl-10_asm-examine", - "name": "assessment-method", - "props": [ - { - "name": "method", - "ns": "http://csrc.nist.gov/ns/rmf", - "value": "EXAMINE" - }, - { - "name": "label", - "value": "PL-10-Examine", - "class": "sp800-53a" - } - ], - "parts": [ - { - "name": "assessment-objects", - "prose": "Security and privacy planning policy\n\nprocedures addressing system security and privacy plan development and implementation\n\nprocedures addressing system security and privacy plan reviews and updates\n\nsystem design documentation\n\nsystem architecture and configuration documentation\n\nsystem categorization decision\n\ninformation types stored, transmitted, and processed by the system\n\nsystem element/component information\n\nstakeholder needs analysis\n\nlist of security and privacy requirements allocated to the system, system elements, and environment of operation\n\nlist of contractual requirements allocated to external providers of the system or system element\n\nbusiness impact analysis or criticality analysis\n\nrisk assessments\n\nrisk management strategy\n\norganizational security and privacy policy\n\nfederal or organization-approved or mandated baselines or overlays\n\nsystem security plan\n\nprivacy plan\n\nother relevant documents or records" - } - ] - }, - { - "id": "pl-10_asm-interview", - "name": "assessment-method", - "props": [ - { - "name": "method", - "ns": "http://csrc.nist.gov/ns/rmf", - "value": "INTERVIEW" - }, - { - "name": "label", - "value": "PL-10-Interview", - "class": "sp800-53a" - } - ], - "parts": [ - { - "name": "assessment-objects", - "prose": "Organizational personnel with security and privacy planning and plan implementation responsibilities\n\norganizational personnel with information security and privacy responsibilities\n\norganizational personnel with responsibility for organizational risk management activities" - } - ] - } - ] - }, - { - "id": "pl-11", - "class": "SP800-53", - "title": "Baseline Tailoring", - "props": [ { "name": "label", - "value": "PL-11" + "value": "PL-10" }, { "name": "label", - "value": "PL-11", + "value": "PL-10", "class": "sp800-53a" }, { "name": "sort-id", - "value": "pl-11" + "value": "pl-10" }, { "name": "implementation-level", @@ -91508,19 +77381,19 @@ "rel": "reference" }, { - "href": "#pl-10", + "href": "#pl-2", "rel": "related" }, { - "href": "#ra-2", + "href": "#pl-11", "rel": "related" }, { - "href": "#ra-3", + "href": "#ra-2", "rel": "related" }, { - "href": "#ra-9", + "href": "#ra-3", "rel": "related" }, { @@ -91530,43 +77403,205 @@ ], "parts": [ { - "id": "pl-11_smt", + "id": "pl-10_smt", "name": "statement", - "props": [ + "prose": "Select a control baseline for the system.", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "pl-10_fr", + "name": "item", + "title": "PL-10 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pl-10_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Select the appropriate FedRAMP Baseline" + } + ] } - ], - "prose": "Tailor the selected control baseline by applying specified tailoring actions." + ] }, { - "id": "pl-11_gdn", + "id": "pl-10_gdn", "name": "guidance", - "prose": "The concept of tailoring allows organizations to specialize or customize a set of baseline controls by applying a defined set of tailoring actions. Tailoring actions facilitate such specialization and customization by allowing organizations to develop security and privacy plans that reflect their specific mission and business functions, the environments where their systems operate, the threats and vulnerabilities that can affect their systems, and any other conditions or situations that can impact their mission or business success. Tailoring guidance is provided in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) . Tailoring a control baseline is accomplished by identifying and designating common controls, applying scoping considerations, selecting compensating controls, assigning values to control parameters, supplementing the control baseline with additional controls as needed, and providing information for control implementation. The general tailoring actions in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) can be supplemented with additional actions based on the needs of organizations. Tailoring actions can be applied to the baselines in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) in accordance with the security and privacy requirements from [FISMA](#0c67b2a9-bede-43d2-b86d-5f35b8be36e9), [PRIVACT](#18e71fec-c6fd-475a-925a-5d8495cf8455) , and [OMB A-130](#27847491-5ce1-4f6a-a1e4-9e483782f0ef) . Alternatively, other communities of interest adopting different control baselines can apply the tailoring actions in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) to specialize or customize the controls that represent the specific needs and concerns of those entities." + "prose": "Control baselines are predefined sets of controls specifically assembled to address the protection needs of a group, organization, or community of interest. Controls are chosen for baselines to either satisfy mandates imposed by laws, executive orders, directives, regulations, policies, standards, and guidelines or address threats common to all users of the baseline under the assumptions specific to the baseline. Baselines represent a starting point for the protection of individuals’ privacy, information, and information systems with subsequent tailoring actions to manage risk in accordance with mission, business, or other constraints (see [PL-11](#pl-11) ). Federal control baselines are provided in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) . The selection of a control baseline is determined by the needs of stakeholders. Stakeholder needs consider mission and business requirements as well as mandates imposed by applicable laws, executive orders, directives, policies, regulations, standards, and guidelines. For example, the control baselines in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) are based on the requirements from [FISMA](#0c67b2a9-bede-43d2-b86d-5f35b8be36e9) and [PRIVACT](#18e71fec-c6fd-475a-925a-5d8495cf8455) . The requirements, along with the NIST standards and guidelines implementing the legislation, direct organizations to select one of the control baselines after the reviewing the information types and the information that is processed, stored, and transmitted on the system; analyzing the potential adverse impact of the loss or compromise of the information or system on the organization’s operations and assets, individuals, other organizations, or the Nation; and considering the results from system and organizational risk assessments. [CNSSI 1253](#4e4fbc93-333d-45e6-a875-de36b878b6b9) provides guidance on control baselines for national security systems." }, { - "id": "pl-11_obj", + "id": "pl-10_obj", "name": "assessment-objective", "props": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, + "name": "label", + "value": "PL-10", + "class": "sp800-53a" + } + ], + "prose": "a control baseline for the system is selected.", + "links": [ + { + "href": "#pl-10_smt", + "rel": "assessment-for" + } + ] + }, + { + "id": "pl-10_asm-examine", + "name": "assessment-method", + "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" + "ns": "http://csrc.nist.gov/ns/rmf", + "value": "EXAMINE" }, + { + "name": "label", + "value": "PL-10-Examine", + "class": "sp800-53a" + } + ], + "parts": [ + { + "name": "assessment-objects", + "prose": "Security and privacy planning policy\n\nprocedures addressing system security and privacy plan development and implementation\n\nprocedures addressing system security and privacy plan reviews and updates\n\nsystem design documentation\n\nsystem architecture and configuration documentation\n\nsystem categorization decision\n\ninformation types stored, transmitted, and processed by the system\n\nsystem element/component information\n\nstakeholder needs analysis\n\nlist of security and privacy requirements allocated to the system, system elements, and environment of operation\n\nlist of contractual requirements allocated to external providers of the system or system element\n\nbusiness impact analysis or criticality analysis\n\nrisk assessments\n\nrisk management strategy\n\norganizational security and privacy policy\n\nfederal or organization-approved or mandated baselines or overlays\n\nsystem security plan\n\nprivacy plan\n\nother relevant documents or records" + } + ] + }, + { + "id": "pl-10_asm-interview", + "name": "assessment-method", + "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" + "ns": "http://csrc.nist.gov/ns/rmf", + "value": "INTERVIEW" }, + { + "name": "label", + "value": "PL-10-Interview", + "class": "sp800-53a" + } + ], + "parts": [ + { + "name": "assessment-objects", + "prose": "Organizational personnel with security and privacy planning and plan implementation responsibilities\n\norganizational personnel with information security and privacy responsibilities\n\norganizational personnel with responsibility for organizational risk management activities" + } + ] + } + ] + }, + { + "id": "pl-11", + "class": "SP800-53", + "title": "Baseline Tailoring", + "props": [ + { + "name": "label", + "value": "PL-11", + "class": "zero-padded" + }, + { + "name": "label", + "value": "PL-11" + }, + { + "name": "label", + "value": "PL-11", + "class": "sp800-53a" + }, + { + "name": "sort-id", + "value": "pl-11" + }, + { + "name": "implementation-level", + "ns": "http://csrc.nist.gov/ns/rmf", + "value": "organization" + } + ], + "links": [ + { + "href": "#628d22a1-6a11-4784-bc59-5cd9497b5445", + "rel": "reference" + }, + { + "href": "#599fb53d-5041-444e-a7fe-640d6d30ad05", + "rel": "reference" + }, + { + "href": "#08b07465-dbdc-48d6-8a0b-37279602ac16", + "rel": "reference" + }, + { + "href": "#482e4c99-9dc4-41ad-bba8-0f3f0032c1f8", + "rel": "reference" + }, + { + "href": "#cec037f3-8aba-4c97-84b4-4082f9e515d2", + "rel": "reference" + }, + { + "href": "#46d9e201-840e-440e-987c-2c773333c752", + "rel": "reference" + }, + { + "href": "#e72fde0b-6fc2-497e-a9db-d8fce5a11b8a", + "rel": "reference" + }, + { + "href": "#9be5d661-421f-41ad-854e-86f98b811891", + "rel": "reference" + }, + { + "href": "#e3cc0520-a366-4fc9-abc2-5272db7e3564", + "rel": "reference" + }, + { + "href": "#4e4fbc93-333d-45e6-a875-de36b878b6b9", + "rel": "reference" + }, + { + "href": "#pl-10", + "rel": "related" + }, + { + "href": "#ra-2", + "rel": "related" + }, + { + "href": "#ra-3", + "rel": "related" + }, + { + "href": "#ra-9", + "rel": "related" + }, + { + "href": "#sa-8", + "rel": "related" + } + ], + "parts": [ + { + "id": "pl-11_smt", + "name": "statement", + "prose": "Tailor the selected control baseline by applying specified tailoring actions." + }, + { + "id": "pl-11_gdn", + "name": "guidance", + "prose": "The concept of tailoring allows organizations to specialize or customize a set of baseline controls by applying a defined set of tailoring actions. Tailoring actions facilitate such specialization and customization by allowing organizations to develop security and privacy plans that reflect their specific mission and business functions, the environments where their systems operate, the threats and vulnerabilities that can affect their systems, and any other conditions or situations that can impact their mission or business success. Tailoring guidance is provided in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) . Tailoring a control baseline is accomplished by identifying and designating common controls, applying scoping considerations, selecting compensating controls, assigning values to control parameters, supplementing the control baseline with additional controls as needed, and providing information for control implementation. The general tailoring actions in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) can be supplemented with additional actions based on the needs of organizations. Tailoring actions can be applied to the baselines in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) in accordance with the security and privacy requirements from [FISMA](#0c67b2a9-bede-43d2-b86d-5f35b8be36e9), [PRIVACT](#18e71fec-c6fd-475a-925a-5d8495cf8455) , and [OMB A-130](#27847491-5ce1-4f6a-a1e4-9e483782f0ef) . Alternatively, other communities of interest adopting different control baselines can apply the tailoring actions in [SP 800-53B](#46d9e201-840e-440e-987c-2c773333c752) to specialize or customize the controls that represent the specific needs and concerns of those entities." + }, + { + "id": "pl-11_obj", + "name": "assessment-objective", + "props": [ { "name": "label", "value": "PL-11", @@ -91734,6 +77769,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-01", + "class": "zero-padded" + }, { "name": "label", "value": "PS-1" @@ -91797,12 +77837,6 @@ "id": "ps-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -91862,11 +77896,6 @@ "id": "ps-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -91878,12 +77907,6 @@ "id": "ps-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -91948,23 +77971,6 @@ "id": "ps-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[01]", @@ -91983,23 +77989,6 @@ "id": "ps-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[02]", @@ -92018,17 +78007,6 @@ "id": "ps-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[03]", @@ -92047,17 +78025,6 @@ "id": "ps-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[04]", @@ -92087,17 +78054,6 @@ "id": "ps-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.01(a)", @@ -92243,17 +78199,6 @@ "id": "ps-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.01(b)", @@ -92288,23 +78233,6 @@ "id": "ps-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01b.", @@ -92334,23 +78262,6 @@ "id": "ps-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01c.01", @@ -92406,23 +78317,6 @@ "id": "ps-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01c.02", @@ -92557,6 +78451,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-02", + "class": "zero-padded" + }, { "name": "label", "value": "PS-2" @@ -92635,11 +78534,6 @@ "id": "ps-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -92651,11 +78545,6 @@ "id": "ps-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -92667,11 +78556,6 @@ "id": "ps-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -92701,23 +78585,6 @@ "id": "ps-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-02a.", @@ -92736,23 +78603,6 @@ "id": "ps-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-02b.", @@ -92771,23 +78621,6 @@ "id": "ps-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-02c.", @@ -92912,6 +78745,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-03", + "class": "zero-padded" + }, { "name": "label", "value": "PS-3" @@ -93014,11 +78852,6 @@ "id": "ps-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -93030,11 +78863,6 @@ "id": "ps-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -93064,23 +78892,6 @@ "id": "ps-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03a.", @@ -93099,23 +78910,6 @@ "id": "ps-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03b.", @@ -93253,7 +79047,7 @@ "label": "additional personnel screening criteria", "constraints": [ { - "description": "personnel screening criteria - as required by specific information" + "description": "personnel screening criteria – as required by specific information" } ], "guidelines": [ @@ -93264,6 +79058,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-03(03)", + "class": "zero-padded" + }, { "name": "label", "value": "PS-3(3)" @@ -93299,11 +79098,6 @@ "id": "ps-3.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -93315,11 +79109,6 @@ "id": "ps-3.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -93349,23 +79138,6 @@ "id": "ps-3.3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03(03)(a)", @@ -93384,23 +79156,6 @@ "id": "ps-3.3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03(03)(b)", @@ -93523,6 +79278,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-04", + "class": "zero-padded" + }, { "name": "label", "value": "PS-4" @@ -93578,11 +79338,6 @@ "id": "ps-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -93594,11 +79349,6 @@ "id": "ps-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -93610,11 +79360,6 @@ "id": "ps-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -93626,11 +79371,6 @@ "id": "ps-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -93642,11 +79382,6 @@ "id": "ps-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -93676,17 +79411,6 @@ "id": "ps-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04a.", @@ -93705,17 +79429,6 @@ "id": "ps-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04b.", @@ -93734,23 +79447,6 @@ "id": "ps-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04c.", @@ -93769,23 +79465,6 @@ "id": "ps-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-04d.", @@ -93804,23 +79483,6 @@ "id": "ps-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04e.", @@ -93951,6 +79613,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-04(02)", + "class": "zero-padded" + }, { "name": "label", "value": "PS-4(2)" @@ -93980,13 +79647,6 @@ { "id": "ps-4.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Use {{ insert: param, ps-04.02_odp.01 }} to {{ insert: param, ps-04.02_odp.02 }}." }, { @@ -93998,23 +79658,6 @@ "id": "ps-4.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04(02)", @@ -94157,6 +79800,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-05", + "class": "zero-padded" + }, { "name": "label", "value": "PS-5" @@ -94211,11 +79859,6 @@ "id": "ps-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -94227,11 +79870,6 @@ "id": "ps-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -94243,11 +79881,6 @@ "id": "ps-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -94259,11 +79892,6 @@ "id": "ps-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -94293,23 +79921,6 @@ "id": "ps-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-05a.", @@ -94328,23 +79939,6 @@ "id": "ps-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-05b.", @@ -94363,17 +79957,6 @@ "id": "ps-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-05c.", @@ -94392,23 +79975,6 @@ "id": "ps-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-05d.", @@ -94534,6 +80100,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-06", + "class": "zero-padded" + }, { "name": "label", "value": "PS-6" @@ -94609,11 +80180,6 @@ "id": "ps-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -94625,11 +80191,6 @@ "id": "ps-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -94641,11 +80202,6 @@ "id": "ps-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -94699,17 +80255,6 @@ "id": "ps-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-06a.", @@ -94728,23 +80273,6 @@ "id": "ps-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-06b.", @@ -94774,23 +80302,6 @@ "id": "ps-6_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-06c.01", @@ -94809,23 +80320,6 @@ "id": "ps-6_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-06c.02", @@ -94959,6 +80453,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-07", + "class": "zero-padded" + }, { "name": "label", "value": "PS-7" @@ -95050,11 +80549,6 @@ "id": "ps-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -95066,11 +80560,6 @@ "id": "ps-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -95082,11 +80571,6 @@ "id": "ps-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -95098,11 +80582,6 @@ "id": "ps-7_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -95114,11 +80593,6 @@ "id": "ps-7_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -95148,23 +80622,6 @@ "id": "ps-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-07a.", @@ -95183,23 +80640,6 @@ "id": "ps-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-07b.", @@ -95218,17 +80658,6 @@ "id": "ps-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-07c.", @@ -95247,23 +80676,6 @@ "id": "ps-7_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-07d.", @@ -95282,23 +80694,6 @@ "id": "ps-7_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-07e.", @@ -95424,6 +80819,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-08", + "class": "zero-padded" + }, { "name": "label", "value": "PS-8" @@ -95470,11 +80870,6 @@ "id": "ps-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -95486,11 +80881,6 @@ "id": "ps-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -95520,23 +80910,6 @@ "id": "ps-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-08a.", @@ -95555,23 +80928,6 @@ "id": "ps-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-08b.", @@ -95667,6 +81023,11 @@ "class": "SP800-53", "title": "Position Descriptions", "props": [ + { + "name": "label", + "value": "PS-09", + "class": "zero-padded" + }, { "name": "label", "value": "PS-9" @@ -95696,13 +81057,6 @@ { "id": "ps-9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Incorporate security and privacy roles and responsibilities into organizational position descriptions." }, { @@ -95714,17 +81068,6 @@ "id": "ps-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-09", @@ -95951,6 +81294,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-01", + "class": "zero-padded" + }, { "name": "label", "value": "RA-1" @@ -96018,12 +81366,6 @@ "id": "ra-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -96083,11 +81425,6 @@ "id": "ra-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -96099,12 +81436,6 @@ "id": "ra-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -96169,23 +81500,6 @@ "id": "ra-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[01]", @@ -96204,23 +81518,6 @@ "id": "ra-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[02]", @@ -96239,17 +81536,6 @@ "id": "ra-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[03]", @@ -96268,17 +81554,6 @@ "id": "ra-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[04]", @@ -96308,17 +81583,6 @@ "id": "ra-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.01(a)", @@ -96464,17 +81728,6 @@ "id": "ra-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.01(b)", @@ -96509,23 +81762,6 @@ "id": "ra-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01b.", @@ -96555,23 +81791,6 @@ "id": "ra-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01c.01", @@ -96627,23 +81846,6 @@ "id": "ra-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01c.02", @@ -96762,6 +81964,11 @@ "class": "SP800-53", "title": "Security Categorization", "props": [ + { + "name": "label", + "value": "RA-02", + "class": "zero-padded" + }, { "name": "label", "value": "RA-2" @@ -96888,11 +82095,6 @@ "id": "ra-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -96904,11 +82106,6 @@ "id": "ra-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -96920,11 +82117,6 @@ "id": "ra-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -96954,17 +82146,6 @@ "id": "ra-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-02a.", @@ -96983,17 +82164,6 @@ "id": "ra-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-02b.", @@ -97012,23 +82182,6 @@ "id": "ra-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-02c.", @@ -97187,6 +82340,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-03", + "class": "zero-padded" + }, { "name": "label", "value": "RA-3" @@ -97354,11 +82512,6 @@ "id": "ra-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -97405,11 +82558,6 @@ "id": "ra-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -97421,11 +82569,6 @@ "id": "ra-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -97437,11 +82580,6 @@ "id": "ra-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -97453,11 +82591,6 @@ "id": "ra-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -97469,11 +82602,6 @@ "id": "ra-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -97543,23 +82671,6 @@ "id": "ra-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03a.01", @@ -97578,23 +82689,6 @@ "id": "ra-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03a.02", @@ -97613,23 +82707,6 @@ "id": "ra-3_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03a.03", @@ -97656,23 +82733,6 @@ "id": "ra-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03b.", @@ -97691,17 +82751,6 @@ "id": "ra-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-03c.", @@ -97720,23 +82769,6 @@ "id": "ra-3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03d.", @@ -97755,23 +82787,6 @@ "id": "ra-3_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03e.", @@ -97790,23 +82805,6 @@ "id": "ra-3_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03f.", @@ -97922,6 +82920,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-03(01)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-3(1)" @@ -97981,11 +82984,6 @@ "id": "ra-3.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -97997,11 +82995,6 @@ "id": "ra-3.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -98031,23 +83024,6 @@ "id": "ra-3.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03(01)(a)", @@ -98066,23 +83042,6 @@ "id": "ra-3.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03(01)(b)", @@ -98233,9 +83192,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "RA-05", + "class": "zero-padded" }, { "name": "label", @@ -98376,11 +83335,6 @@ "id": "ra-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -98392,11 +83346,6 @@ "id": "ra-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -98443,11 +83392,6 @@ "id": "ra-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -98459,11 +83403,6 @@ "id": "ra-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -98475,11 +83414,6 @@ "id": "ra-5_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -98491,11 +83425,6 @@ "id": "ra-5_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -98561,7 +83490,7 @@ "value": "Guidance:" } ], - "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a \\\"warning\\\" as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on \\\"Tracking of Compliance Scans\\\" in FAQs." + "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a “warning” as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on “Tracking of Compliance Scans” in FAQs." } ] } @@ -98587,23 +83516,6 @@ "id": "ra-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05a.", @@ -98659,23 +83571,6 @@ "id": "ra-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.", @@ -98688,23 +83583,6 @@ "id": "ra-5_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.01", @@ -98723,23 +83601,6 @@ "id": "ra-5_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.02", @@ -98758,23 +83619,6 @@ "id": "ra-5_obj.b.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.03", @@ -98801,23 +83645,6 @@ "id": "ra-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05c.", @@ -98836,23 +83663,6 @@ "id": "ra-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05d.", @@ -98871,23 +83681,6 @@ "id": "ra-5_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05e.", @@ -98906,23 +83699,6 @@ "id": "ra-5_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05f.", @@ -99046,9 +83822,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "RA-05(02)", + "class": "zero-padded" }, { "name": "label", @@ -99088,13 +83864,6 @@ { "id": "ra-5.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Update the system vulnerabilities to be scanned {{ insert: param, ra-05.02_odp.01 }}." }, { @@ -99106,23 +83875,6 @@ "id": "ra-5.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(02)", @@ -99211,9 +83963,9 @@ "title": "Breadth and Depth of Coverage", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "RA-05(03)", + "class": "zero-padded" }, { "name": "label", @@ -99249,13 +84001,6 @@ { "id": "ra-5.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Define the breadth and depth of vulnerability scanning coverage." }, { @@ -99267,23 +84012,6 @@ "id": "ra-5.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(03)", @@ -99387,6 +84115,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-05(04)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5(4)" @@ -99429,13 +84162,6 @@ { "id": "ra-5.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Determine information about the system that is discoverable and take {{ insert: param, ra-05.04_odp }}." }, { @@ -99458,23 +84184,6 @@ "id": "ra-5.4_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(04)[01]", @@ -99493,23 +84202,6 @@ "id": "ra-5.4_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(04)[02]", @@ -99635,6 +84327,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-05(05)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5(5)" @@ -99669,13 +84366,6 @@ { "id": "ra-5.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement privileged access authorization to {{ insert: param, ra-05.05_odp.01 }} for {{ insert: param, ra-05.05_odp.02 }}." }, { @@ -99687,23 +84377,6 @@ "id": "ra-5.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(05)", @@ -99811,6 +84484,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-05(08)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5(8)" @@ -99853,13 +84531,6 @@ { "id": "ra-5.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Review historic audit logs to determine if a vulnerability identified in a {{ insert: param, ra-05.08_odp.01 }} has been previously exploited within an {{ insert: param, ra-05.08_odp.02 }}.", "parts": [ { @@ -99891,23 +84562,6 @@ "id": "ra-5.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(08)", @@ -99995,6 +84649,11 @@ "class": "SP800-53-enhancement", "title": "Public Disclosure Program", "props": [ + { + "name": "label", + "value": "RA-05(11)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5(11)" @@ -100029,13 +84688,6 @@ { "id": "ra-5.11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish a public reporting channel for receiving reports of vulnerabilities in organizational systems and system components." }, { @@ -100047,23 +84699,6 @@ "id": "ra-5.11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(11)", @@ -100153,6 +84788,11 @@ "class": "SP800-53", "title": "Risk Response", "props": [ + { + "name": "label", + "value": "RA-07", + "class": "zero-padded" + }, { "name": "label", "value": "RA-7" @@ -100235,13 +84875,6 @@ { "id": "ra-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Respond to findings from security and privacy assessments, monitoring, and audits in accordance with organizational risk tolerance." }, { @@ -100253,23 +84886,6 @@ "id": "ra-7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-07", @@ -100450,6 +85066,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-09", + "class": "zero-padded" + }, { "name": "label", "value": "RA-9" @@ -100523,13 +85144,6 @@ { "id": "ra-9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify critical system components and functions by performing a criticality analysis for {{ insert: param, ra-09_odp.01 }} at {{ insert: param, ra-09_odp.02 }}." }, { @@ -100541,23 +85155,6 @@ "id": "ra-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-09", @@ -100747,6 +85344,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-01", + "class": "zero-padded" + }, { "name": "label", "value": "SA-1" @@ -100822,12 +85424,6 @@ "id": "sa-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -100887,11 +85483,6 @@ "id": "sa-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -100903,12 +85494,6 @@ "id": "sa-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -100973,23 +85558,6 @@ "id": "sa-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[01]", @@ -101008,23 +85576,6 @@ "id": "sa-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[02]", @@ -101043,17 +85594,6 @@ "id": "sa-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[03]", @@ -101072,17 +85612,6 @@ "id": "sa-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[04]", @@ -101112,17 +85641,6 @@ "id": "sa-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.01(a)", @@ -101268,17 +85786,6 @@ "id": "sa-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.01(b)", @@ -101313,23 +85820,6 @@ "id": "sa-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01b.", @@ -101359,23 +85849,6 @@ "id": "sa-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01c.01", @@ -101431,23 +85904,6 @@ "id": "sa-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01c.02", @@ -101566,6 +86022,11 @@ "class": "SP800-53", "title": "Allocation of Resources", "props": [ + { + "name": "label", + "value": "SA-02", + "class": "zero-padded" + }, { "name": "label", "value": "SA-2" @@ -101637,11 +86098,6 @@ "id": "sa-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -101653,11 +86109,6 @@ "id": "sa-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -101669,11 +86120,6 @@ "id": "sa-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -101714,23 +86160,6 @@ "id": "sa-2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02a.[01]", @@ -101749,23 +86178,6 @@ "id": "sa-2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02a.[02]", @@ -101803,23 +86215,6 @@ "id": "sa-2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02b.[01]", @@ -101838,23 +86233,6 @@ "id": "sa-2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02b.[02]", @@ -101892,23 +86270,6 @@ "id": "sa-2_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02c.[01]", @@ -101927,23 +86288,6 @@ "id": "sa-2_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02c.[02]", @@ -102058,6 +86402,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-03", + "class": "zero-padded" + }, { "name": "label", "value": "SA-3" @@ -102173,11 +86522,6 @@ "id": "sa-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -102189,11 +86533,6 @@ "id": "sa-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -102205,11 +86544,6 @@ "id": "sa-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -102221,11 +86555,6 @@ "id": "sa-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -102266,23 +86595,6 @@ "id": "sa-3_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03a.[01]", @@ -102301,23 +86613,6 @@ "id": "sa-3_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03a.[02]", @@ -102355,23 +86650,6 @@ "id": "sa-3_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03b.[01]", @@ -102390,23 +86668,6 @@ "id": "sa-3_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03b.[02]", @@ -102444,23 +86705,6 @@ "id": "sa-3_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03c.[01]", @@ -102479,23 +86723,6 @@ "id": "sa-3_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03c.[02]", @@ -102533,23 +86760,6 @@ "id": "sa-3_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03d.[01]", @@ -102568,23 +86778,6 @@ "id": "sa-3_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03d.[02]", @@ -102709,6 +86902,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-04", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4" @@ -102885,11 +87083,6 @@ "id": "sa-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -102901,11 +87094,6 @@ "id": "sa-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -102917,11 +87105,6 @@ "id": "sa-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -102933,11 +87116,6 @@ "id": "sa-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -102949,11 +87127,6 @@ "id": "sa-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -102965,11 +87138,6 @@ "id": "sa-4_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -102981,11 +87149,6 @@ "id": "sa-4_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -102997,11 +87160,6 @@ "id": "sa-4_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -103013,11 +87171,6 @@ "id": "sa-4_smt.i", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "i." @@ -103087,57 +87240,6 @@ "id": "sa-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04a.[01]", @@ -103156,57 +87258,6 @@ "id": "sa-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04a.[02]", @@ -103233,23 +87284,6 @@ "id": "sa-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04b.", @@ -103378,23 +87412,6 @@ "id": "sa-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04e.", @@ -103450,23 +87467,6 @@ "id": "sa-4_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04f.", @@ -103522,23 +87522,6 @@ "id": "sa-4_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04g.", @@ -103557,23 +87540,6 @@ "id": "sa-4_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04h.", @@ -103647,23 +87613,6 @@ "id": "sa-4_obj.i", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04i.", @@ -103759,6 +87708,11 @@ "class": "SP800-53-enhancement", "title": "Functional Properties of Controls", "props": [ + { + "name": "label", + "value": "SA-04(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(1)" @@ -103793,13 +87747,6 @@ { "id": "sa-4.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require the developer of the system, system component, or system service to provide a description of the functional properties of the controls to be implemented." }, { @@ -103811,23 +87758,6 @@ "id": "sa-4.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(01)", @@ -103953,6 +87883,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-04(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(2)" @@ -103987,13 +87922,6 @@ { "id": "sa-4.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require the developer of the system, system component, or system service to provide design and implementation information for the controls that includes: {{ insert: param, sa-04.02_odp.01 }} at {{ insert: param, sa-04.02_odp.03 }}." }, { @@ -104005,23 +87933,6 @@ "id": "sa-4.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(02)", @@ -104125,6 +88036,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-04(05)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(5)" @@ -104165,11 +88081,6 @@ "id": "sa-4.5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -104181,11 +88092,6 @@ "id": "sa-4.5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -104215,23 +88121,6 @@ "id": "sa-4.5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(05)(a)", @@ -104250,23 +88139,6 @@ "id": "sa-4.5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(05)(b)", @@ -104362,6 +88234,11 @@ "class": "SP800-53-enhancement", "title": "Functions, Ports, Protocols, and Services in Use", "props": [ + { + "name": "label", + "value": "SA-04(09)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(9)" @@ -104404,13 +88281,6 @@ { "id": "sa-4.9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require the developer of the system, system component, or system service to identify the functions, ports, protocols, and services intended for organizational use." }, { @@ -104422,23 +88292,6 @@ "id": "sa-4.9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(09)", @@ -104577,6 +88430,11 @@ "class": "SP800-53-enhancement", "title": "Use of Approved PIV Products", "props": [ + { + "name": "label", + "value": "SA-04(10)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(10)" @@ -104623,13 +88481,6 @@ { "id": "sa-4.10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ only information technology products on the FIPS 201-approved products list for Personal Identity Verification (PIV) capability implemented within organizational systems." }, { @@ -104641,23 +88492,6 @@ "id": "sa-4.10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(10)", @@ -104772,6 +88606,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-05", + "class": "zero-padded" + }, { "name": "label", "value": "SA-5" @@ -104887,11 +88726,6 @@ "id": "sa-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -104938,11 +88772,6 @@ "id": "sa-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -104989,11 +88818,6 @@ "id": "sa-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -105005,11 +88829,6 @@ "id": "sa-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -105050,23 +88869,6 @@ "id": "sa-5_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.01", @@ -105151,23 +88953,6 @@ "id": "sa-5_obj.a.2-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[01]", @@ -105186,23 +88971,6 @@ "id": "sa-5_obj.a.2-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[02]", @@ -105221,23 +88989,6 @@ "id": "sa-5_obj.a.2-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[03]", @@ -105256,23 +89007,6 @@ "id": "sa-5_obj.a.2-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[04]", @@ -105299,23 +89033,6 @@ "id": "sa-5_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.03", @@ -105401,23 +89118,6 @@ "id": "sa-5_obj.b.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[01]", @@ -105436,23 +89136,6 @@ "id": "sa-5_obj.b.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[02]", @@ -105471,23 +89154,6 @@ "id": "sa-5_obj.b.1-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[03]", @@ -105506,23 +89172,6 @@ "id": "sa-5_obj.b.1-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[04]", @@ -105560,23 +89209,6 @@ "id": "sa-5_obj.b.2-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.02[01]", @@ -105595,23 +89227,6 @@ "id": "sa-5_obj.b.2-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.02[02]", @@ -105649,23 +89264,6 @@ "id": "sa-5_obj.b.3-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.03[01]", @@ -105684,23 +89282,6 @@ "id": "sa-5_obj.b.3-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.03[02]", @@ -105746,23 +89327,6 @@ "id": "sa-5_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-05c.[01]", @@ -105781,23 +89345,6 @@ "id": "sa-5_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-05c.[02]", @@ -105824,23 +89371,6 @@ "id": "sa-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-05d.", @@ -105960,6 +89490,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-08", + "class": "zero-padded" + }, { "name": "label", "value": "SA-8" @@ -106102,13 +89637,6 @@ { "id": "sa-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Apply the following systems security and privacy engineering principles in the specification, design, development, implementation, and modification of the system and system components: {{ insert: param, sa-8_prm_1 }}." }, { @@ -106131,23 +89659,6 @@ "id": "sa-8_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[01]", @@ -106166,23 +89677,6 @@ "id": "sa-8_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[02]", @@ -106201,23 +89695,6 @@ "id": "sa-8_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[03]", @@ -106236,23 +89713,6 @@ "id": "sa-8_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[04]", @@ -106271,23 +89731,6 @@ "id": "sa-8_obj-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[05]", @@ -106306,23 +89749,6 @@ "id": "sa-8_obj-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[06]", @@ -106341,23 +89767,6 @@ "id": "sa-8_obj-7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[07]", @@ -106376,23 +89785,6 @@ "id": "sa-8_obj-8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[08]", @@ -106411,23 +89803,6 @@ "id": "sa-8_obj-9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[09]", @@ -106446,23 +89821,6 @@ "id": "sa-8_obj-10", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[10]", @@ -106589,9 +89947,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SA-09", + "class": "zero-padded" }, { "name": "label", @@ -106696,11 +90054,6 @@ "id": "sa-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -106712,11 +90065,6 @@ "id": "sa-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -106728,11 +90076,6 @@ "id": "sa-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -106773,23 +90116,6 @@ "id": "sa-9_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09a.[01]", @@ -106808,23 +90134,6 @@ "id": "sa-9_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09a.[02]", @@ -106843,17 +90152,6 @@ "id": "sa-9_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-09a.[03]", @@ -106891,17 +90189,6 @@ "id": "sa-9_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-09b.[01]", @@ -106920,17 +90207,6 @@ "id": "sa-9_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-09b.[02]", @@ -106957,23 +90233,6 @@ "id": "sa-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-09c.", @@ -107080,6 +90339,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-09(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-9(1)" @@ -107131,11 +90395,6 @@ "id": "sa-9.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -107147,11 +90406,6 @@ "id": "sa-9.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -107181,23 +90435,6 @@ "id": "sa-9.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-09(01)(a)", @@ -107216,23 +90453,6 @@ "id": "sa-9.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-09(01)(b)", @@ -107344,6 +90564,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-09(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-9(2)" @@ -107386,13 +90611,6 @@ { "id": "sa-9.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require providers of the following external system services to identify the functions, ports, protocols, and other services required for the use of such services: {{ insert: param, sa-09.02_odp }}." }, { @@ -107404,23 +90622,6 @@ "id": "sa-9.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09(02)", @@ -107532,6 +90733,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-09(05)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-9(5)" @@ -107574,13 +90780,6 @@ { "id": "sa-9.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Restrict the location of {{ insert: param, sa-09.05_odp.01 }} to {{ insert: param, sa-09.05_odp.02 }} based on {{ insert: param, sa-09.05_odp.03 }}." }, { @@ -107592,23 +90791,6 @@ "id": "sa-9.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09(05)", @@ -107736,6 +90918,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-10", + "class": "zero-padded" + }, { "name": "label", "value": "SA-10" @@ -107848,11 +91035,6 @@ "id": "sa-10_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -107864,11 +91046,6 @@ "id": "sa-10_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -107880,11 +91057,6 @@ "id": "sa-10_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -107896,11 +91068,6 @@ "id": "sa-10_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -107912,11 +91079,6 @@ "id": "sa-10_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -107964,23 +91126,6 @@ "id": "sa-10_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-10a.", @@ -107999,29 +91144,6 @@ "id": "sa-10_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-10b.", @@ -108095,23 +91217,6 @@ "id": "sa-10_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-10c.", @@ -108130,23 +91235,6 @@ "id": "sa-10_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-10d.", @@ -108220,23 +91308,6 @@ "id": "sa-10_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-10e.", @@ -108419,6 +91490,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-11", + "class": "zero-padded" + }, { "name": "label", "value": "SA-11" @@ -108527,11 +91603,6 @@ "id": "sa-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -108543,11 +91614,6 @@ "id": "sa-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -108559,11 +91625,6 @@ "id": "sa-11_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -108575,11 +91636,6 @@ "id": "sa-11_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -108591,11 +91647,6 @@ "id": "sa-11_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -108636,29 +91687,6 @@ "id": "sa-11_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11a.[01]", @@ -108677,29 +91705,6 @@ "id": "sa-11_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11a.[02]", @@ -108718,29 +91723,6 @@ "id": "sa-11_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11a.[03]", @@ -108759,29 +91741,6 @@ "id": "sa-11_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11a.[04]", @@ -108808,23 +91767,6 @@ "id": "sa-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11b.", @@ -108843,23 +91785,6 @@ "id": "sa-11_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11c.", @@ -108915,23 +91840,6 @@ "id": "sa-11_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11d.", @@ -108950,23 +91858,6 @@ "id": "sa-11_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11e.", @@ -109063,9 +91954,9 @@ "title": "Static Code Analysis", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SA-11(01)", + "class": "zero-padded" }, { "name": "label", @@ -109101,13 +91992,6 @@ { "id": "sa-11.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require the developer of the system, system component, or system service to employ static code analysis tools to identify common flaws and document the results of the analysis.", "parts": [ { @@ -109139,23 +92023,6 @@ "id": "sa-11.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(01)", @@ -109344,6 +92211,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-11(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-11(2)" @@ -109396,11 +92268,6 @@ "id": "sa-11.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -109412,11 +92279,6 @@ "id": "sa-11.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -109428,11 +92290,6 @@ "id": "sa-11.2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -109444,11 +92301,6 @@ "id": "sa-11.2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -109489,23 +92341,6 @@ "id": "sa-11.2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(a)[01]", @@ -109524,23 +92359,6 @@ "id": "sa-11.2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(a)[02]", @@ -109559,23 +92377,6 @@ "id": "sa-11.2_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(a)[03]", @@ -109594,23 +92395,6 @@ "id": "sa-11.2_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(a)[04]", @@ -109648,23 +92432,6 @@ "id": "sa-11.2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(b)[01]", @@ -109683,23 +92450,6 @@ "id": "sa-11.2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(b)[02]", @@ -109718,23 +92468,6 @@ "id": "sa-11.2_obj.b-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(b)[03]", @@ -109753,23 +92486,6 @@ "id": "sa-11.2_obj.b-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(b)[04]", @@ -109807,23 +92523,6 @@ "id": "sa-11.2_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(c)[01]", @@ -109842,23 +92541,6 @@ "id": "sa-11.2_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(c)[02]", @@ -109896,23 +92578,6 @@ "id": "sa-11.2_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(d)[01]", @@ -109931,23 +92596,6 @@ "id": "sa-11.2_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(d)[02]", @@ -109966,23 +92614,6 @@ "id": "sa-11.2_obj.d-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(d)[03]", @@ -110001,23 +92632,6 @@ "id": "sa-11.2_obj.d-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(d)[04]", @@ -110166,6 +92780,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-15", + "class": "zero-padded" + }, { "name": "label", "value": "SA-15" @@ -110253,11 +92872,6 @@ "id": "sa-15_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -110315,11 +92929,6 @@ "id": "sa-15_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -110371,23 +92980,6 @@ "id": "sa-15_obj.a.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.01[01]", @@ -110406,23 +92998,6 @@ "id": "sa-15_obj.a.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.01[02]", @@ -110449,23 +93024,6 @@ "id": "sa-15_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.02", @@ -110521,23 +93079,6 @@ "id": "sa-15_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.03", @@ -110593,29 +93134,6 @@ "id": "sa-15_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.04", @@ -110653,23 +93171,6 @@ "id": "sa-15_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15b.[01]", @@ -110688,23 +93189,6 @@ "id": "sa-15_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15b.[02]", @@ -110819,6 +93303,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-15(03)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-15(3)" @@ -110863,11 +93352,6 @@ "id": "sa-15.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -110879,11 +93363,6 @@ "id": "sa-15.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -110902,23 +93381,6 @@ "id": "sa-15.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15(03)", @@ -111093,6 +93555,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-16", + "class": "zero-padded" + }, { "name": "label", "value": "SA-16" @@ -111143,13 +93610,6 @@ { "id": "sa-16_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require the developer of the system, system component, or system service to provide the following training on the correct use and operation of the implemented security and privacy functions, controls, and/or mechanisms: {{ insert: param, sa-16_odp }}." }, { @@ -111161,23 +93621,6 @@ "id": "sa-16_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-16", @@ -111243,6 +93686,11 @@ "class": "SP800-53", "title": "Developer Security and Privacy Architecture and Design", "props": [ + { + "name": "label", + "value": "SA-17", + "class": "zero-padded" + }, { "name": "label", "value": "SA-17" @@ -111319,11 +93767,6 @@ "id": "sa-17_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -111335,11 +93778,6 @@ "id": "sa-17_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -111351,11 +93789,6 @@ "id": "sa-17_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -111396,23 +93829,6 @@ "id": "sa-17_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-17(a)[01]", @@ -111431,23 +93847,6 @@ "id": "sa-17_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-17(a)[02]", @@ -111485,23 +93884,6 @@ "id": "sa-17_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-17(b)[01]", @@ -111520,23 +93902,6 @@ "id": "sa-17_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-17(b)[02]", @@ -111574,23 +93939,6 @@ "id": "sa-17_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-17(c)[01]", @@ -111609,23 +93957,6 @@ "id": "sa-17_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-17(c)[02]", @@ -111736,6 +94067,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-21", + "class": "zero-padded" + }, { "name": "label", "value": "SA-21" @@ -111796,11 +94132,6 @@ "id": "sa-21_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -111812,11 +94143,6 @@ "id": "sa-21_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -111846,23 +94172,6 @@ "id": "sa-21_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-21a.", @@ -111881,23 +94190,6 @@ "id": "sa-21_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-21b.", @@ -112014,6 +94306,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-22", + "class": "zero-padded" + }, { "name": "label", "value": "SA-22" @@ -112057,11 +94354,6 @@ "id": "sa-22_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -112073,11 +94365,6 @@ "id": "sa-22_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -112107,23 +94394,6 @@ "id": "sa-22_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-22a.", @@ -112142,23 +94412,6 @@ "id": "sa-22_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-22b.", @@ -112356,6 +94609,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-01", + "class": "zero-padded" + }, { "name": "label", "value": "SC-1" @@ -112419,12 +94677,6 @@ "id": "sc-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -112484,11 +94736,6 @@ "id": "sc-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -112500,12 +94747,6 @@ "id": "sc-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -112570,23 +94811,6 @@ "id": "sc-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[01]", @@ -112605,23 +94829,6 @@ "id": "sc-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[02]", @@ -112640,17 +94847,6 @@ "id": "sc-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[03]", @@ -112669,17 +94865,6 @@ "id": "sc-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[04]", @@ -112709,17 +94894,6 @@ "id": "sc-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.01(a)", @@ -112865,17 +95039,6 @@ "id": "sc-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.01(b)", @@ -112910,23 +95073,6 @@ "id": "sc-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01b.", @@ -112956,23 +95102,6 @@ "id": "sc-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01c.01", @@ -113028,23 +95157,6 @@ "id": "sc-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01c.02", @@ -113163,6 +95275,11 @@ "class": "SP800-53", "title": "Separation of System and User Functionality", "props": [ + { + "name": "label", + "value": "SC-02", + "class": "zero-padded" + }, { "name": "label", "value": "SC-2" @@ -113225,13 +95342,6 @@ { "id": "sc-2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Separate user functionality, including user interface services, from system management functionality." }, { @@ -113243,23 +95353,6 @@ "id": "sc-2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-02", @@ -113347,6 +95440,11 @@ "class": "SP800-53", "title": "Security Function Isolation", "props": [ + { + "name": "label", + "value": "SC-03", + "class": "zero-padded" + }, { "name": "label", "value": "SC-3" @@ -113437,13 +95535,6 @@ { "id": "sc-3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Isolate security functions from nonsecurity functions." }, { @@ -113455,23 +95546,6 @@ "id": "sc-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-03", @@ -113559,6 +95633,11 @@ "class": "SP800-53", "title": "Information in Shared System Resources", "props": [ + { + "name": "label", + "value": "SC-04", + "class": "zero-padded" + }, { "name": "label", "value": "SC-4" @@ -113596,13 +95675,6 @@ { "id": "sc-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent unauthorized and unintended information transfer via shared system resources." }, { @@ -113614,23 +95686,6 @@ "id": "sc-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-04", @@ -113794,6 +95849,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-05", + "class": "zero-padded" + }, { "name": "label", "value": "SC-5" @@ -113848,11 +95908,6 @@ "id": "sc-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -113864,11 +95919,6 @@ "id": "sc-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -113898,23 +95948,6 @@ "id": "sc-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-05a.", @@ -113933,17 +95966,6 @@ "id": "sc-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-05b.", @@ -114051,9 +96073,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07", + "class": "zero-padded" }, { "name": "label", @@ -114209,11 +96231,6 @@ "id": "sc-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -114225,11 +96242,6 @@ "id": "sc-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -114241,11 +96253,6 @@ "id": "sc-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -114304,23 +96311,6 @@ "id": "sc-7_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[01]", @@ -114339,23 +96329,6 @@ "id": "sc-7_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[02]", @@ -114374,23 +96347,6 @@ "id": "sc-7_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[03]", @@ -114409,23 +96365,6 @@ "id": "sc-7_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[04]", @@ -114452,29 +96391,6 @@ "id": "sc-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07b.", @@ -114493,29 +96409,6 @@ "id": "sc-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07c.", @@ -114612,9 +96505,9 @@ "title": "Access Points", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(03)", + "class": "zero-padded" }, { "name": "label", @@ -114645,13 +96538,6 @@ { "id": "sc-7.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Limit the number of external network connections to the system." }, { @@ -114663,29 +96549,6 @@ "id": "sc-7.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(03)", @@ -114790,9 +96653,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(04)", + "class": "zero-padded" }, { "name": "label", @@ -114848,11 +96711,6 @@ "id": "sc-7.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -114864,11 +96722,6 @@ "id": "sc-7.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -114880,11 +96733,6 @@ "id": "sc-7.4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -114896,11 +96744,6 @@ "id": "sc-7.4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -114912,11 +96755,6 @@ "id": "sc-7.4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(e)" @@ -114928,11 +96766,6 @@ "id": "sc-7.4_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(f)" @@ -114944,11 +96777,6 @@ "id": "sc-7.4_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(g)" @@ -114960,11 +96788,6 @@ "id": "sc-7.4_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(h)" @@ -114994,29 +96817,6 @@ "id": "sc-7.4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(a)", @@ -115035,23 +96835,6 @@ "id": "sc-7.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(b)", @@ -115070,23 +96853,6 @@ "id": "sc-7.4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(c)", @@ -115142,23 +96908,6 @@ "id": "sc-7.4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(d)", @@ -115177,23 +96926,6 @@ "id": "sc-7.4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(e)", @@ -115249,29 +96981,6 @@ "id": "sc-7.4_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(f)", @@ -115290,29 +96999,6 @@ "id": "sc-7.4_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(g)", @@ -115331,29 +97017,6 @@ "id": "sc-7.4_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(h)", @@ -115476,9 +97139,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(05)", + "class": "zero-padded" }, { "name": "label", @@ -115509,13 +97172,6 @@ { "id": "sc-7.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Deny network communications traffic by default and allow network communications traffic by exception {{ insert: param, sc-07.05_odp.01 }}.", "parts": [ { @@ -115547,29 +97203,6 @@ "id": "sc-7.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(05)", @@ -115706,9 +97339,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(07)", + "class": "zero-padded" }, { "name": "label", @@ -115739,13 +97372,6 @@ { "id": "sc-7.7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent split tunneling for remote devices connecting to organizational systems unless the split tunnel is securely provisioned using {{ insert: param, sc-07.07_odp }}." }, { @@ -115757,29 +97383,6 @@ "id": "sc-7.7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(07)", @@ -115893,9 +97496,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(08)", + "class": "zero-padded" }, { "name": "label", @@ -115930,13 +97533,6 @@ { "id": "sc-7.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Route {{ insert: param, sc-07.08_odp.01 }} to {{ insert: param, sc-07.08_odp.02 }} through authenticated proxy servers at managed interfaces." }, { @@ -115948,29 +97544,6 @@ "id": "sc-7.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(08)", @@ -116069,6 +97642,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-07(10)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-7(10)" @@ -116115,11 +97693,6 @@ "id": "sc-7.10_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -116131,11 +97704,6 @@ "id": "sc-7.10_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -116165,29 +97733,6 @@ "id": "sc-7.10_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(10)(a)", @@ -116206,23 +97751,6 @@ "id": "sc-7.10_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(10)(b)", @@ -116344,9 +97872,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(12)", + "class": "zero-padded" }, { "name": "label", @@ -116377,13 +97905,6 @@ { "id": "sc-7.12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement {{ insert: param, sc-07.12_odp.01 }} at {{ insert: param, sc-07.12_odp.02 }}." }, { @@ -116395,29 +97916,6 @@ "id": "sc-7.12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(12)", @@ -116506,9 +98004,9 @@ "title": "Fail Secure", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(18)", + "class": "zero-padded" }, { "name": "label", @@ -116556,13 +98054,6 @@ { "id": "sc-7.18_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent systems from entering unsecure states in the event of an operational failure of a boundary protection device." }, { @@ -116574,29 +98065,6 @@ "id": "sc-7.18_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(18)", @@ -116696,9 +98164,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(20)", + "class": "zero-padded" }, { "name": "label", @@ -116729,13 +98197,6 @@ { "id": "sc-7.20_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide the capability to dynamically isolate {{ insert: param, sc-07.20_odp }} from other system components." }, { @@ -116747,29 +98208,6 @@ "id": "sc-7.20_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(20)", @@ -116878,9 +98316,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(21)", + "class": "zero-padded" }, { "name": "label", @@ -116925,13 +98363,6 @@ { "id": "sc-7.21_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ boundary protection mechanisms to isolate {{ insert: param, sc-07.21_odp.01 }} supporting {{ insert: param, sc-07.21_odp.02 }}." }, { @@ -116943,29 +98374,6 @@ "id": "sc-7.21_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(21)", @@ -117073,9 +98481,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-08", + "class": "zero-padded" }, { "name": "label", @@ -117194,13 +98602,6 @@ { "id": "sc-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the {{ insert: param, sc-08_odp }} of transmitted information.", "parts": [ { @@ -117217,7 +98618,7 @@ "value": "Guidance:" } ], - "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n\n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work - e.g. log collection, scanning, etc.\n\n\n\n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters\n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information]" + "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n\n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work – e.g. log collection, scanning, etc.\n\n\n\n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters\n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information]" }, { "id": "sc-8_fr_gdn.2", @@ -117228,7 +98629,7 @@ "value": "Guidance:" } ], - "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n\n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n\n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS's Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS' recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n\n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n\n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n\n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf" + "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n\n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n\n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS’s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS’ recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n\n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n\n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n\n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf" } ] } @@ -117243,29 +98644,6 @@ "id": "sc-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-08", @@ -117370,6 +98748,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-8(1)" @@ -117407,13 +98790,6 @@ { "id": "sc-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to {{ insert: param, sc-08.01_odp }} during transmission.", "parts": [ { @@ -117478,29 +98854,6 @@ "id": "sc-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-08(01)", @@ -117606,6 +98959,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-10", + "class": "zero-padded" + }, { "name": "label", "value": "SC-10" @@ -117639,13 +98997,6 @@ { "id": "sc-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Terminate the network connection associated with a communications session at the end of the session or after {{ insert: param, sc-10_odp }} of inactivity." }, { @@ -117657,29 +99008,6 @@ "id": "sc-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-10", @@ -117784,9 +99112,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-12", + "class": "zero-padded" }, { "name": "label", @@ -117901,10 +99229,6 @@ "href": "#sc-11", "rel": "related" }, - { - "href": "#sc-12", - "rel": "related" - }, { "href": "#sc-13", "rel": "related" @@ -117938,13 +99262,6 @@ { "id": "sc-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: {{ insert: param, sc-12_odp }}.", "parts": [ { @@ -117998,29 +99315,6 @@ "id": "sc-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-12", @@ -118145,6 +99439,11 @@ "class": "SP800-53-enhancement", "title": "Availability", "props": [ + { + "name": "label", + "value": "SC-12(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-12(1)" @@ -118179,13 +99478,6 @@ { "id": "sc-12.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain availability of information in the event of the loss of cryptographic keys by users." }, { @@ -118197,23 +99489,6 @@ "id": "sc-12.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-12(01)", @@ -118329,9 +99604,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-13", + "class": "zero-padded" }, { "name": "label", @@ -118483,11 +99758,6 @@ "id": "sc-13_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -118499,11 +99769,6 @@ "id": "sc-13_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -118595,23 +99860,6 @@ "id": "sc-13_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-13a.", @@ -118630,29 +99878,6 @@ "id": "sc-13_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-13b.", @@ -118764,6 +99989,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-15", + "class": "zero-padded" + }, { "name": "label", "value": "SC-15" @@ -118802,11 +100032,6 @@ "id": "sc-15_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -118818,11 +100043,6 @@ "id": "sc-15_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -118870,23 +100090,6 @@ "id": "sc-15_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-15a.", @@ -118905,29 +100108,6 @@ "id": "sc-15_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-15b.", @@ -119034,6 +100214,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-17", + "class": "zero-padded" + }, { "name": "label", "value": "SC-17" @@ -119101,11 +100286,6 @@ "id": "sc-17_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -119117,11 +100297,6 @@ "id": "sc-17_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -119151,23 +100326,6 @@ "id": "sc-17_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-17a.", @@ -119186,29 +100344,6 @@ "id": "sc-17_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-17b.", @@ -119304,6 +100439,11 @@ "class": "SP800-53", "title": "Mobile Code", "props": [ + { + "name": "label", + "value": "SC-18", + "class": "zero-padded" + }, { "name": "label", "value": "SC-18" @@ -119358,11 +100498,6 @@ "id": "sc-18_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -119374,11 +100509,6 @@ "id": "sc-18_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -119408,17 +100538,6 @@ "id": "sc-18_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-18a.", @@ -119510,23 +100629,6 @@ "id": "sc-18_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-18b.", @@ -119677,6 +100779,11 @@ "class": "SP800-53", "title": "Secure Name/Address Resolution Service (Authoritative Source)", "props": [ + { + "name": "label", + "value": "SC-20", + "class": "zero-padded" + }, { "name": "label", "value": "SC-20" @@ -119743,11 +100850,6 @@ "id": "sc-20_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -119759,11 +100861,6 @@ "id": "sc-20_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -119855,29 +100952,6 @@ "id": "sc-20_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-20a.", @@ -119944,29 +101018,6 @@ "id": "sc-20_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-20b.[01]", @@ -119985,29 +101036,6 @@ "id": "sc-20_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-20b.[02]", @@ -120112,9 +101140,9 @@ "title": "Secure Name/Address Resolution Service (Recursive or Caching Resolver)", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-21", + "class": "zero-padded" }, { "name": "label", @@ -120153,13 +101181,6 @@ { "id": "sc-21_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Request and perform data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources.", "parts": [ { @@ -120224,29 +101245,6 @@ "id": "sc-21_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-21", @@ -120407,6 +101405,11 @@ "class": "SP800-53", "title": "Architecture and Provisioning for Name/Address Resolution Service", "props": [ + { + "name": "label", + "value": "SC-22", + "class": "zero-padded" + }, { "name": "label", "value": "SC-22" @@ -120452,13 +101455,6 @@ { "id": "sc-22_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Ensure the systems that collectively provide name/address resolution service for an organization are fault-tolerant and implement internal and external role separation." }, { @@ -120470,29 +101466,6 @@ "id": "sc-22_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-22", @@ -120635,6 +101608,11 @@ "class": "SP800-53", "title": "Session Authenticity", "props": [ + { + "name": "label", + "value": "SC-23", + "class": "zero-padded" + }, { "name": "label", "value": "SC-23" @@ -120692,13 +101670,6 @@ { "id": "sc-23_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the authenticity of communications sessions." }, { @@ -120710,29 +101681,6 @@ "id": "sc-23_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-23", @@ -120849,6 +101797,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-24", + "class": "zero-padded" + }, { "name": "label", "value": "SC-24" @@ -120911,13 +101864,6 @@ { "id": "sc-24_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Fail to a {{ insert: param, sc-24_odp.02 }} for the following failures on the indicated components while preserving {{ insert: param, sc-24_odp.03 }} in failure: {{ insert: param, sc-24_odp.01 }}." }, { @@ -120929,29 +101875,6 @@ "id": "sc-24_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-24", @@ -121066,9 +101989,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-28", + "class": "zero-padded" }, { "name": "label", @@ -121207,13 +102130,6 @@ { "id": "sc-28_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the {{ insert: param, sc-28_odp.01 }} of the following information at rest: {{ insert: param, sc-28_odp.02 }}.", "parts": [ { @@ -121267,29 +102183,6 @@ "id": "sc-28_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-28", @@ -121402,6 +102295,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-28(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-28(1)" @@ -121443,13 +102341,6 @@ { "id": "sc-28.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of the following information at rest on {{ insert: param, sc-28.01_odp.02 }}: {{ insert: param, sc-28.01_odp.01 }}.", "parts": [ { @@ -121481,29 +102372,6 @@ "id": "sc-28.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-28(01)", @@ -121630,6 +102498,11 @@ "class": "SP800-53", "title": "Process Isolation", "props": [ + { + "name": "label", + "value": "SC-39", + "class": "zero-padded" + }, { "name": "label", "value": "SC-39" @@ -121696,13 +102569,6 @@ { "id": "sc-39_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain a separate execution domain for each executing system process." }, { @@ -121714,29 +102580,6 @@ "id": "sc-39_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-39", @@ -121824,6 +102667,11 @@ "class": "SP800-53", "title": "System Time Synchronization", "props": [ + { + "name": "label", + "value": "SC-45", + "class": "zero-padded" + }, { "name": "label", "value": "SC-45" @@ -121869,13 +102717,6 @@ { "id": "sc-45_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Synchronize system clocks within and between systems and system components." }, { @@ -121887,29 +102728,6 @@ "id": "sc-45_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-45", @@ -122042,9 +102860,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-45(01)", + "class": "zero-padded" }, { "name": "label", @@ -122080,11 +102898,6 @@ "id": "sc-45.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -122096,11 +102909,6 @@ "id": "sc-45.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -122170,23 +102978,6 @@ "id": "sc-45.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-45(01)(a)", @@ -122205,17 +102996,6 @@ "id": "sc-45.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-45(01)(b)", @@ -122415,6 +103195,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-01", + "class": "zero-padded" + }, { "name": "label", "value": "SI-1" @@ -122478,12 +103263,6 @@ "id": "si-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -122543,11 +103322,6 @@ "id": "si-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -122559,12 +103333,6 @@ "id": "si-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -122629,23 +103397,6 @@ "id": "si-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[01]", @@ -122664,23 +103415,6 @@ "id": "si-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[02]", @@ -122699,17 +103433,6 @@ "id": "si-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[03]", @@ -122728,17 +103451,6 @@ "id": "si-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[04]", @@ -122768,17 +103480,6 @@ "id": "si-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.01(a)", @@ -122924,17 +103625,6 @@ "id": "si-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.01(b)", @@ -122969,23 +103659,6 @@ "id": "si-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01b.", @@ -123015,23 +103688,6 @@ "id": "si-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01c.01", @@ -123087,23 +103743,6 @@ "id": "si-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01c.02", @@ -123238,6 +103877,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-02", + "class": "zero-padded" + }, { "name": "label", "value": "SI-2" @@ -123356,11 +104000,6 @@ "id": "si-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -123372,11 +104011,6 @@ "id": "si-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -123388,11 +104022,6 @@ "id": "si-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -123404,11 +104033,6 @@ "id": "si-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -123438,29 +104062,6 @@ "id": "si-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-02a.", @@ -123534,23 +104135,6 @@ "id": "si-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02b.", @@ -123642,23 +104226,6 @@ "id": "si-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02c.", @@ -123714,23 +104281,6 @@ "id": "si-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02d.", @@ -123851,6 +104401,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-2(2)" @@ -123888,13 +104443,6 @@ { "id": "si-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Determine if system components have applicable security-relevant software and firmware updates installed using {{ insert: param, si-02.02_odp.01 }} {{ insert: param, si-02.02_odp.02 }}." }, { @@ -123906,29 +104454,6 @@ "id": "si-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-02(02)", @@ -124027,6 +104552,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-2(3)" @@ -124061,11 +104591,6 @@ "id": "si-2.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -124077,11 +104602,6 @@ "id": "si-2.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -124111,29 +104631,6 @@ "id": "si-2.3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-02(03)(a)", @@ -124152,23 +104649,6 @@ "id": "si-2.3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02(03)(b)", @@ -124352,9 +104832,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-03", + "class": "zero-padded" }, { "name": "label", @@ -124479,11 +104959,6 @@ "id": "si-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -124495,11 +104970,6 @@ "id": "si-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -124511,11 +104981,6 @@ "id": "si-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -124551,11 +105016,6 @@ "id": "si-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -124585,23 +105045,6 @@ "id": "si-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-03a.", @@ -124657,23 +105100,6 @@ "id": "si-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-03b.", @@ -124714,23 +105140,6 @@ "id": "si-3_obj.c.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.01[01]", @@ -124749,23 +105158,6 @@ "id": "si-3_obj.c.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.01[02]", @@ -124803,23 +105195,6 @@ "id": "si-3_obj.c.2-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.02[01]", @@ -124838,23 +105213,6 @@ "id": "si-3_obj.c.2-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.02[02]", @@ -124889,23 +105247,6 @@ "id": "si-3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03d.", @@ -125058,6 +105399,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4" @@ -125282,11 +105628,6 @@ "id": "si-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -125322,11 +105663,6 @@ "id": "si-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -125338,11 +105674,6 @@ "id": "si-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -125378,11 +105709,6 @@ "id": "si-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -125394,11 +105720,6 @@ "id": "si-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -125410,11 +105731,6 @@ "id": "si-4_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -125426,11 +105742,6 @@ "id": "si-4_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -125489,29 +105800,6 @@ "id": "si-4_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04a.01", @@ -125530,29 +105818,6 @@ "id": "si-4_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04a.02", @@ -125634,23 +105899,6 @@ "id": "si-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04b.", @@ -125680,29 +105928,6 @@ "id": "si-4_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04c.01", @@ -125721,29 +105946,6 @@ "id": "si-4_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04c.02", @@ -125770,23 +105972,6 @@ "id": "si-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04d.", @@ -125842,23 +106027,6 @@ "id": "si-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04e.", @@ -125877,23 +106045,6 @@ "id": "si-4_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04f.", @@ -125912,29 +106063,6 @@ "id": "si-4_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04g.", @@ -126031,9 +106159,9 @@ "title": "System-wide Intrusion Detection System", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(01)", + "class": "zero-padded" }, { "name": "label", @@ -126074,13 +106202,6 @@ { "id": "si-4.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Connect and configure individual intrusion detection tools into a system-wide intrusion detection system." }, { @@ -126103,23 +106224,6 @@ "id": "si-4.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(01)[01]", @@ -126138,23 +106242,6 @@ "id": "si-4.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(01)[02]", @@ -126251,9 +106338,9 @@ "title": "Automated Tools and Mechanisms for Real-time Analysis", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(02)", + "class": "zero-padded" }, { "name": "label", @@ -126297,13 +106384,6 @@ { "id": "si-4.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ automated tools and mechanisms to support near real-time analysis of events." }, { @@ -126315,29 +106395,6 @@ "id": "si-4.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(02)", @@ -126476,6 +106533,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04(04)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(4)" @@ -126515,11 +106577,6 @@ "id": "si-4.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -126531,11 +106588,6 @@ "id": "si-4.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -126565,23 +106617,6 @@ "id": "si-4.4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(04)(a)", @@ -126637,29 +106672,6 @@ "id": "si-4.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(04)(b)", @@ -126812,6 +106824,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04(05)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(5)" @@ -126858,13 +106875,6 @@ { "id": "si-4.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Alert {{ insert: param, si-04.05_odp.01 }} when the following system-generated indications of compromise or potential compromise occur: {{ insert: param, si-04.05_odp.02 }}.", "parts": [ { @@ -126896,29 +106906,6 @@ "id": "si-4.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(05)", @@ -127027,9 +107014,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(10)", + "class": "zero-padded" }, { "name": "label", @@ -127065,13 +107052,6 @@ { "id": "si-4.10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Make provisions so that {{ insert: param, si-04.10_odp.01 }} is visible to {{ insert: param, si-04.10_odp.02 }}.", "parts": [ { @@ -127103,23 +107083,6 @@ "id": "si-4.10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(10)", @@ -127218,6 +107181,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04(11)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(11)" @@ -127257,13 +107225,6 @@ { "id": "si-4.11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Analyze outbound communications traffic at the external interfaces to the system and selected {{ insert: param, si-04.11_odp }} to discover anomalies." }, { @@ -127275,29 +107236,6 @@ "id": "si-4.11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(11)", @@ -127451,6 +107389,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04(12)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(12)" @@ -127490,13 +107433,6 @@ { "id": "si-4.12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Alert {{ insert: param, si-04.12_odp.01 }} using {{ insert: param, si-04.12_odp.02 }} when the following indications of inappropriate or unusual activities with security or privacy implications occur: {{ insert: param, si-04.12_odp.03 }}." }, { @@ -127508,29 +107444,6 @@ "id": "si-4.12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(12)", @@ -127618,6 +107531,11 @@ "class": "SP800-53-enhancement", "title": "Wireless Intrusion Detection", "props": [ + { + "name": "label", + "value": "SI-04(14)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(14)" @@ -127660,13 +107578,6 @@ { "id": "si-4.14_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ a wireless intrusion detection system to identify rogue wireless devices and to detect attack attempts and potential compromises or breaches to the system." }, { @@ -127678,23 +107589,6 @@ "id": "si-4.14_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(14)", @@ -127838,9 +107732,9 @@ "title": "Correlate Monitoring Information", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(16)", + "class": "zero-padded" }, { "name": "label", @@ -127885,13 +107779,6 @@ { "id": "si-4.16_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Correlate information from monitoring tools and mechanisms employed throughout the system." }, { @@ -127903,23 +107790,6 @@ "id": "si-4.16_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(16)", @@ -128018,6 +107888,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04(18)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(18)" @@ -128057,13 +107932,6 @@ { "id": "si-4.18_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Analyze outbound communications traffic at external interfaces to the system and at the following interior points to detect covert exfiltration of information: {{ insert: param, si-04.18_odp }}." }, { @@ -128075,23 +107943,6 @@ "id": "si-4.18_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(18)", @@ -128237,9 +108088,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(19)", + "class": "zero-padded" }, { "name": "label", @@ -128275,13 +108126,6 @@ { "id": "si-4.19_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement {{ insert: param, si-04.19_odp.01 }} of individuals who have been identified by {{ insert: param, si-04.19_odp.02 }} as posing an increased level of risk." }, { @@ -128293,23 +108137,6 @@ "id": "si-4.19_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(19)", @@ -128409,9 +108236,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(20)", + "class": "zero-padded" }, { "name": "label", @@ -128451,13 +108278,6 @@ { "id": "si-4.20_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement the following additional monitoring of privileged users: {{ insert: param, si-04.20_odp }}." }, { @@ -128469,29 +108289,6 @@ "id": "si-4.20_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(20)", @@ -128609,6 +108406,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04(22)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(22)" @@ -128652,11 +108454,6 @@ "id": "si-4.22_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -128668,11 +108465,6 @@ "id": "si-4.22_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -128702,29 +108494,6 @@ "id": "si-4.22_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(22)(a)", @@ -128743,23 +108512,6 @@ "id": "si-4.22_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(22)(b)", @@ -128876,9 +108628,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(23)", + "class": "zero-padded" }, { "name": "label", @@ -128922,13 +108674,6 @@ { "id": "si-4.23_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement the following host-based monitoring mechanisms at {{ insert: param, si-04.23_odp.02 }}: {{ insert: param, si-04.23_odp.01 }}." }, { @@ -128940,29 +108685,6 @@ "id": "si-4.23_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(23)", @@ -129111,6 +108833,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-05", + "class": "zero-padded" + }, { "name": "label", "value": "SI-5" @@ -129162,11 +108889,6 @@ "id": "si-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -129178,11 +108900,6 @@ "id": "si-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -129194,11 +108911,6 @@ "id": "si-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -129210,11 +108922,6 @@ "id": "si-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -129256,29 +108963,6 @@ "id": "si-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05a.", @@ -129297,23 +108981,6 @@ "id": "si-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05b.", @@ -129332,29 +108999,6 @@ "id": "si-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05c.", @@ -129373,23 +109017,6 @@ "id": "si-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05d.", @@ -129496,6 +109123,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-5(1)" @@ -129530,13 +109162,6 @@ { "id": "si-5.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Broadcast security alert and advisory information throughout the organization using {{ insert: param, si-05.01_odp }}." }, { @@ -129548,23 +109173,6 @@ "id": "si-5.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-05(01)", @@ -129752,9 +109360,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-06", + "class": "zero-padded" }, { "name": "label", @@ -129811,11 +109419,6 @@ "id": "si-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -129827,11 +109430,6 @@ "id": "si-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -129843,11 +109441,6 @@ "id": "si-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -129859,11 +109452,6 @@ "id": "si-6_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -129893,23 +109481,6 @@ "id": "si-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-06a.", @@ -129965,23 +109536,6 @@ "id": "si-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-06b.", @@ -130037,23 +109591,6 @@ "id": "si-6_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-06c.", @@ -130109,23 +109646,6 @@ "id": "si-6_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-06d.", @@ -130286,9 +109806,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-07", + "class": "zero-padded" }, { "name": "label", @@ -130450,11 +109970,6 @@ "id": "si-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -130466,11 +109981,6 @@ "id": "si-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -130500,23 +110010,6 @@ "id": "si-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-07a.", @@ -130590,23 +110083,6 @@ "id": "si-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-07b.", @@ -130907,9 +110383,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-07(01)", + "class": "zero-padded" }, { "name": "label", @@ -130945,13 +110421,6 @@ { "id": "si-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Perform an integrity check of {{ insert: param, si-7.1_prm_1 }} {{ insert: param, si-7.1_prm_2 }}." }, { @@ -130963,29 +110432,6 @@ "id": "si-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-07(01)", @@ -131144,6 +110590,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-07(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-7(2)" @@ -131178,13 +110629,6 @@ { "id": "si-7.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ automated tools that provide notification to {{ insert: param, si-07.02_odp }} upon discovering discrepancies during integrity verification." }, { @@ -131196,29 +110640,6 @@ "id": "si-7.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-07(02)", @@ -131328,6 +110749,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-07(05)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-7(5)" @@ -131362,13 +110788,6 @@ { "id": "si-7.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Automatically {{ insert: param, si-07.05_odp.01 }} when integrity violations are discovered." }, { @@ -131380,29 +110799,6 @@ "id": "si-7.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-07(05)", @@ -131501,6 +110897,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-07(07)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-7(7)" @@ -131555,13 +110956,6 @@ { "id": "si-7.7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Incorporate the detection of the following unauthorized changes into the organizational incident response capability: {{ insert: param, si-07.07_odp }}." }, { @@ -131573,23 +110967,6 @@ "id": "si-7.7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-07(07)", @@ -131693,6 +111070,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-07(15)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-7(15)" @@ -131739,13 +111121,6 @@ { "id": "si-7.15_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to authenticate the following software or firmware components prior to installation: {{ insert: param, si-07.15_odp }}." }, { @@ -131757,23 +111132,6 @@ "id": "si-7.15_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-07(15)", @@ -131863,6 +111221,11 @@ "class": "SP800-53", "title": "Spam Protection", "props": [ + { + "name": "label", + "value": "SI-08", + "class": "zero-padded" + }, { "name": "label", "value": "SI-8" @@ -131925,11 +111288,6 @@ "id": "si-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -131941,11 +111299,6 @@ "id": "si-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -132004,23 +111357,6 @@ "id": "si-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-08a.", @@ -132112,23 +111448,6 @@ "id": "si-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-08b.", @@ -132235,6 +111554,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-08(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-8(2)" @@ -132264,13 +111588,6 @@ { "id": "si-8.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Automatically update spam protection mechanisms {{ insert: param, si-08.02_odp }}." }, { @@ -132282,23 +111599,6 @@ "id": "si-8.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-08(02)", @@ -132400,9 +111700,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-10", + "class": "zero-padded" }, { "name": "label", @@ -132438,13 +111738,6 @@ { "id": "si-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Check the validity of the following information inputs: {{ insert: param, si-10_odp }}.", "parts": [ { @@ -132476,17 +111769,6 @@ "id": "si-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-10", @@ -132590,6 +111872,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-11", + "class": "zero-padded" + }, { "name": "label", "value": "SI-11" @@ -132640,11 +111927,6 @@ "id": "si-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -132656,11 +111938,6 @@ "id": "si-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -132690,17 +111967,6 @@ "id": "si-11_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-11a.", @@ -132719,17 +111985,6 @@ "id": "si-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-11b.", @@ -132825,6 +112080,11 @@ "class": "SP800-53", "title": "Information Management and Retention", "props": [ + { + "name": "label", + "value": "SI-12", + "class": "zero-padded" + }, { "name": "label", "value": "SI-12" @@ -132982,13 +112242,6 @@ { "id": "si-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Manage and retain information within the system and information output from the system in accordance with applicable laws, executive orders, directives, regulations, policies, standards, guidelines and operational requirements." }, { @@ -133000,23 +112253,6 @@ "id": "si-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-12", @@ -133188,6 +112424,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-16", + "class": "zero-padded" + }, { "name": "label", "value": "SI-16" @@ -133230,13 +112471,6 @@ { "id": "si-16_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement the following controls to protect the system memory from unauthorized code execution: {{ insert: param, si-16_odp }}." }, { @@ -133248,23 +112482,6 @@ "id": "si-16_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-16", @@ -133459,6 +112676,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-01", + "class": "zero-padded" + }, { "name": "label", "value": "SR-1" @@ -133546,12 +112768,6 @@ "id": "sr-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -133611,11 +112827,6 @@ "id": "sr-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -133627,12 +112838,6 @@ "id": "sr-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -133697,23 +112902,6 @@ "id": "sr-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[01]", @@ -133732,23 +112920,6 @@ "id": "sr-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[02]", @@ -133767,17 +112938,6 @@ "id": "sr-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[03]", @@ -133796,17 +112956,6 @@ "id": "sr-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[04]", @@ -133836,17 +112985,6 @@ "id": "sr-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.01(a)", @@ -133992,17 +113130,6 @@ "id": "sr-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.01(b)", @@ -134037,23 +113164,6 @@ "id": "sr-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01b.", @@ -134083,23 +113193,6 @@ "id": "sr-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01c.01", @@ -134155,23 +113248,6 @@ "id": "sr-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01c.02", @@ -134315,6 +113391,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-02", + "class": "zero-padded" + }, { "name": "label", "value": "SR-2" @@ -134446,11 +113527,6 @@ "id": "sr-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -134462,11 +113538,6 @@ "id": "sr-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -134478,11 +113549,6 @@ "id": "sr-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -134523,23 +113589,6 @@ "id": "sr-2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[01]", @@ -134558,17 +113607,6 @@ "id": "sr-2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[02]", @@ -134587,17 +113625,6 @@ "id": "sr-2_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[03]", @@ -134616,17 +113643,6 @@ "id": "sr-2_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[04]", @@ -134645,17 +113661,6 @@ "id": "sr-2_obj.a-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[05]", @@ -134674,17 +113679,6 @@ "id": "sr-2_obj.a-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[06]", @@ -134703,17 +113697,6 @@ "id": "sr-2_obj.a-7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[07]", @@ -134732,17 +113715,6 @@ "id": "sr-2_obj.a-8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[08]", @@ -134761,17 +113733,6 @@ "id": "sr-2_obj.a-9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[09]", @@ -134798,23 +113759,6 @@ "id": "sr-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-02b.", @@ -134833,23 +113777,6 @@ "id": "sr-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-02c.", @@ -135002,6 +113929,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-2(1)" @@ -135036,13 +113968,6 @@ { "id": "sr-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish a supply chain risk management team consisting of {{ insert: param, sr-02.01_odp.01 }} to lead and support the following SCRM activities: {{ insert: param, sr-02.01_odp.02 }}." }, { @@ -135054,23 +113979,6 @@ "id": "sr-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-02(01)", @@ -135187,6 +114095,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-03", + "class": "zero-padded" + }, { "name": "label", "value": "SR-3" @@ -135347,11 +114260,6 @@ "id": "sr-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -135363,11 +114271,6 @@ "id": "sr-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -135379,11 +114282,6 @@ "id": "sr-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -135442,23 +114340,6 @@ "id": "sr-3_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-03a.[01]", @@ -135477,23 +114358,6 @@ "id": "sr-3_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-03a.[02]", @@ -135520,23 +114384,6 @@ "id": "sr-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-03b.", @@ -135555,23 +114402,6 @@ "id": "sr-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-03c.", @@ -135678,6 +114508,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-05", + "class": "zero-padded" + }, { "name": "label", "value": "SR-5" @@ -135796,13 +114631,6 @@ { "id": "sr-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ the following acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks: {{ insert: param, sr-05_odp }}." }, { @@ -135814,29 +114642,6 @@ "id": "sr-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-05", @@ -135995,6 +114800,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-06", + "class": "zero-padded" + }, { "name": "label", "value": "SR-6" @@ -136085,13 +114895,6 @@ { "id": "sr-6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Assess and review the supply chain-related risks associated with suppliers or contractors and the system, system component, or system service they provide {{ insert: param, sr-06_odp }}.", "parts": [ { @@ -136123,23 +114926,6 @@ "id": "sr-6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-06", @@ -136253,6 +115039,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-08", + "class": "zero-padded" + }, { "name": "label", "value": "SR-8" @@ -136323,13 +115114,6 @@ { "id": "sr-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the {{ insert: param, sr-08_odp.01 }}.", "parts": [ { @@ -136361,23 +115145,6 @@ "id": "sr-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-08", @@ -136465,6 +115232,11 @@ "class": "SP800-53", "title": "Tamper Resistance and Detection", "props": [ + { + "name": "label", + "value": "SR-09", + "class": "zero-padded" + }, { "name": "label", "value": "SR-9" @@ -136539,13 +115311,6 @@ { "id": "sr-9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement a tamper protection program for the system, system component, or system service.", "parts": [ { @@ -136577,23 +115342,6 @@ "id": "sr-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-09", @@ -136681,6 +115429,11 @@ "class": "SP800-53-enhancement", "title": "Multiple Stages of System Development Life Cycle", "props": [ + { + "name": "label", + "value": "SR-09(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-9(1)" @@ -136719,13 +115472,6 @@ { "id": "sr-9.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ anti-tamper technologies, tools, and techniques throughout the system development life cycle." }, { @@ -136737,23 +115483,6 @@ "id": "sr-9.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-09(01)", @@ -136883,6 +115612,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-10", + "class": "zero-padded" + }, { "name": "label", "value": "SR-10" @@ -136953,13 +115687,6 @@ { "id": "sr-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Inspect the following systems or system components {{ insert: param, sr-10_odp.02 }} to detect tampering: {{ insert: param, sr-10_odp.01 }}." }, { @@ -136971,23 +115698,6 @@ "id": "sr-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-10", @@ -137106,6 +115816,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11" @@ -137165,11 +115880,6 @@ "id": "sr-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -137181,11 +115891,6 @@ "id": "sr-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -137244,23 +115949,6 @@ "id": "sr-11_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[01]", @@ -137279,23 +115967,6 @@ "id": "sr-11_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[02]", @@ -137314,23 +115985,6 @@ "id": "sr-11_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[03]", @@ -137349,23 +116003,6 @@ "id": "sr-11_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[04]", @@ -137392,23 +116029,6 @@ "id": "sr-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11b.", @@ -137515,6 +116135,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11(1)" @@ -137553,13 +116178,6 @@ { "id": "sr-11.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Train {{ insert: param, sr-11.01_odp }} to detect counterfeit system components (including hardware, software, and firmware)." }, { @@ -137571,23 +116189,6 @@ "id": "sr-11.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11(01)", @@ -137691,6 +116292,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11(2)" @@ -137741,13 +116347,6 @@ { "id": "sr-11.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain configuration control over the following system components awaiting service or repair and serviced or repaired components awaiting return to service: {{ insert: param, sr-11.02_odp }}." }, { @@ -137759,23 +116358,6 @@ "id": "sr-11.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11(02)", @@ -137922,6 +116504,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-12", + "class": "zero-padded" + }, { "name": "label", "value": "SR-12" @@ -137956,13 +116543,6 @@ { "id": "sr-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Dispose of {{ insert: param, sr-12_odp.01 }} using the following techniques and methods: {{ insert: param, sr-12_odp.02 }}." }, { @@ -137974,23 +116554,6 @@ "id": "sr-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-12", diff --git a/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline_profile-min.json b/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline_profile-min.json index c67751aaa..b155b8bc9 100644 --- a/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline_profile-min.json +++ b/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline_profile-min.json @@ -1,11 +1,11 @@ { "profile": { - "uuid": "2ef3cdd1-6928-494b-b2ef-593e774fae38", + "uuid": "8ed4b202-ef72-45d1-a0a1-21342469d481", "metadata": { "title": "FedRAMP Rev 5 High Baseline", "published": "2023-08-31T00:00:00Z", - "last-modified": "2024-01-11T23:40:17Z", - "version": "5.1.1+fedramp-20240111-0", + "last-modified": "2023-12-18T15:22:59Z", + "version": "5.1.1+20231218-1", "oscal-version": "1.1.1", "roles": [ { @@ -2027,7 +2027,7 @@ "param-id": "ps-03.03_odp", "constraints": [ { - "description": "personnel screening criteria - as required by specific information" + "description": "personnel screening criteria \u2013 as required by specific information" } ] }, @@ -2730,34871 +2730,996 @@ ], "alters": [ { - "control-id": "ac-1", + "control-id": "ac-2.3", "adds": [ { - "position": "starting", - "by-id": "ac-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_smt.c", - "props": [ + "position": "ending", + "by-id": "ac-2.3_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." + "id": "ac-2.3_fr", + "name": "item", + "title": "AC-2 (3) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-2.3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider defines the time period for non-user accounts (e.g., accounts associated with devices). The time periods are approved and accepted by the JAB/AO. Where user management is a function of the service, reports of activity of consumer users shall be made available." + }, + { + "id": "ac-2.3_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(d) Requirement:" + } + ], + "prose": "The service provider defines the time period of inactivity for device identifiers." + }, + { + "id": "ac-2.3_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For DoD clouds, see DoD cloud website for specific DoD requirements that go above and beyond FedRAMP https://public.cyber.mil/dccs/." + } + ] } ] } ] }, { - "control-id": "ac-10", + "control-id": "ac-2.5", "adds": [ { - "position": "starting", - "by-id": "ac-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-10_smt", - "props": [ + "position": "ending", + "by-id": "ac-2.5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-2.5_fr", + "name": "item", + "title": "AC-2 (5) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-2.5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Should use a shorter timeframe than AC-12." + } + ] } ] } ] }, { - "control-id": "ac-11", + "control-id": "ac-2.9", "adds": [ { - "position": "starting", - "by-id": "ac-11_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-11_smt.b", - "props": [ + "position": "ending", + "by-id": "ac-2.9_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-2.9_fr", + "name": "item", + "title": "AC-2 (9) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-2.9_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Required if shared/group accounts are deployed." + } + ] } ] } ] }, { - "control-id": "ac-11.1", + "control-id": "ac-2.12", "adds": [ { - "position": "starting", - "by-id": "ac-11.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-11.1_smt", - "props": [ + "position": "ending", + "by-id": "ac-2.12_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-2.12_fr", + "name": "item", + "title": "AC-2 (12) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-2.12_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "Required for privileged accounts." + }, + { + "id": "ac-2.12_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(b) Requirement:" + } + ], + "prose": "Required for privileged accounts." + } + ] } ] } ] }, { - "control-id": "ac-12", + "control-id": "ac-4.4", "adds": [ { - "position": "starting", - "by-id": "ac-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-12_smt", - "props": [ + "position": "ending", + "by-id": "ac-4.4_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-4.4_fr", + "name": "item", + "title": "AC-4 (4) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-4.4_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf) and M-22-09 (https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf)." + } + ] } ] } ] }, { - "control-id": "ac-14", + "control-id": "ac-5", "adds": [ { - "position": "starting", - "by-id": "ac-14_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-14_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, + "position": "ending", + "by-id": "ac-5_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-14_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-14_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-5_fr", + "name": "item", + "title": "AC-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "CSPs have the option to provide a separation of duties matrix as an attachment to the SSP." + } + ] } ] } ] }, { - "control-id": "ac-17", + "control-id": "ac-6.2", "adds": [ { - "position": "starting", - "by-id": "ac-17_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-17_smt.b", - "props": [ + "position": "ending", + "by-id": "ac-6.2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-6.2_fr", + "name": "item", + "title": "AC-6 (2) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-6.2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Examples of security functions include but are not limited to: establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters, system programming, system and security administration, other privileged functions." + } + ] } ] } ] }, { - "control-id": "ac-17.1", + "control-id": "ac-7", "adds": [ { - "position": "starting", - "by-id": "ac-17.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.1_smt", - "props": [ + "position": "ending", + "by-id": "ac-7_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-7_fr", + "name": "item", + "title": "AC-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-7_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "In alignment with NIST SP 800-63B." + } + ] } ] } ] }, { - "control-id": "ac-17.2", + "control-id": "ac-8", "adds": [ { - "position": "starting", - "by-id": "ac-17.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.2", - "props": [ + "position": "ending", + "by-id": "ac-8_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ac-8_fr", + "name": "item", + "title": "AC-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-8_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider shall determine elements of the cloud environment that require the System Use Notification control. The elements of the cloud environment that require System Use Notification are approved and accepted by the JAB/AO." + }, + { + "id": "ac-8_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider shall determine how System Use Notification is going to be verified and provide appropriate periodicity of the check. The System Use Notification verification and periodicity are approved and accepted by the JAB/AO." + }, + { + "id": "ac-8_fr_smt.3", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "If not performed as part of a Configuration Baseline check, then there must be documented agreement on how to provide results of verification and the necessary periodicity of the verification by the service provider. The documented agreement on how to provide verification of the results are approved and accepted by the JAB/AO." + }, + { + "id": "ac-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "If performed as part of a Configuration Baseline check, then the % of items requiring setting that are checked and that pass (or fail) check can be provided." + } + ] } ] } ] }, { - "control-id": "ac-17.3", + "control-id": "ac-20", "adds": [ { - "position": "starting", - "by-id": "ac-17.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.3_smt", - "props": [ + "position": "ending", + "by-id": "ac-20_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-20_fr", + "name": "item", + "title": "AC-20 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-20_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The interrelated controls of AC-20, CA-3, and SA-9 should be differentiated as follows:\n\nAC-20 describes system access to and from external systems.\n\nCA-3 describes documentation of an agreement between the respective system owners when data is exchanged between the CSO and an external system.\n\nSA-9 describes the responsibilities of external system owners. These responsibilities would typically be captured in the agreement required by CA-3." + } + ] } ] } ] }, { - "control-id": "ac-17.4", + "control-id": "au-2", "adds": [ { - "position": "starting", - "by-id": "ac-17.4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_smt.b", - "props": [ + "position": "ending", + "by-id": "au-2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-2_fr", + "name": "item", + "title": "AU-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-2_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO." + }, + { + "id": "au-2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(e) Guidance:" + } + ], + "prose": "Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO." + } + ] } ] } ] }, { - "control-id": "ac-18", + "control-id": "au-3.1", "adds": [ { - "position": "starting", - "by-id": "ac-18_obj.a", - "props": [ + "position": "ending", + "by-id": "au-3.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-18_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-3.1_fr", + "name": "item", + "title": "AU-3 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-3.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For client-server transactions, the number of bytes sent and received gives bidirectional transfer information that can be helpful during an investigation or inquiry." + } + ] } ] } ] }, { - "control-id": "ac-18.1", + "control-id": "au-6", "adds": [ { - "position": "starting", - "by-id": "ac-18.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18.1_smt", - "props": [ + "position": "ending", + "by-id": "au-6_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-6_fr", + "name": "item", + "title": "AU-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-6_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO. In multi-tenant environments, capability and means for providing review, analysis, and reporting to consumer for data pertaining to consumer shall be documented." + } + ] } ] } ] }, { - "control-id": "ac-18.3", + "control-id": "au-6.6", "adds": [ { - "position": "starting", - "by-id": "ac-18.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18.3_smt", - "props": [ + "position": "ending", + "by-id": "au-6.6_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-6.6_fr", + "name": "item", + "title": "AU-6 (6) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-6.6_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO." + } + ] } ] } ] }, { - "control-id": "ac-18.4", + "control-id": "au-9.3", "adds": [ { - "position": "starting", - "by-id": "ac-18.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18.4_smt", - "props": [ + "position": "ending", + "by-id": "au-9.3_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-9.3_fr", + "name": "item", + "title": "AU-9 (3) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-9.3_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" + } + ] } ] } ] }, { - "control-id": "ac-18.5", + "control-id": "au-11", "adds": [ { - "position": "starting", - "by-id": "ac-18.5_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18.5_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18.5_smt", - "props": [ + "position": "ending", + "by-id": "au-11_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-11_fr", + "name": "item", + "title": "AU-11 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-11_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider retains audit records on-line for at least ninety days and further preserves audit records off-line for a period that is in accordance with NARA requirements." + }, + { + "id": "au-11_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf)" + }, + { + "id": "au-11_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The service provider is encouraged to align with M-21-31 where possible" + } + ] } ] } ] }, { - "control-id": "ac-19", + "control-id": "ca-2", "adds": [ { - "position": "starting", - "by-id": "ac-19_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-19_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-19_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-19_smt.b", - "props": [ + "position": "ending", + "by-id": "ca-2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ca-2_fr", + "name": "item", + "title": "CA-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Reference FedRAMP Annual Assessment Guidance." + } + ] } ] } ] }, { - "control-id": "ac-19.5", + "control-id": "ca-2.1", "adds": [ { - "position": "starting", - "by-id": "ac-19.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-19.5_smt", - "props": [ + "position": "ending", + "by-id": "ca-2.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ca-2.1_fr", + "name": "item", + "title": "CA-2 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-2.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "For JAB Authorization, must use an accredited 3PAO." + } + ] } ] } ] }, { - "control-id": "ac-2", + "control-id": "ca-2.2", "adds": [ { - "position": "starting", - "by-id": "ac-2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, + "position": "ending", + "by-id": "ca-2.2_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.i.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.i.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.i.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.j", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.k-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.k-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.l", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.j", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.k", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.l", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.1", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.11", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.11", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.13", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.13_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.13_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.13", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.2", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.3", - "adds": [ - { - "position": "ending", - "by-id": "ac-2.3_smt", - "parts": [ - { - "id": "ac-2.3_fr", - "name": "item", - "title": "AC-2 (3) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-2.3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider defines the time period for non-user accounts (e.g., accounts associated with devices). The time periods are approved and accepted by the JAB/AO. Where user management is a function of the service, reports of activity of consumer users shall be made available." - }, - { - "id": "ac-2.3_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(d) Requirement:" - } - ], - "prose": "The service provider defines the time period of inactivity for device identifiers." - }, - { - "id": "ac-2.3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "For DoD clouds, see DoD cloud website for specific DoD requirements that go above and beyond FedRAMP https://public.cyber.mil/dccs/." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.4", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.5", - "adds": [ - { - "position": "ending", - "by-id": "ac-2.5_smt", - "parts": [ - { - "id": "ac-2.5_fr", - "name": "item", - "title": "AC-2 (5) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-2.5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Should use a shorter timeframe than AC-12." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.7", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.9", - "adds": [ - { - "position": "ending", - "by-id": "ac-2.9_smt", - "parts": [ - { - "id": "ac-2.9_fr", - "name": "item", - "title": "AC-2 (9) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-2.9_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Required if shared/group accounts are deployed." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.9", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.12", - "adds": [ - { - "position": "ending", - "by-id": "ac-2.12_smt", - "parts": [ - { - "id": "ac-2.12_fr", - "name": "item", - "title": "AC-2 (12) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-2.12_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "Required for privileged accounts." - }, - { - "id": "ac-2.12_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "Required for privileged accounts." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-20.1", - "adds": [ - { - "position": "starting", - "by-id": "ac-20.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-20.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-20.2", - "adds": [ - { - "position": "starting", - "by-id": "ac-20.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-21", - "adds": [ - { - "position": "starting", - "by-id": "ac-21_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-21_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-21_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-21_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-22", - "adds": [ - { - "position": "starting", - "by-id": "ac-22_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-3", - "adds": [ - { - "position": "starting", - "by-id": "ac-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-4", - "adds": [ - { - "position": "starting", - "by-id": "ac-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-4.21", - "adds": [ - { - "position": "starting", - "by-id": "ac-4.21_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-4.21_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-4.4", - "adds": [ - { - "position": "ending", - "by-id": "ac-4.4_smt", - "parts": [ - { - "id": "ac-4.4_fr", - "name": "item", - "title": "AC-4 (4) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-4.4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf) and M-22-09 (https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-4.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-4.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-5", - "adds": [ - { - "position": "ending", - "by-id": "ac-5_smt", - "parts": [ - { - "id": "ac-5_fr", - "name": "item", - "title": "AC-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "CSPs have the option to provide a separation of duties matrix as an attachment to the SSP." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-6", - "adds": [ - { - "position": "starting", - "by-id": "ac-6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.1", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-6.10", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.10", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.2", - "adds": [ - { - "position": "ending", - "by-id": "ac-6.2_smt", - "parts": [ - { - "id": "ac-6.2_fr", - "name": "item", - "title": "AC-6 (2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-6.2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Examples of security functions include but are not limited to: establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters, system programming, system and security administration, other privileged functions." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.3", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.3_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.3_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.5", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.7", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-6.8", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.9", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-7", - "adds": [ - { - "position": "ending", - "by-id": "ac-7_smt", - "parts": [ - { - "id": "ac-7_fr", - "name": "item", - "title": "AC-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "In alignment with NIST SP 800-63B." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-8", - "adds": [ - { - "position": "ending", - "by-id": "ac-8_smt", - "parts": [ - { - "id": "ac-8_fr", - "name": "item", - "title": "AC-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider shall determine elements of the cloud environment that require the System Use Notification control. The elements of the cloud environment that require System Use Notification are approved and accepted by the JAB/AO." - }, - { - "id": "ac-8_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider shall determine how System Use Notification is going to be verified and provide appropriate periodicity of the check. The System Use Notification verification and periodicity are approved and accepted by the JAB/AO." - }, - { - "id": "ac-8_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "If not performed as part of a Configuration Baseline check, then there must be documented agreement on how to provide results of verification and the necessary periodicity of the verification by the service provider. The documented agreement on how to provide verification of the results are approved and accepted by the JAB/AO." - }, - { - "id": "ac-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "If performed as part of a Configuration Baseline check, then the % of items requiring setting that are checked and that pass (or fail) check can be provided." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-20", - "adds": [ - { - "position": "ending", - "by-id": "ac-20_smt", - "parts": [ - { - "id": "ac-20_fr", - "name": "item", - "title": "AC-20 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-20_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The interrelated controls of AC-20, CA-3, and SA-9 should be differentiated as follows:\n\nAC-20 describes system access to and from external systems.\n\nCA-3 describes documentation of an agreement between the respective system owners when data is exchanged between the CSO and an external system.\n\nSA-9 describes the responsibilities of external system owners. These responsibilities would typically be captured in the agreement required by CA-3." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-1", - "adds": [ - { - "position": "starting", - "by-id": "at-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "at-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "at-2", - "adds": [ - { - "position": "starting", - "by-id": "at-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.1-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.1-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-2.2", - "adds": [ - { - "position": "starting", - "by-id": "at-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-2.3", - "adds": [ - { - "position": "starting", - "by-id": "at-2.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-3", - "adds": [ - { - "position": "starting", - "by-id": "at-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-4", - "adds": [ - { - "position": "starting", - "by-id": "at-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-1", - "adds": [ - { - "position": "starting", - "by-id": "au-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "au-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "au-10", - "adds": [ - { - "position": "starting", - "by-id": "au-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-10", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-12", - "adds": [ - { - "position": "starting", - "by-id": "au-12_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-12.1", - "adds": [ - { - "position": "starting", - "by-id": "au-12.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-12.3", - "adds": [ - { - "position": "starting", - "by-id": "au-12.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12.3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-2", - "adds": [ - { - "position": "ending", - "by-id": "au-2_smt", - "parts": [ - { - "id": "au-2_fr", - "name": "item", - "title": "AU-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO." - }, - { - "id": "au-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(e) Guidance:" - } - ], - "prose": "Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-3", - "adds": [ - { - "position": "starting", - "by-id": "au-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-3.1", - "adds": [ - { - "position": "ending", - "by-id": "au-3.1_smt", - "parts": [ - { - "id": "au-3.1_fr", - "name": "item", - "title": "AU-3 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-3.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "For client-server transactions, the number of bytes sent and received gives bidirectional transfer information that can be helpful during an investigation or inquiry." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-3.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-3.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-4", - "adds": [ - { - "position": "starting", - "by-id": "au-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-5", - "adds": [ - { - "position": "starting", - "by-id": "au-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-5.1", - "adds": [ - { - "position": "starting", - "by-id": "au-5.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-5.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-5.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-5.2", - "adds": [ - { - "position": "starting", - "by-id": "au-5.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-5.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-5.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6", - "adds": [ - { - "position": "ending", - "by-id": "au-6_smt", - "parts": [ - { - "id": "au-6_fr", - "name": "item", - "title": "AU-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO. In multi-tenant environments, capability and means for providing review, analysis, and reporting to consumer for data pertaining to consumer shall be documented." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6.1", - "adds": [ - { - "position": "starting", - "by-id": "au-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6.3", - "adds": [ - { - "position": "starting", - "by-id": "au-6.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6.3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6.4", - "adds": [ - { - "position": "starting", - "by-id": "au-6.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6.4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6.5", - "adds": [ - { - "position": "starting", - "by-id": "au-6.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6.6", - "adds": [ - { - "position": "ending", - "by-id": "au-6.6_smt", - "parts": [ - { - "id": "au-6.6_fr", - "name": "item", - "title": "AU-6 (6) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-6.6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-6.6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6.6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6.6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6.7", - "adds": [ - { - "position": "starting", - "by-id": "au-6.7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6.7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6.7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-7", - "adds": [ - { - "position": "starting", - "by-id": "au-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-7.1", - "adds": [ - { - "position": "starting", - "by-id": "au-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-7.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-8", - "adds": [ - { - "position": "starting", - "by-id": "au-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-9", - "adds": [ - { - "position": "starting", - "by-id": "au-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-9.2", - "adds": [ - { - "position": "starting", - "by-id": "au-9.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-9.3", - "adds": [ - { - "position": "ending", - "by-id": "au-9.3_smt", - "parts": [ - { - "id": "au-9.3_fr", - "name": "item", - "title": "AU-9 (3) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-9.3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-9.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-11", - "adds": [ - { - "position": "ending", - "by-id": "au-11_smt", - "parts": [ - { - "id": "au-11_fr", - "name": "item", - "title": "AU-11 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-11_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider retains audit records on-line for at least ninety days and further preserves audit records off-line for a period that is in accordance with NARA requirements." - }, - { - "id": "au-11_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf)" - }, - { - "id": "au-11_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The service provider is encouraged to align with M-21-31 where possible" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-11", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-9.4", - "adds": [ - { - "position": "starting", - "by-id": "au-9.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-1", - "adds": [ - { - "position": "starting", - "by-id": "ca-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ca-2", - "adds": [ - { - "position": "ending", - "by-id": "ca-2_smt", - "parts": [ - { - "id": "ca-2_fr", - "name": "item", - "title": "CA-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Reference FedRAMP Annual Assessment Guidance." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.b.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-2.1", - "adds": [ - { - "position": "ending", - "by-id": "ca-2.1_smt", - "parts": [ - { - "id": "ca-2.1_fr", - "name": "item", - "title": "CA-2 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-2.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "For JAB Authorization, must use an accredited 3PAO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-2.2", - "adds": [ - { - "position": "ending", - "by-id": "ca-2.2_smt", - "parts": [ - { - "id": "ca-2.2_fr", - "name": "item", - "title": "CA-2 (2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-2.2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "To include 'announced', 'vulnerability scanning'" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-2.3", - "adds": [ - { - "position": "starting", - "by-id": "ca-2.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-3", - "adds": [ - { - "position": "starting", - "by-id": "ca-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-3.6", - "adds": [ - { - "position": "starting", - "by-id": "ca-3.6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3.6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-5", - "adds": [ - { - "position": "ending", - "by-id": "ca-5_smt", - "parts": [ - { - "id": "ca-5_fr", - "name": "item", - "title": "CA-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "POA&Ms must be provided at least monthly." - }, - { - "id": "ca-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Reference FedRAMP-POAM-Template" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-6", - "adds": [ - { - "position": "ending", - "by-id": "ca-6_smt", - "parts": [ - { - "id": "ca-6_fr", - "name": "item", - "title": "CA-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-6_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(e) Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F and according to FedRAMP Significant Change Policies and Procedures. The service provider describes the types of changes to the information system or the environment of operations that would impact the risk posture. The types of changes are approved and accepted by the JAB/AO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-7", - "adds": [ - { - "position": "ending", - "by-id": "ca-7_smt", - "parts": [ - { - "id": "ca-7_fr", - "name": "item", - "title": "CA-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Operating System, Database, Web Application, Container, and Service Configuration Scans: at least monthly. All scans performed by Independent Assessor: at least annually." - }, - { - "id": "ca-7_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "CSOs with more than one agency ATO must implement a collaborative Continuous Monitoring (ConMon) approach described in the FedRAMP Guide for Multi-Agency Continuous Monitoring. This requirement applies to CSOs authorized via the Agency path as each agency customer is responsible for performing ConMon oversight. It does not apply to CSOs authorized via the JAB path because the JAB performs ConMon oversight." - }, - { - "id": "ca-7_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "FedRAMP does not provide a template for the Continuous Monitoring Plan. CSPs should reference the FedRAMP Continuous Monitoring Strategy Guide when developing the Continuous Monitoring Plan." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-7.1", - "adds": [ - { - "position": "starting", - "by-id": "ca-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-7.4", - "adds": [ - { - "position": "starting", - "by-id": "ca-7.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-8", - "adds": [ - { - "position": "ending", - "by-id": "ca-8_smt", - "parts": [ - { - "id": "ca-8_fr", - "name": "item", - "title": "CA-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Reference the FedRAMP Penetration Test Guidance." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-8.1", - "adds": [ - { - "position": "starting", - "by-id": "ca-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-8.2", - "adds": [ - { - "position": "ending", - "by-id": "ca-8.2_smt", - "parts": [ - { - "id": "ca-8.2_fr", - "name": "item", - "title": "CA-8(2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-8.2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See the FedRAMP Documents page> Penetration Test Guidance\n\nhttps://www.FedRAMP.gov/documents/" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-8.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-8.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-8.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ca-9", - "adds": [ - { - "position": "starting", - "by-id": "ca-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-1", - "adds": [ - { - "position": "starting", - "by-id": "cm-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "cm-10", - "adds": [ - { - "position": "starting", - "by-id": "cm-10_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-11", - "adds": [ - { - "position": "starting", - "by-id": "cm-11_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-2", - "adds": [ - { - "position": "ending", - "by-id": "cm-2_smt", - "parts": [ - { - "id": "cm-2_fr", - "name": "item", - "title": "CM-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(b)(1) Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.b.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-2.2", - "adds": [ - { - "position": "starting", - "by-id": "cm-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-2.3", - "adds": [ - { - "position": "starting", - "by-id": "cm-2.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-2.7", - "adds": [ - { - "position": "starting", - "by-id": "cm-2.7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-3", - "adds": [ - { - "position": "ending", - "by-id": "cm-3_smt", - "parts": [ - { - "id": "cm-3_fr", - "name": "item", - "title": "CM-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider establishes a central means of communicating major changes to or developments in the information system or environment of operations that may affect its services to the federal government and associated service consumers (e.g., electronic bulletin board, web status page). The means of communication are approved and accepted by the JAB/AO." - }, - { - "id": "cm-3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(e) Guidance:" - } - ], - "prose": "In accordance with record retention policies and procedures." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.g-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.g-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-3.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-3.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-3.2", - "adds": [ - { - "position": "starting", - "by-id": "cm-3.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-3.4", - "adds": [ - { - "position": "starting", - "by-id": "cm-3.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-3.6", - "adds": [ - { - "position": "starting", - "by-id": "cm-3.6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-4", - "adds": [ - { - "position": "starting", - "by-id": "cm-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-4.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-4.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.1_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.1_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.1_obj-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.1_obj-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.1_obj-7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.1_obj-8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.1_obj-9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-4.2", - "adds": [ - { - "position": "starting", - "by-id": "cm-4.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-5", - "adds": [ - { - "position": "starting", - "by-id": "cm-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-5.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-5.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-5.5", - "adds": [ - { - "position": "starting", - "by-id": "cm-5.5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-6", - "adds": [ - { - "position": "ending", - "by-id": "cm-6_smt", - "parts": [ - { - "id": "cm-6_fr", - "name": "item", - "title": "CM-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement 1:" - } - ], - "prose": "The service provider shall use the DoD STIGs to establish configuration settings; Center for Internet Security up to Level 2 (CIS Level 2) guidelines shall be used if STIGs are not available; Custom baselines shall be used if CIS is not available." - }, - { - "id": "cm-6_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement 2:" - } - ], - "prose": "The service provider shall ensure that checklists for configuration settings are Security Content Automation Protocol (SCAP) validated or SCAP compatible (if validated checklists are not available)." - }, - { - "id": "cm-6_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP's Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-6.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-6.2", - "adds": [ - { - "position": "starting", - "by-id": "cm-6.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-7", - "adds": [ - { - "position": "ending", - "by-id": "cm-7_smt", - "parts": [ - { - "id": "cm-7_fr", - "name": "item", - "title": "CM-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider shall use Security guidelines (See CM-6) to establish list of prohibited or restricted functions, ports, protocols, and/or services or establishes its own list of prohibited or restricted functions, ports, protocols, and/or services if STIGs or CIS is not available." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-7.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-7.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-7.2", - "adds": [ - { - "position": "ending", - "by-id": "cm-7.2_smt", - "parts": [ - { - "id": "cm-7.2_fr", - "name": "item", - "title": "CM-7 (2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-7.2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "This control refers to software deployment by CSP personnel into the production environment. The control requires a policy that states conditions for deploying software. This control shall be implemented in a technical manner on the information system to only allow programs to run that adhere to the policy (i.e. allow-listing). This control is not to be based off of strictly written policy on what is allowed or not allowed to run." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-7.5", - "adds": [ - { - "position": "starting", - "by-id": "cm-7.5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-8", - "adds": [ - { - "position": "ending", - "by-id": "cm-8_smt", - "parts": [ - { - "id": "cm-8_fr", - "name": "item", - "title": "CM-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "must be provided at least monthly or when there is a change." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-8.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-8.2", - "adds": [ - { - "position": "starting", - "by-id": "cm-8.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-8.3", - "adds": [ - { - "position": "starting", - "by-id": "cm-8.3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-8.4", - "adds": [ - { - "position": "starting", - "by-id": "cm-8.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-9", - "adds": [ - { - "position": "ending", - "by-id": "cm-9_smt", - "parts": [ - { - "id": "cm-9_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "FedRAMP does not provide a template for the Configuration Management Plan. However, NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems, provides guidelines for the implementation of CM controls as well as a sample CMP outline in Appendix D of the Guide" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-12", - "adds": [ - { - "position": "ending", - "by-id": "cm-12_smt", - "parts": [ - { - "id": "cm-12_fr", - "name": "item", - "title": "CM-12 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-12_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to FedRAMP Authorization Boundary Guidance" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-12.1", - "adds": [ - { - "position": "ending", - "by-id": "cm-12.1_smt", - "parts": [ - { - "id": "cm-12.1_fr", - "name": "item", - "title": "CM-12 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-12.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to FedRAMP Authorization Boundary Guidance." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-12.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-14", - "adds": [ - { - "position": "ending", - "by-id": "cm-14_smt", - "parts": [ - { - "id": "cm-14_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "If digital signatures/certificates are unavailable, alternative cryptographic integrity checks (hashes, self-signed certs, etc.) can be utilized." - } - ] - }, - { - "position": "starting", - "by-id": "cm-14_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-14_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-1", - "adds": [ - { - "position": "starting", - "by-id": "cp-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "cp-10", - "adds": [ - { - "position": "starting", - "by-id": "cp-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-10.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-10.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-10.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-10.4", - "adds": [ - { - "position": "starting", - "by-id": "cp-10.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-10.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2", - "adds": [ - { - "position": "ending", - "by-id": "cp-2_smt", - "parts": [ - { - "id": "cp-2_fr", - "name": "item", - "title": "CP-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "For JAB authorizations the contingency lists include designated FedRAMP personnel." - }, - { - "id": "cp-2_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "CSPs must use the FedRAMP Information System Contingency Plan (ISCP) Template (available on the fedramp.gov: https://www.fedramp.gov/assets/resources/templates/SSP-A06-FedRAMP-ISCP-Template.docx)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.e-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.e-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2.3", - "adds": [ - { - "position": "starting", - "by-id": "cp-2.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2.5", - "adds": [ - { - "position": "starting", - "by-id": "cp-2.5_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2.5_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2.8", - "adds": [ - { - "position": "starting", - "by-id": "cp-2.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-3", - "adds": [ - { - "position": "ending", - "by-id": "cp-3_smt", - "parts": [ - { - "id": "cp-3_fr", - "name": "item", - "title": "CP-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "Privileged admins and engineers must take the basic contingency training within 10 days. Consideration must be given for those privileged admins and engineers with critical contingency-related roles, to gain enough system context and situational awareness to understand the full impact of contingency training as it applies to their respective level. Newly hired critical contingency personnel must take this more in-depth training within 60 days of hire date when the training will have more impact." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-3.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-3.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-4", - "adds": [ - { - "position": "ending", - "by-id": "cp-4_smt", - "parts": [ - { - "id": "cp-4_fr", - "name": "item", - "title": "CP-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider develops test plans in accordance with NIST Special Publication 800-34 (as amended); plans are approved by the JAB/AO prior to initiating testing." - }, - { - "id": "cp-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider must include the Contingency Plan test results with the security package within the Contingency Plan-designated appendix (Appendix G, Contingency Plan Test Report)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cp-4.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-4.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-4.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-4.2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4.2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-6", - "adds": [ - { - "position": "starting", - "by-id": "cp-6_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-6.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-6.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-6.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-6.3", - "adds": [ - { - "position": "starting", - "by-id": "cp-6.3_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6.3_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-7", - "adds": [ - { - "position": "ending", - "by-id": "cp-7_smt", - "parts": [ - { - "id": "cp-7_fr", - "name": "item", - "title": "CP-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider defines a time period consistent with the recovery time objectives and business impact analysis." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-7.1", - "adds": [ - { - "position": "ending", - "by-id": "cp-7.1_smt", - "parts": [ - { - "id": "cp-7.1_fr", - "name": "item", - "title": "CP-7 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-7.1_fr_smt.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The service provider may determine what is considered a sufficient degree of separation between the primary and alternate processing sites, based on the types of threats that are of concern. For one particular type of threat (i.e., hostile cyber attack), the degree of separation between sites will be less relevant." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-7.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-7.2_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.2_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-7.3", - "adds": [ - { - "position": "starting", - "by-id": "cp-7.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-7.4", - "adds": [ - { - "position": "starting", - "by-id": "cp-7.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-8", - "adds": [ - { - "position": "ending", - "by-id": "cp-8_smt", - "parts": [ - { - "id": "cp-8_fr", - "name": "item", - "title": "CP-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-8_fr_gdn.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider defines a time period consistent with the recovery time objectives and business impact analysis." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-8.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-8.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-8.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-8.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-8.3", - "adds": [ - { - "position": "starting", - "by-id": "cp-8.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-8.4", - "adds": [ - { - "position": "starting", - "by-id": "cp-8.4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-9", - "adds": [ - { - "position": "ending", - "by-id": "cp-9_smt", - "parts": [ - { - "id": "cp-9_fr", - "name": "item", - "title": "CP-9 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-9_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider shall determine what elements of the cloud environment require the Information System Backup control. The service provider shall determine how Information System Backup is going to be verified and appropriate periodicity of the check." - }, - { - "id": "cp-9_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider maintains at least three backup copies of user-level information (at least one of which is available online) or provides an equivalent alternative." - }, - { - "id": "cp-9_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider maintains at least three backup copies of system-level information (at least one of which is available online) or provides an equivalent alternative." - }, - { - "id": "cp-9_fr_smt.4", - "name": "item", - "props": [ - { - "name": "label", - "value": "(c) Requirement:" - } - ], - "prose": "The service provider maintains at least three backup copies of information system documentation including security information (at least one of which is available online) or provides an equivalent alternative." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-9.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-9.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-9.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-9.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-9.3", - "adds": [ - { - "position": "starting", - "by-id": "cp-9.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-9.5", - "adds": [ - { - "position": "starting", - "by-id": "cp-9.5_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.5_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-9.8", - "adds": [ - { - "position": "ending", - "by-id": "cp-9.8_smt", - "parts": [ - { - "id": "cp-9.8_fr", - "name": "item", - "title": "CP-9 (8) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-9.8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-1", - "adds": [ - { - "position": "starting", - "by-id": "ia-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ia-12.2", - "adds": [ - { - "position": "starting", - "by-id": "ia-12.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-12.3", - "adds": [ - { - "position": "starting", - "by-id": "ia-12.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-12.4", - "adds": [ - { - "position": "starting", - "by-id": "ia-12.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-2", - "adds": [ - { - "position": "ending", - "by-id": "ia-2_smt", - "parts": [ - { - "id": "ia-2_fr", - "name": "item", - "title": "IA-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "For all control enhancements that specify multifactor authentication, the implementation must adhere to the Digital Identity Guidelines specified in NIST Special Publication 800-63B." - }, - { - "id": "ia-2_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Multi-factor authentication must be phishing-resistant." - }, - { - "id": "ia-2_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "All uses of encrypted virtual private networks must meet all applicable Federal requirements and architecture, dataflow, and security and privacy controls must be documented, assessed, and authorized to operate." - }, - { - "id": "ia-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "\\\"Phishing-resistant\\\" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.1", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.1_smt", - "parts": [ - { - "id": "ia-2.1_fr", - "name": "item", - "title": "IA-2 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." - }, - { - "id": "ia-2.1_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Multi-factor authentication must be phishing-resistant." - }, - { - "id": "ia-2.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.2", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.2_smt", - "parts": [ - { - "id": "ia-2.2_fr", - "name": "item", - "title": "IA-2 (2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." - }, - { - "id": "ia-2.2_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Multi-factor authentication must be phishing-resistant." - }, - { - "id": "ia-2.2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.5", - "adds": [ - { - "position": "starting", - "by-id": "ia-2.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.6", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.6_smt", - "parts": [ - { - "id": "ia-2.6_fr", - "name": "item", - "title": "IA-2 (6) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.6_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "PIV=separate device. Please refer to NIST SP 800-157 Guidelines for Derived Personal Identity Verification (PIV) Credentials." - }, - { - "id": "ia-2.6_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See SC-13 Guidance for more information on FIPS-validated or NSA-approved cryptography." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.12", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.12_smt", - "parts": [ - { - "id": "ia-2.12_fr", - "name": "item", - "title": "IA-2 (12) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.12_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Include Common Access Card (CAC), i.e., the DoD technical implementation of PIV/FIPS 201/HSPD-12." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.8", - "adds": [ - { - "position": "starting", - "by-id": "ia-2.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-3", - "adds": [ - { - "position": "starting", - "by-id": "ia-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-4", - "adds": [ - { - "position": "starting", - "by-id": "ia-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-4.4", - "adds": [ - { - "position": "starting", - "by-id": "ia-4.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5", - "adds": [ - { - "position": "ending", - "by-id": "ia-5_smt", - "parts": [ - { - "id": "ia-5_fr", - "name": "item", - "title": "IA-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Authenticators must be compliant with NIST SP 800-63-3 Digital Identity Guidelines IAL, AAL, FAL level 3. Link https://pages.nist.gov/800-63-3" - }, - { - "id": "ia-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "SP 800-63C Section 6.2.3 Encrypted Assertion requires that authentication assertions be encrypted when passed through third parties, such as a browser. For example, a SAML assertion can be encrypted using XML-Encryption, or an OpenID Connect ID Token can be encrypted using JSON Web Encryption (JWE)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.h-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.h-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-5.1", - "adds": [ - { - "position": "ending", - "by-id": "ia-5.1_smt", - "parts": [ - { - "id": "ia-5.1_fr", - "name": "item", - "title": "IA-5 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Password policies must be compliant with NIST SP 800-63B for all memorized, lookup, out-of-band, or One-Time-Passwords (OTP). Password policies shall not enforce special character or minimum password rotation requirements for memorized secrets of users." - }, - { - "id": "ia-5.1_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(h) Requirement:" - } - ], - "prose": "For cases where technology doesn't allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." - }, - { - "id": "ia-5.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Note that (c) and (d) require the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5.2", - "adds": [ - { - "position": "starting", - "by-id": "ia-5.2_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5.6", - "adds": [ - { - "position": "starting", - "by-id": "ia-5.6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5.7", - "adds": [ - { - "position": "ending", - "by-id": "ia-5.7_smt", - "parts": [ - { - "id": "ia-5.7_fr", - "name": "item", - "title": "IA-5 (7) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5.7_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "In this context, prohibited static storage refers to any storage where unencrypted authenticators, such as passwords, persist beyond the time required to complete the access process." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5.8", - "adds": [ - { - "position": "ending", - "by-id": "ia-5.8_smt", - "parts": [ - { - "id": "ia-5.8_fr", - "name": "item", - "title": "IA-5 (8) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5.8_fr_gdn.x", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "If a single user authentication domain is used to access multiple systems, such as in single-sign-on, then only a single authenticator is required." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5.13", - "adds": [ - { - "position": "ending", - "by-id": "ia-5.13_smt", - "parts": [ - { - "id": "ia-5.13_fr", - "name": "item", - "title": "IA-5 (13) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5.13_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "For components subject to configuration baseline(s) (such as STIG or CIS,) the time period should conform to the baseline standard." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.13_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.13_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-11", - "adds": [ - { - "position": "ending", - "by-id": "ia-11_smt", - "parts": [ - { - "id": "ia-11_fr", - "name": "item", - "title": "IA-11 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-11_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The fixed time period cannot exceed the limits set in SP 800-63. At this writing they are:\n\n* AAL3 (high baseline) * 12 hours or * 15 minutes of inactivity \n" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-12", - "adds": [ - { - "position": "ending", - "by-id": "ia-12_smt", - "parts": [ - { - "id": "ia-12_fr", - "name": "item", - "title": "IA-12 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-12_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "In accordance with NIST SP 800-63A Enrollment and Identity Proofing" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-12.5", - "adds": [ - { - "position": "ending", - "by-id": "ia-12.5_smt", - "parts": [ - { - "id": "ia-12.5_fr", - "name": "item", - "title": "IA-12 (5) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-12.5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "In accordance with NIST SP 800-63A Enrollment and Identity Proofing" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-12.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-6", - "adds": [ - { - "position": "starting", - "by-id": "ia-6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-7", - "adds": [ - { - "position": "starting", - "by-id": "ia-7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8", - "adds": [ - { - "position": "starting", - "by-id": "ia-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8.1", - "adds": [ - { - "position": "starting", - "by-id": "ia-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8.2", - "adds": [ - { - "position": "starting", - "by-id": "ia-8.2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8.4", - "adds": [ - { - "position": "starting", - "by-id": "ia-8.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-1", - "adds": [ - { - "position": "starting", - "by-id": "ir-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ir-2", - "adds": [ - { - "position": "starting", - "by-id": "ir-2_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-2.1", - "adds": [ - { - "position": "starting", - "by-id": "ir-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-2.2", - "adds": [ - { - "position": "starting", - "by-id": "ir-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-3", - "adds": [ - { - "position": "ending", - "by-id": "ir-3_smt", - "parts": [ - { - "id": "ir-3_fr", - "name": "item", - "title": "IR-3-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider defines tests and/or exercises in accordance with NIST Special Publication 800-61 (as amended). Functional testing must occur prior to testing for initial authorization. Annual functional testing may be concurrent with required penetration tests (see CA-8). The service provider provides test plans to the JAB/AO annually. Test plans are approved and accepted by the JAB/AO prior to test commencing." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-3.2", - "adds": [ - { - "position": "starting", - "by-id": "ir-3.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-3.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-4", - "adds": [ - { - "position": "ending", - "by-id": "ir-4_smt", - "parts": [ - { - "id": "ir-4_fr", - "name": "item", - "title": "IR-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The FISMA definition of \\\"incident\\\" shall be used: \\\"An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.\\\"" - }, - { - "id": "ir-4_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider ensures that individuals conducting incident handling meet personnel security requirements commensurate with the criticality/sensitivity of the information being processed, stored, and transmitted by the information system." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-4.1", - "adds": [ - { - "position": "starting", - "by-id": "ir-4.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-4.11", - "adds": [ - { - "position": "starting", - "by-id": "ir-4.11_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.11_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-4.2", - "adds": [ - { - "position": "starting", - "by-id": "ir-4.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-4.4", - "adds": [ - { - "position": "starting", - "by-id": "ir-4.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-4.6", - "adds": [ - { - "position": "starting", - "by-id": "ir-4.6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-5", - "adds": [ - { - "position": "starting", - "by-id": "ir-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-5.1", - "adds": [ - { - "position": "starting", - "by-id": "ir-5.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-5.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-6", - "adds": [ - { - "position": "ending", - "by-id": "ir-6_smt", - "parts": [ - { - "id": "ir-6_fr", - "name": "item", - "title": "IR-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Reports security incident information according to FedRAMP Incident Communications Procedure." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-6.1", - "adds": [ - { - "position": "starting", - "by-id": "ir-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-6.3", - "adds": [ - { - "position": "starting", - "by-id": "ir-6.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-7", - "adds": [ - { - "position": "starting", - "by-id": "ir-7_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-7_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-7.1", - "adds": [ - { - "position": "starting", - "by-id": "ir-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-7.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-8", - "adds": [ - { - "position": "ending", - "by-id": "ir-8_smt", - "parts": [ - { - "id": "ir-8_fr", - "name": "item", - "title": "IR-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." - }, - { - "id": "ir-8_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(d) Requirement:" - } - ], - "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.10", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-9", - "adds": [ - { - "position": "starting", - "by-id": "ir-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-9.2", - "adds": [ - { - "position": "starting", - "by-id": "ir-9.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-9.3", - "adds": [ - { - "position": "starting", - "by-id": "ir-9.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-9.4", - "adds": [ - { - "position": "starting", - "by-id": "ir-9.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-1", - "adds": [ - { - "position": "starting", - "by-id": "ma-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ma-2", - "adds": [ - { - "position": "starting", - "by-id": "ma-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-2.2", - "adds": [ - { - "position": "starting", - "by-id": "ma-2.2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2.2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-3", - "adds": [ - { - "position": "starting", - "by-id": "ma-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-3.1", - "adds": [ - { - "position": "starting", - "by-id": "ma-3.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-3.2", - "adds": [ - { - "position": "starting", - "by-id": "ma-3.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ma-3.3", - "adds": [ - { - "position": "starting", - "by-id": "ma-3.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-4", - "adds": [ - { - "position": "starting", - "by-id": "ma-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-4.3", - "adds": [ - { - "position": "starting", - "by-id": "ma-4.3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4.3_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4.3_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4.3_obj.b-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-5", - "adds": [ - { - "position": "starting", - "by-id": "ma-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-5.1", - "adds": [ - { - "position": "starting", - "by-id": "ma-5.1_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5.1_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-5.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-6", - "adds": [ - { - "position": "starting", - "by-id": "ma-6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-1", - "adds": [ - { - "position": "starting", - "by-id": "mp-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "mp-2", - "adds": [ - { - "position": "starting", - "by-id": "mp-2_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-2_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-3", - "adds": [ - { - "position": "ending", - "by-id": "mp-3_smt", - "parts": [ - { - "id": "mp-3_fr", - "name": "item", - "title": "MP-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "mp-3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(b) Guidance:" - } - ], - "prose": "Second parameter not-applicable" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "mp-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-4", - "adds": [ - { - "position": "ending", - "by-id": "mp-4_smt", - "parts": [ - { - "id": "mp-4_fr", - "name": "item", - "title": "MP-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "mp-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider defines controlled areas within facilities where the information and information system reside." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-5", - "adds": [ - { - "position": "ending", - "by-id": "mp-5_smt", - "parts": [ - { - "id": "mp-5_fr", - "name": "item", - "title": "MP-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "mp-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider defines security measures to protect digital and non-digital media in transport. The security measures are approved and accepted by the JAB/AO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-6", - "adds": [ - { - "position": "starting", - "by-id": "mp-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-6.1", - "adds": [ - { - "position": "ending", - "by-id": "mp-6.1_smt", - "parts": [ - { - "id": "mp-6.1_fr", - "name": "item", - "title": "MP-6 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "mp-6.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Must comply with NIST SP 800-88" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "mp-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-6.2", - "adds": [ - { - "position": "ending", - "by-id": "mp-6.2_smt", - "parts": [ - { - "id": "mp-6.2_fr", - "name": "item", - "title": "MP-6 (2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "mp-6.2_fr_smt.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Equipment and procedures may be tested or validated for effectiveness" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "mp-6.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-6.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-6.3", - "adds": [ - { - "position": "ending", - "by-id": "mp-6.3_smt", - "parts": [ - { - "id": "mp-6.3_fr", - "name": "item", - "title": "MP-6 (3) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "mp-6.3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Must comply with NIST SP 800-88" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "mp-6.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-6.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-7", - "adds": [ - { - "position": "starting", - "by-id": "mp-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-1", - "adds": [ - { - "position": "starting", - "by-id": "pe-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "pe-10", - "adds": [ - { - "position": "starting", - "by-id": "pe-10_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-11", - "adds": [ - { - "position": "starting", - "by-id": "pe-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-11.1", - "adds": [ - { - "position": "starting", - "by-id": "pe-11.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-11.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-11.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-12", - "adds": [ - { - "position": "starting", - "by-id": "pe-12_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-13", - "adds": [ - { - "position": "starting", - "by-id": "pe-13_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-13.1", - "adds": [ - { - "position": "starting", - "by-id": "pe-13.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.1_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-13.2", - "adds": [ - { - "position": "starting", - "by-id": "pe-13.2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-14", - "adds": [ - { - "position": "ending", - "by-id": "pe-14_smt", - "parts": [ - { - "id": "pe-14_fr", - "name": "item", - "title": "PE-14 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pe-14_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider measures temperature at server inlets and humidity levels by dew point." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-14.2", - "adds": [ - { - "position": "starting", - "by-id": "pe-14.2_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-14.2_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-14.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-15", - "adds": [ - { - "position": "starting", - "by-id": "pe-15_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-15.1", - "adds": [ - { - "position": "starting", - "by-id": "pe-15.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-16", - "adds": [ - { - "position": "starting", - "by-id": "pe-16_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-17", - "adds": [ - { - "position": "starting", - "by-id": "pe-17_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-18", - "adds": [ - { - "position": "starting", - "by-id": "pe-18_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-18_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-2", - "adds": [ - { - "position": "starting", - "by-id": "pe-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-3", - "adds": [ - { - "position": "starting", - "by-id": "pe-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.g-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.g-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "pe-3.1", - "adds": [ - { - "position": "starting", - "by-id": "pe-3.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3.1_obj.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-4", - "adds": [ - { - "position": "starting", - "by-id": "pe-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-5", - "adds": [ - { - "position": "starting", - "by-id": "pe-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-6", - "adds": [ - { - "position": "starting", - "by-id": "pe-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-6.1", - "adds": [ - { - "position": "starting", - "by-id": "pe-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-6.4", - "adds": [ - { - "position": "starting", - "by-id": "pe-6.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-8", - "adds": [ - { - "position": "starting", - "by-id": "pe-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-8.1", - "adds": [ - { - "position": "starting", - "by-id": "pe-8.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-9", - "adds": [ - { - "position": "starting", - "by-id": "pe-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-1", - "adds": [ - { - "position": "starting", - "by-id": "pl-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "pl-11", - "adds": [ - { - "position": "starting", - "by-id": "pl-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-2", - "adds": [ - { - "position": "starting", - "by-id": "pl-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.4-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.4-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.10-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.10-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.11", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.12-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.12-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.13-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.13-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.14-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.14-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.15-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.15-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-4", - "adds": [ - { - "position": "starting", - "by-id": "pl-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-4.1", - "adds": [ - { - "position": "starting", - "by-id": "pl-4.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-8", - "adds": [ - { - "position": "ending", - "by-id": "pl-8_smt", - "parts": [ - { - "id": "pl-8_fr", - "name": "item", - "title": "PL-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pl-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(b) Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-10", - "adds": [ - { - "position": "ending", - "by-id": "pl-10_smt", - "parts": [ - { - "id": "pl-10_fr", - "name": "item", - "title": "PL-10 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pl-10_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Select the appropriate FedRAMP Baseline" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "pl-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-1", - "adds": [ - { - "position": "starting", - "by-id": "ps-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ps-2", - "adds": [ - { - "position": "starting", - "by-id": "ps-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-3", - "adds": [ - { - "position": "starting", - "by-id": "ps-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-3.3", - "adds": [ - { - "position": "starting", - "by-id": "ps-3.3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3.3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-3.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-4", - "adds": [ - { - "position": "starting", - "by-id": "ps-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-4.2", - "adds": [ - { - "position": "starting", - "by-id": "ps-4.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-5", - "adds": [ - { - "position": "starting", - "by-id": "ps-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-6", - "adds": [ - { - "position": "starting", - "by-id": "ps-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-7", - "adds": [ - { - "position": "starting", - "by-id": "ps-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-8", - "adds": [ - { - "position": "starting", - "by-id": "ps-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-9", - "adds": [ - { - "position": "starting", - "by-id": "ps-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-1", - "adds": [ - { - "position": "starting", - "by-id": "ra-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ra-2", - "adds": [ - { - "position": "starting", - "by-id": "ra-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-3", - "adds": [ - { - "position": "ending", - "by-id": "ra-3_smt", - "parts": [ - { - "id": "ra-3_fr", - "name": "item", - "title": "RA-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ra-3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." - }, - { - "id": "ra-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(e) Requirement:" - } - ], - "prose": "Include all Authorizing Officials; for JAB authorizations to include FedRAMP." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-3.1", - "adds": [ - { - "position": "starting", - "by-id": "ra-3.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-5", - "adds": [ - { - "position": "ending", - "by-id": "ra-5_smt", - "parts": [ - { - "id": "ra-5_fr", - "name": "item", - "title": "RA-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ra-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See the FedRAMP Documents page> Vulnerability Scanning Requirements https://www.FedRAMP.gov/documents/" - }, - { - "id": "ra-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "an accredited independent assessor scans operating systems/infrastructure, web applications, and databases once annually." - }, - { - "id": "ra-5_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(d) Requirement:" - } - ], - "prose": "If a vulnerability is listed among the CISA Known Exploited Vulnerability (KEV) Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) the KEV remediation date supersedes the FedRAMP parameter requirement." - }, - { - "id": "ra-5_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "(e) Requirement:" - } - ], - "prose": "to include all Authorizing Officials; for JAB authorizations to include FedRAMP" - }, - { - "id": "ra-5_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a \\\"warning\\\" as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on \\\"Tracking of Compliance Scans\\\" in FAQs." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ra-5.11", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-5.2", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ra-5.3", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ra-5.4", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.4_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.4_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-5.5", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-5.8", - "adds": [ - { - "position": "ending", - "by-id": "ra-5.8_smt", - "parts": [ - { - "id": "ra-5.8_fr", - "name": "item", - "title": "RA-5(8) Additional FedRAMP Requirement", - "parts": [ - { - "id": "ra-5.8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "This enhancement is required for all high (or critical) vulnerability scan findings." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-7", - "adds": [ - { - "position": "starting", - "by-id": "ra-7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-9", - "adds": [ - { - "position": "starting", - "by-id": "ra-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-1", - "adds": [ - { - "position": "starting", - "by-id": "sa-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "sa-11", - "adds": [ - { - "position": "starting", - "by-id": "sa-11_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-11.2", - "adds": [ - { - "position": "starting", - "by-id": "sa-11.2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.b-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.b-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.d-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.d-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-15", - "adds": [ - { - "position": "starting", - "by-id": "sa-15_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-15.3", - "adds": [ - { - "position": "starting", - "by-id": "sa-15.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-15.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-16", - "adds": [ - { - "position": "starting", - "by-id": "sa-16_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-16_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-17", - "adds": [ - { - "position": "starting", - "by-id": "sa-17_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-17_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-17_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-17_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-17_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-17_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-17_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-17_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-17_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-2", - "adds": [ - { - "position": "starting", - "by-id": "sa-2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-21", - "adds": [ - { - "position": "starting", - "by-id": "sa-21_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-21_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-21_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-21_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-22", - "adds": [ - { - "position": "starting", - "by-id": "sa-22_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-22_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-22_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-22_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-3", - "adds": [ - { - "position": "starting", - "by-id": "sa-3_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4", - "adds": [ - { - "position": "ending", - "by-id": "sa-4_smt", - "parts": [ - { - "id": "sa-4_fr", - "name": "item", - "title": "SA-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "sa-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider must comply with Federal Acquisition Regulation (FAR) Subpart 7.103, and Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year 2019 (Pub. L. 115-232), and FAR Subpart 4.21, which implements Section 889 (as well as any added updates related to FISMA to address security concerns in the system acquisitions process)." - }, - { - "id": "sa-4_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The use of Common Criteria (ISO/IEC 15408) evaluated products is strongly preferred.\n\nSee https://www.niap-ccevs.org/Product/index.cfm or https://www.commoncriteriaportal.org/products/." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-10", - "adds": [ - { - "position": "ending", - "by-id": "sa-10_smt", - "parts": [ - { - "id": "sa-10_fr", - "name": "item", - "title": "SA-10 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "sa-10_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(e) Requirement:" - } - ], - "prose": "track security flaws and flaw resolution within the system, component, or service and report findings to organization-defined personnel, to include FedRAMP." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-11.1", - "adds": [ - { - "position": "ending", - "by-id": "sa-11.1_smt", - "parts": [ - { - "id": "sa-11.1_fr", - "name": "item", - "title": "SA-11(1) Additional FedRAMP Requirements", - "parts": [ - { - "id": "sa-11.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider must document its methodology for reviewing newly developed code for the Service in its Continuous Monitoring Plan.\n\nIf Static code analysis cannot be performed (for example, when the source code is not available), then dynamic code analysis must be performed (see SA-11 (8))" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sa-4.1", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4.10", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4.2", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4.5", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4.9", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-5", - "adds": [ - { - "position": "starting", - "by-id": "sa-5_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.2-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.2-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.3-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.3-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-8", - "adds": [ - { - "position": "starting", - "by-id": "sa-8_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-10", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-9", - "adds": [ - { - "position": "starting", - "by-id": "sa-9_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sa-9.1", - "adds": [ - { - "position": "starting", - "by-id": "sa-9.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-9.2", - "adds": [ - { - "position": "starting", - "by-id": "sa-9.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-9.5", - "adds": [ - { - "position": "starting", - "by-id": "sa-9.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-1", - "adds": [ - { - "position": "starting", - "by-id": "sc-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "sc-10", - "adds": [ - { - "position": "starting", - "by-id": "sc-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-12.1", - "adds": [ - { - "position": "starting", - "by-id": "sc-12.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-12.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-17", - "adds": [ - { - "position": "starting", - "by-id": "sc-17_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-17_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-17_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-17_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-18", - "adds": [ - { - "position": "starting", - "by-id": "sc-18_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-18_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-18_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-18_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-2", - "adds": [ - { - "position": "starting", - "by-id": "sc-2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-22", - "adds": [ - { - "position": "starting", - "by-id": "sc-22_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-22_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-23", - "adds": [ - { - "position": "starting", - "by-id": "sc-23_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-23_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-24", - "adds": [ - { - "position": "starting", - "by-id": "sc-24_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-24_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-3", - "adds": [ - { - "position": "starting", - "by-id": "sc-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-39", - "adds": [ - { - "position": "starting", - "by-id": "sc-39_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-39_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-4", - "adds": [ - { - "position": "starting", - "by-id": "sc-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-45", - "adds": [ - { - "position": "starting", - "by-id": "sc-45_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-45_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-5", - "adds": [ - { - "position": "starting", - "by-id": "sc-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-7", - "adds": [ - { - "position": "ending", - "by-id": "sc-7_smt", - "parts": [ - { - "id": "sc-7_fr", + "id": "ca-2.2_fr", "name": "item", - "title": "SC-7 Additional FedRAMP Requirements and Guidance", + "title": "CA-2 (2) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-7_fr_gdn.1", - "name": "guidance", + "id": "ca-2.2_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "(b) Guidance:" + "value": "Requirement:" } ], - "prose": "SC-7 (b) should be met by subnet isolation. A subnetwork (subnet) is a physically or logically segmented section of a larger network defined at TCP/IP Layer 3, to both minimize traffic and, important for a FedRAMP Authorization, add a crucial layer of network isolation. Subnets are distinct from VLANs (Layer 2), security groups, and VPCs and are specifically required to satisfy SC-7 part b and other controls. See the FedRAMP Subnets White Paper (https://www.fedramp.gov/assets/resources/documents/FedRAMP_subnets_white_paper.pdf) for additional information." + "prose": "To include 'announced', 'vulnerability scanning'" } ] } ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-7.10", - "adds": [ - { - "position": "starting", - "by-id": "sc-7.10_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.10_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.10_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.10_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-7.12", - "adds": [ - { - "position": "starting", - "by-id": "sc-7.12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-7.18", + "control-id": "ca-5", "adds": [ { - "position": "starting", - "by-id": "sc-7.18_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.18_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.18", - "props": [ + "position": "ending", + "by-id": "ca-5_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ca-5_fr", + "name": "item", + "title": "CA-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-5_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "POA&Ms must be provided at least monthly." + }, + { + "id": "ca-5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Reference FedRAMP-POAM-Template" + } + ] } ] } ] }, { - "control-id": "sc-7.20", + "control-id": "ca-6", "adds": [ { - "position": "starting", - "by-id": "sc-7.20_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.20_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.20", - "props": [ + "position": "ending", + "by-id": "ca-6_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ca-6_fr", + "name": "item", + "title": "CA-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-6_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(e) Guidance:" + } + ], + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F and according to FedRAMP Significant Change Policies and Procedures. The service provider describes the types of changes to the information system or the environment of operations that would impact the risk posture. The types of changes are approved and accepted by the JAB/AO." + } + ] } ] } ] }, { - "control-id": "sc-7.21", + "control-id": "ca-7", "adds": [ { - "position": "starting", - "by-id": "sc-7.21_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.21_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.21", - "props": [ + "position": "ending", + "by-id": "ca-7_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ca-7_fr", + "name": "item", + "title": "CA-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-7_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Operating System, Database, Web Application, Container, and Service Configuration Scans: at least monthly. All scans performed by Independent Assessor: at least annually." + }, + { + "id": "ca-7_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "CSOs with more than one agency ATO must implement a collaborative Continuous Monitoring (ConMon) approach described in the FedRAMP Guide for Multi-Agency Continuous Monitoring. This requirement applies to CSOs authorized via the Agency path as each agency customer is responsible for performing ConMon oversight. It does not apply to CSOs authorized via the JAB path because the JAB performs ConMon oversight." + }, + { + "id": "ca-7_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "FedRAMP does not provide a template for the Continuous Monitoring Plan. CSPs should reference the FedRAMP Continuous Monitoring Strategy Guide when developing the Continuous Monitoring Plan." + } + ] } ] } ] }, { - "control-id": "sc-7.3", + "control-id": "ca-8", "adds": [ { - "position": "starting", - "by-id": "sc-7.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.3", - "props": [ + "position": "ending", + "by-id": "ca-8_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ca-8_fr", + "name": "item", + "title": "CA-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Reference the FedRAMP Penetration Test Guidance." + } + ] } ] } ] }, { - "control-id": "sc-7.4", + "control-id": "ca-8.2", "adds": [ { - "position": "starting", - "by-id": "sc-7.4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.h", - "props": [ + "position": "ending", + "by-id": "ca-8.2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ca-8.2_fr", + "name": "item", + "title": "CM-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-8.2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See the FedRAMP Documents page> Penetration Test Guidance\n\nhttps://www.FedRAMP.gov/documents/" + } + ] } ] - }, + } + ] + }, + { + "control-id": "cm-2", + "adds": [ { - "position": "starting", - "by-id": "sc-7.4", - "props": [ + "position": "ending", + "by-id": "cm-2_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "cm-2_fr", + "name": "item", + "title": "CM-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cm-2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b)(1) Guidance:" + } + ], + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." + } + ] } ] } ] }, { - "control-id": "sc-7.5", + "control-id": "cm-3", "adds": [ { "position": "ending", - "by-id": "sc-7.5_smt", + "by-id": "cm-3_smt", "parts": [ { - "id": "sc-7.5_fr", + "id": "cm-3_fr", "name": "item", - "title": "SC-7 (5) Additional FedRAMP Requirements and Guidance", + "title": "CM-3 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-7.5_fr_gdn.1", + "id": "cm-3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider establishes a central means of communicating major changes to or developments in the information system or environment of operations that may affect its services to the federal government and associated service consumers (e.g., electronic bulletin board, web status page). The means of communication are approved and accepted by the JAB/AO." + }, + { + "id": "cm-3_fr_gdn.1", "name": "guidance", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(e) Guidance:" } ], - "prose": "For JAB Authorization, CSPs shall include details of this control in their Architecture Briefing" + "prose": "In accordance with record retention policies and procedures." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-7.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-7.7", + "control-id": "cm-6", "adds": [ { - "position": "starting", - "by-id": "sc-7.7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.7", - "props": [ + "position": "ending", + "by-id": "cm-6_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "cm-6_fr", + "name": "item", + "title": "CM-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cm-6_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement 1:" + } + ], + "prose": "The service provider shall use the DoD STIGs to establish configuration settings; Center for Internet Security up to Level 2 (CIS Level 2) guidelines shall be used if STIGs are not available; Custom baselines shall be used if CIS is not available." + }, + { + "id": "cm-6_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement 2:" + } + ], + "prose": "The service provider shall ensure that checklists for configuration settings are Security Content Automation Protocol (SCAP) validated or SCAP compatible (if validated checklists are not available)." + }, + { + "id": "cm-6_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP\u2019s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." + } + ] } ] } ] }, { - "control-id": "sc-7.8", + "control-id": "cm-7", "adds": [ { - "position": "starting", - "by-id": "sc-7.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.8", - "props": [ + "position": "ending", + "by-id": "cm-7_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "cm-7_fr", + "name": "item", + "title": "CM-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cm-7_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(b) Requirement:" + } + ], + "prose": "The service provider shall use Security guidelines (See CM-6) to establish list of prohibited or restricted functions, ports, protocols, and/or services or establishes its own list of prohibited or restricted functions, ports, protocols, and/or services if STIGs or CIS is not available." + } + ] } ] } ] }, { - "control-id": "sc-8", + "control-id": "cm-7.2", "adds": [ { "position": "ending", - "by-id": "sc-8_smt", + "by-id": "cm-7.2_smt", "parts": [ { - "id": "sc-8_fr", + "id": "cm-7.2_fr", "name": "item", - "title": "SC-8 Additional FedRAMP Requirements and Guidance", + "title": "CM-7 (2) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-8_fr_gdn.1", + "id": "cm-7.2_fr_gdn.1", "name": "guidance", "props": [ { @@ -37602,90 +3727,159 @@ "value": "Guidance:" } ], - "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n\n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work - e.g. log collection, scanning, etc.\n\n\n\n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters\n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information]" - }, + "prose": "This control refers to software deployment by CSP personnel into the production environment. The control requires a policy that states conditions for deploying software. This control shall be implemented in a technical manner on the information system to only allow programs to run that adhere to the policy (i.e. allow-listing). This control is not to be based off of strictly written policy on what is allowed or not allowed to run." + } + ] + } + ] + } + ] + }, + { + "control-id": "cm-8", + "adds": [ + { + "position": "ending", + "by-id": "cm-8_smt", + "parts": [ + { + "id": "cm-8_fr", + "name": "item", + "title": "CM-8 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-8_fr_gdn.2", - "name": "guidance", + "id": "cm-8_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n\n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n\n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS's Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS' recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n\n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n\n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n\n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf" + "prose": "must be provided at least monthly or when there is a change." } ] } ] - }, + } + ] + }, + { + "control-id": "cm-9", + "adds": [ { - "position": "starting", - "by-id": "sc-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "cm-9_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, + "id": "cm-9_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "FedRAMP does not provide a template for the Configuration Management Plan. However, NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems, provides guidelines for the implementation of CM controls as well as a sample CMP outline in Appendix D of the Guide" + } + ] + } + ] + }, + { + "control-id": "cm-12", + "adds": [ + { + "position": "ending", + "by-id": "cm-12_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" + "id": "cm-12_fr", + "name": "item", + "title": "CM-12 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cm-12_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "According to FedRAMP Authorization Boundary Guidance" + } + ] } ] - }, + } + ] + }, + { + "control-id": "cm-12.1", + "adds": [ { - "position": "starting", - "by-id": "sc-8_smt", - "props": [ + "position": "ending", + "by-id": "cm-12.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "cm-12.1_fr", + "name": "item", + "title": "CM-12 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cm-12.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "According to FedRAMP Authorization Boundary Guidance." + } + ] } ] - }, + } + ] + }, + { + "control-id": "cm-14", + "adds": [ { - "position": "starting", - "by-id": "sc-8", - "props": [ + "position": "ending", + "by-id": "cm-14_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "cm-14_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "If digital signatures/certificates are unavailable, alternative cryptographic integrity checks (hashes, self-signed certs, etc.) can be utilized." } ] } ] }, { - "control-id": "sc-8.1", + "control-id": "cp-2", "adds": [ { "position": "ending", - "by-id": "sc-8.1_smt", + "by-id": "cp-2_smt", "parts": [ { - "id": "sc-8.1_fr", + "id": "cp-2_fr", "name": "item", - "title": "SC-8 (1) Additional FedRAMP Requirements and Guidance", + "title": "CP-2 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-8.1_fr_smt.1", + "id": "cp-2_fr_smt.1", "name": "item", "props": [ { @@ -37693,361 +3887,166 @@ "value": "Requirement:" } ], - "prose": "Please ensure SSP Section 10.3 Cryptographic Modules Implemented for Data At Rest (DAR) and Data In Transit (DIT) is fully populated for reference in this control." - }, - { - "id": "sc-8.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See M-22-09, including \\\"Agencies encrypt all DNS requests and HTTP traffic within their environment\\\"\n\nSC-8 (1) applies when encryption has been selected as the method to protect confidentiality and integrity. Otherwise refer to SC-8 (5). SC-8 (1) is strongly encouraged." - }, - { - "id": "sc-8.1_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" + "prose": "For JAB authorizations the contingency lists include designated FedRAMP personnel." }, { - "id": "sc-8.1_fr_gdn.3", - "name": "guidance", + "id": "cp-2_fr_smt.2", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "When leveraging encryption from the underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + "prose": "CSPs must use the FedRAMP Information System Contingency Plan (ISCP) Template (available on the fedramp.gov: https://www.fedramp.gov/assets/resources/templates/SSP-A06-FedRAMP-ISCP-Template.docx)." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "sc-12", + "control-id": "cp-3", "adds": [ { "position": "ending", - "by-id": "sc-12_smt", + "by-id": "cp-3_smt", "parts": [ { - "id": "sc-12_fr", + "id": "cp-3_fr", "name": "item", - "title": "SC-12 Additional FedRAMP Requirements and Guidance", + "title": "CP-3 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-12_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See references in NIST 800-53 documentation." - }, - { - "id": "sc-12_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Must meet applicable Federal Cryptographic Requirements. See References Section of control." - }, - { - "id": "sc-12_fr_gdn.3", - "name": "guidance", + "id": "cp-3_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "Wildcard certificates may be used internally within the system, but are not permitted for external customer access to the system." + "prose": "Privileged admins and engineers must take the basic contingency training within 10 days. Consideration must be given for those privileged admins and engineers with critical contingency-related roles, to gain enough system context and situational awareness to understand the full impact of contingency training as it applies to their respective level. Newly hired critical contingency personnel must take this more in-depth training within 60 days of hire date when the training will have more impact." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-13", + "control-id": "cp-4", "adds": [ { "position": "ending", - "by-id": "sc-13_smt", + "by-id": "cp-4_smt", "parts": [ { - "id": "sc-13_fr", + "id": "cp-4_fr", "name": "item", - "title": "SC-13 Additional FedRAMP Requirements and Guidance", + "title": "CP-4 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-13_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "This control applies to all use of cryptography. In addition to encryption, this includes functions such as hashing, random number generation, and key generation. Examples include the following:\n\n* Encryption of data\n* Decryption of data\n* Generation of one time passwords (OTPs) for MFA\n* Protocols such as TLS, SSH, and HTTPS\n\n\n\n\nThe requirement for FIPS 140 validation, as well as timelines for acceptance of FIPS 140-2, and 140-3 can be found at the NIST Cryptographic Module Validation Program (CMVP).\n\nhttps://csrc.nist.gov/projects/cryptographic-module-validation-program" - }, - { - "id": "sc-13_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "For NSA-approved cryptography, the National Information Assurance Partnership (NIAP) oversees a national program to evaluate Commercial IT Products for Use in National Security Systems. The NIAP Product Compliant List can be found at the following location:\n\nhttps://www.niap-ccevs.org/Product/index.cfm" - }, - { - "id": "sc-13_fr_gdn.3", - "name": "guidance", + "id": "cp-4_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + "prose": "The service provider develops test plans in accordance with NIST Special Publication 800-34 (as amended); plans are approved by the JAB/AO prior to initiating testing." }, { - "id": "sc-13_fr_gdn.4", - "name": "guidance", + "id": "cp-4_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(b) Requirement:" } ], - "prose": "Moving to non-FIPS CM or product is acceptable when:\n\n* FIPS validated version has a known vulnerability\n* Feature with vulnerability is in use\n* Non-FIPS version fixes the vulnerability\n* Non-FIPS version is submitted to NIST for FIPS validation\n* POA&M is added to track approval, and deployment when ready\n" - }, + "prose": "The service provider must include the Contingency Plan test results with the security package within the Contingency Plan-designated appendix (Appendix G, Contingency Plan Test Report)." + } + ] + } + ] + } + ] + }, + { + "control-id": "cp-7", + "adds": [ + { + "position": "ending", + "by-id": "cp-7_smt", + "parts": [ + { + "id": "cp-7_fr", + "name": "item", + "title": "CP-7 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-13_fr_gdn.5", - "name": "guidance", + "id": "cp-7_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "At a minimum, this control applies to cryptography in use for the following controls: AU-9(3), CP-9(8), IA-2(6), IA-5(1), MP-5, SC-8(1), and SC-28(1)." + "prose": "The service provider defines a time period consistent with the recovery time objectives and business impact analysis." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-13_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-13_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-13_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-13_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, + } + ] + }, + { + "control-id": "cp-7.1", + "adds": [ { - "position": "starting", - "by-id": "sc-13", - "props": [ + "position": "ending", + "by-id": "cp-7.1_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "cp-7.1_fr", + "name": "item", + "title": "CP-7 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cp-7.1_fr_smt.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The service provider may determine what is considered a sufficient degree of separation between the primary and alternate processing sites, based on the types of threats that are of concern. For one particular type of threat (i.e., hostile cyber attack), the degree of separation between sites will be less relevant." + } + ] } ] } ] }, { - "control-id": "sc-15", + "control-id": "cp-8", "adds": [ { "position": "ending", - "by-id": "sc-15_smt", + "by-id": "cp-8_smt", "parts": [ { - "id": "sc-15_fr", + "id": "cp-8_fr", "name": "item", - "title": "SC-15 Additional FedRAMP Requirements and Guidance", + "title": "CP-8 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-15_fr_smt.1", + "id": "cp-8_fr_gdn.1", "name": "item", "props": [ { @@ -38055,102 +4054,28 @@ "value": "Requirement:" } ], - "prose": "The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use." + "prose": "The service provider defines a time period consistent with the recovery time objectives and business impact analysis." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-15_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-15_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-15_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-15_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "sc-20", + "control-id": "cp-9", "adds": [ { "position": "ending", - "by-id": "sc-20_smt", + "by-id": "cp-9_smt", "parts": [ { - "id": "sc-20_fr", + "id": "cp-9_fr", "name": "item", - "title": "SC-20 Additional FedRAMP Requirements and Guidance", + "title": "CP-9 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-20_fr_smt.1", + "id": "cp-9_fr_smt.1", "name": "item", "props": [ { @@ -38158,214 +4083,61 @@ "value": "Requirement:" } ], - "prose": "Control Description should include how DNSSEC is implemented on authoritative DNS servers to supply valid responses to external DNSSEC requests." + "prose": "The service provider shall determine what elements of the cloud environment require the Information System Backup control. The service provider shall determine how Information System Backup is going to be verified and appropriate periodicity of the check." }, { - "id": "sc-20_fr_smt.2", + "id": "cp-9_fr_smt.2", "name": "item", "props": [ { "name": "label", - "value": "Requirement:" - } - ], - "prose": "Authoritative DNS servers must be geolocated in accordance with SA-9 (5)." - }, - { - "id": "sc-20_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "SC-20 applies to use of external authoritative DNS to access a CSO from outside the boundary." + "prose": "The service provider maintains at least three backup copies of user-level information (at least one of which is available online) or provides an equivalent alternative." }, { - "id": "sc-20_fr_gdn.2", - "name": "guidance", + "id": "cp-9_fr_smt.3", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(b) Requirement:" } ], - "prose": "External authoritative DNS servers may be located outside an authorized environment. Positioning these servers inside an authorized boundary is encouraged." + "prose": "The service provider maintains at least three backup copies of system-level information (at least one of which is available online) or provides an equivalent alternative." }, { - "id": "sc-20_fr_gdn.3", - "name": "guidance", + "id": "cp-9_fr_smt.4", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(c) Requirement:" } ], - "prose": "CSPs are recommended to self-check DNSSEC configuration through one of many available analyzers such as Sandia National Labs (https://dnsviz.net)" + "prose": "The service provider maintains at least three backup copies of information system documentation including security information (at least one of which is available online) or provides an equivalent alternative." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-20_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "sc-21", + "control-id": "cp-9.8", "adds": [ { "position": "ending", - "by-id": "sc-21_smt", + "by-id": "cp-9.8_smt", "parts": [ { - "id": "sc-21_fr", + "id": "cp-9.8_fr", "name": "item", - "title": "SC-21 Additional FedRAMP Requirements and Guidance", + "title": "CP-9 (8) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-21_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Control description should include how DNSSEC is implemented on recursive DNS servers to make DNSSEC requests when resolving DNS requests from internal components to domains external to the CSO boundary.\n\n* If the reply is signed, and fails DNSSEC, do not use the reply\n* If the reply is unsigned: * CSP chooses the policy to apply \n" - }, - { - "id": "sc-21_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Internal recursive DNS servers must be located inside an authorized environment. It is typically within the boundary, or leveraged from an underlying IaaS/PaaS." - }, - { - "id": "sc-21_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Accepting an unsigned reply is acceptable" - }, - { - "id": "sc-21_fr_gdn.2", + "id": "cp-9.8_fr_gdn.1", "name": "guidance", "props": [ { @@ -38373,181 +4145,61 @@ "value": "Guidance:" } ], - "prose": "SC-21 applies to use of internal recursive DNS to access a domain outside the boundary by a component inside the boundary.\n\n- DNSSEC resolution to access a component inside the boundary is excluded." + "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" } ] } ] - }, - { - "position": "starting", - "by-id": "sc-21_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-21_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-21", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-28", + "control-id": "ia-2", "adds": [ { "position": "ending", - "by-id": "sc-28_smt", + "by-id": "ia-2_smt", "parts": [ { - "id": "sc-28_fr", + "id": "ia-2_fr", "name": "item", - "title": "SC-28 Additional FedRAMP Requirements and Guidance", + "title": "IA-2 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-28_fr_gdn.1", - "name": "guidance", + "id": "ia-2_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "The organization supports the capability to use cryptographic mechanisms to protect information at rest." + "prose": "For all control enhancements that specify multifactor authentication, the implementation must adhere to the Digital Identity Guidelines specified in NIST Special Publication 800-63B." }, { - "id": "sc-28_fr_gdn.2", - "name": "guidance", + "id": "ia-2_fr_smt.2", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + "prose": "Multi-factor authentication must be phishing-resistant." }, { - "id": "sc-28_fr_gdn.3", - "name": "guidance", + "id": "ia-2_fr_smt.3", + "name": "item", "props": [ { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Note that this enhancement requires the use of cryptography in accordance with SC-13." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sc-28_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-28_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-28", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-28.1", - "adds": [ - { - "position": "ending", - "by-id": "sc-28.1_smt", - "parts": [ - { - "id": "sc-28.1_fr", - "name": "item", - "title": "SC-28 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ + "name": "label", + "value": "Requirement:" + } + ], + "prose": "All uses of encrypted virtual private networks must meet all applicable Federal requirements and architecture, dataflow, and security and privacy controls must be documented, assessed, and authorized to operate." + }, { - "id": "sc-28.1_fr_gdn.1", + "id": "ia-2_fr_gdn.1", "name": "guidance", "props": [ { @@ -38555,68 +4207,28 @@ "value": "Guidance:" } ], - "prose": "Organizations should select a mode of protection that is targeted towards the relevant threat scenarios.\n\nExamples:\n\nA. Organizations may apply full disk encryption (FDE) to a mobile device where the primary threat is loss of the device while storage is locked.\n\nB. For a database application housing data for a single customer, encryption at the file system level would often provide more protection than FDE against the more likely threat of an intruder on the operating system accessing the storage.\n\nC. For a database application housing data for multiple customers, encryption with unique keys for each customer at the database record level may be more appropriate." + "prose": "\\\"Phishing-resistant\\\" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-28.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-28.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "sc-45.1", + "control-id": "ia-2.1", "adds": [ { "position": "ending", - "by-id": "sc-45.1_smt", + "by-id": "ia-2.1_smt", "parts": [ { - "id": "sc-45.1_fr", + "id": "ia-2.1_fr", "name": "item", - "title": "SC-45(1) Additional FedRAMP Requirements and Guidance", + "title": "IA-2 (1) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-45.1_fr_smt.1", + "id": "ia-2.1_fr_smt.1", "name": "item", "props": [ { @@ -38624,10 +4236,10 @@ "value": "Requirement:" } ], - "prose": "The service provider selects primary and secondary time servers used by the NIST Internet time service. The secondary server is selected from a different geographic region than the primary server." + "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." }, { - "id": "sc-45.1_fr_smt.2", + "id": "ia-2.1_fr_smt.2", "name": "item", "props": [ { @@ -38635,10 +4247,10 @@ "value": "Requirement:" } ], - "prose": "The service provider synchronizes the system clocks of network computers that run operating systems other than Windows to the Windows Server Domain Controller emulator or to the same time source for that server." + "prose": "Multi-factor authentication must be phishing-resistant." }, { - "id": "sc-45.1_fr_gdn.1", + "id": "ia-2.1_fr_gdn.1", "name": "guidance", "props": [ { @@ -38646,955 +4258,239 @@ "value": "Guidance:" } ], - "prose": "Synchronization of system clocks improves the accuracy of log analysis." + "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-45.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-45.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-45.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-45.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-45.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "si-1", - "adds": [ - { - "position": "starting", - "by-id": "si-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "si-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "si-11", - "adds": [ - { - "position": "starting", - "by-id": "si-11_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "si-12", - "adds": [ - { - "position": "starting", - "by-id": "si-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "si-16", - "adds": [ - { - "position": "starting", - "by-id": "si-16_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-16_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "si-2", + "control-id": "ia-2.2", "adds": [ { - "position": "starting", - "by-id": "si-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.d", - "props": [ + "position": "ending", + "by-id": "ia-2.2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-2.2_fr", + "name": "item", + "title": "IA-2 (2) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-2.2_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." + }, + { + "id": "ia-2.2_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Multi-factor authentication must be phishing-resistant." + }, + { + "id": "ia-2.2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." + } + ] } ] } ] }, { - "control-id": "si-2.2", + "control-id": "ia-2.6", "adds": [ { - "position": "starting", - "by-id": "si-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2.2_smt", - "props": [ + "position": "ending", + "by-id": "ia-2.6_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-2.6_fr", + "name": "item", + "title": "IA-2 (6) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-2.6_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "PIV=separate device. Please refer to NIST SP 800-157 Guidelines for Derived Personal Identity Verification (PIV) Credentials." + }, + { + "id": "ia-2.6_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See SC-13 Guidance for more information on FIPS-validated or NSA-approved cryptography." + } + ] } ] } ] }, { - "control-id": "si-2.3", + "control-id": "ia-2.12", "adds": [ { - "position": "starting", - "by-id": "si-2.3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2.3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2.3_smt.b", - "props": [ + "position": "ending", + "by-id": "ia-2.12_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-2.12_fr", + "name": "item", + "title": "IA-2 (12) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-2.12_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Include Common Access Card (CAC), i.e., the DoD technical implementation of PIV/FIPS 201/HSPD-12." + } + ] } ] } ] }, { - "control-id": "si-3", + "control-id": "ia-5", "adds": [ { - "position": "starting", - "by-id": "si-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.2-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.2-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.d", - "props": [ + "position": "ending", + "by-id": "ia-5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-5_fr", + "name": "item", + "title": "IA-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-5_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Authenticators must be compliant with NIST SP 800-63-3 Digital Identity Guidelines IAL, AAL, FAL level 3. Link https://pages.nist.gov/800-63-3" + }, + { + "id": "ia-5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SP 800-63C Section 6.2.3 Encrypted Assertion requires that authentication assertions be encrypted when passed through third parties, such as a browser. For example, a SAML assertion can be encrypted using XML-Encryption, or an OpenID Connect ID Token can be encrypted using JSON Web Encryption (JWE)." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ia-5.1", + "adds": [ { - "position": "starting", - "by-id": "si-3", - "props": [ + "position": "ending", + "by-id": "ia-5.1_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ia-5.1_fr", + "name": "item", + "title": "IA-5 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-5.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Password policies must be compliant with NIST SP 800-63B for all memorized, lookup, out-of-band, or One-Time-Passwords (OTP). Password policies shall not enforce special character or minimum password rotation requirements for memorized secrets of users." + }, + { + "id": "ia-5.1_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(h) Requirement:" + } + ], + "prose": "For cases where technology doesn\u2019t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." + }, + { + "id": "ia-5.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Note that (c) and (d) require the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13)." + } + ] } ] } ] }, { - "control-id": "si-4", + "control-id": "ia-5.7", "adds": [ { "position": "ending", - "by-id": "si-4_smt", + "by-id": "ia-5.7_smt", "parts": [ { - "id": "si-4_fr", + "id": "ia-5.7_fr", "name": "item", - "title": "SI-4 Additional FedRAMP Requirements and Guidance", + "title": "IA-5 (7) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-4_fr_gdn.1", + "id": "ia-5.7_fr_gdn.1", "name": "guidance", "props": [ { @@ -39602,1009 +4498,725 @@ "value": "Guidance:" } ], - "prose": "See US-CERT Incident Response Reporting Guidelines." + "prose": "In this context, prohibited static storage refers to any storage where unencrypted authenticators, such as passwords, persist beyond the time required to complete the access process." } ] } ] - }, - { - "position": "starting", - "by-id": "si-4_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, + } + ] + }, + { + "control-id": "ia-5.8", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.a", - "props": [ + "position": "ending", + "by-id": "ia-5.8_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-5.8_fr", + "name": "item", + "title": "IA-5 (8) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-5.8_fr_gdn.x", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "If a single user authentication domain is used to access multiple systems, such as in single-sign-on, then only a single authenticator is required." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ia-5.13", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.b", - "props": [ + "position": "ending", + "by-id": "ia-5.13_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-5.13_fr", + "name": "item", + "title": "IA-5 (13) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-5.13_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For components subject to configuration baseline(s) (such as STIG or CIS,) the time period should conform to the baseline standard." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ia-11", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.c", - "props": [ + "position": "ending", + "by-id": "ia-11_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-11_fr", + "name": "item", + "title": "IA-11 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-11_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The fixed time period cannot exceed the limits set in SP 800-63. At this writing they are:\n\n* AAL3 (high baseline) * 12 hours or * 15 minutes of inactivity \n" + } + ] } ] - }, + } + ] + }, + { + "control-id": "ia-12", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.d", - "props": [ + "position": "ending", + "by-id": "ia-12_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-12_fr", + "name": "item", + "title": "IA-12 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-12_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "In accordance with NIST SP 800-63A Enrollment and Identity Proofing" + } + ] } ] - }, + } + ] + }, + { + "control-id": "ia-12.5", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.e", - "props": [ + "position": "ending", + "by-id": "ia-12.5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-12.5_fr", + "name": "item", + "title": "IA-12 (5) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-12.5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "In accordance with NIST SP 800-63A Enrollment and Identity Proofing" + } + ] } ] - }, + } + ] + }, + { + "control-id": "ir-3", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.f", - "props": [ + "position": "ending", + "by-id": "ir-3_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ir-3_fr", + "name": "item", + "title": "IR-3-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider defines tests and/or exercises in accordance with NIST Special Publication 800-61 (as amended). Functional testing must occur prior to testing for initial authorization. Annual functional testing may be concurrent with required penetration tests (see CA-8). The service provider provides test plans to the JAB/AO annually. Test plans are approved and accepted by the JAB/AO prior to test commencing." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ir-4", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.g", - "props": [ + "position": "ending", + "by-id": "ir-4_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ir-4_fr", + "name": "item", + "title": "IR-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-4_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The FISMA definition of \\\"incident\\\" shall be used: \\\"An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.\\\"" + }, + { + "id": "ir-4_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider ensures that individuals conducting incident handling meet personnel security requirements commensurate with the criticality/sensitivity of the information being processed, stored, and transmitted by the information system." + } + ] } ] } ] }, { - "control-id": "si-4.1", + "control-id": "ir-6", "adds": [ { - "position": "starting", - "by-id": "si-4.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.1", - "props": [ + "position": "ending", + "by-id": "ir-6_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ir-6_fr", + "name": "item", + "title": "IR-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-6_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Reports security incident information according to FedRAMP Incident Communications Procedure." + } + ] } ] } ] }, { - "control-id": "si-4.11", + "control-id": "ir-8", "adds": [ { - "position": "starting", - "by-id": "si-4.11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.11_smt", - "props": [ + "position": "ending", + "by-id": "ir-8_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ir-8_fr", + "name": "item", + "title": "IR-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-8_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(b) Requirement:" + } + ], + "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." + }, + { + "id": "ir-8_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(d) Requirement:" + } + ], + "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." + } + ] } ] } ] }, { - "control-id": "si-4.12", + "control-id": "mp-3", "adds": [ { - "position": "starting", - "by-id": "si-4.12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.12_smt", - "props": [ + "position": "ending", + "by-id": "mp-3_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "mp-3_fr", + "name": "item", + "title": "MP-3 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "mp-3_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b) Guidance:" + } + ], + "prose": "Second parameter not-applicable" + } + ] } ] } ] }, { - "control-id": "si-4.14", + "control-id": "mp-4", "adds": [ { - "position": "starting", - "by-id": "si-4.14_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.14_smt", - "props": [ + "position": "ending", + "by-id": "mp-4_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "mp-4_fr", + "name": "item", + "title": "MP-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "mp-4_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "The service provider defines controlled areas within facilities where the information and information system reside." + } + ] } ] } ] }, { - "control-id": "si-4.16", + "control-id": "mp-5", "adds": [ { - "position": "starting", - "by-id": "si-4.16_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.16_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.16", - "props": [ + "position": "ending", + "by-id": "mp-5_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "mp-5_fr", + "name": "item", + "title": "MP-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "mp-5_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "The service provider defines security measures to protect digital and non-digital media in transport. The security measures are approved and accepted by the JAB/AO." + } + ] } ] } ] }, { - "control-id": "si-4.18", + "control-id": "mp-6.1", "adds": [ { - "position": "starting", - "by-id": "si-4.18_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.18_smt", - "props": [ + "position": "ending", + "by-id": "mp-6.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "mp-6.1_fr", + "name": "item", + "title": "MP-6 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "mp-6.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Must comply with NIST SP 800-88" + } + ] } ] } ] }, { - "control-id": "si-4.19", + "control-id": "mp-6.2", "adds": [ { - "position": "starting", - "by-id": "si-4.19_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.19_smt", - "props": [ + "position": "ending", + "by-id": "mp-6.2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "mp-6.2_fr", + "name": "item", + "title": "MP-6 (2) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "mp-6.2_fr_smt.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Equipment and procedures may be tested or validated for effectiveness" + } + ] } ] - }, + } + ] + }, + { + "control-id": "mp-6.3", + "adds": [ { - "position": "starting", - "by-id": "si-4.19", - "props": [ + "position": "ending", + "by-id": "mp-6.3_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "mp-6.3_fr", + "name": "item", + "title": "MP-6 (3) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "mp-6.3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Must comply with NIST SP 800-88" + } + ] } ] } ] }, { - "control-id": "si-4.2", + "control-id": "pe-14", "adds": [ { - "position": "starting", - "by-id": "si-4.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.2", - "props": [ + "position": "ending", + "by-id": "pe-14_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "pe-14_fr", + "name": "item", + "title": "PE-14 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pe-14_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "The service provider measures temperature at server inlets and humidity levels by dew point." + } + ] } ] } ] }, { - "control-id": "si-4.20", + "control-id": "pl-8", "adds": [ { - "position": "starting", - "by-id": "si-4.20_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.20_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.20", - "props": [ + "position": "ending", + "by-id": "pl-8_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "pl-8_fr", + "name": "item", + "title": "PL-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pl-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b) Guidance:" + } + ], + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." + } + ] } ] } ] }, { - "control-id": "si-4.22", + "control-id": "pl-10", "adds": [ { - "position": "starting", - "by-id": "si-4.22_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.22_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.22_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.22_smt.b", - "props": [ + "position": "ending", + "by-id": "pl-10_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "pl-10_fr", + "name": "item", + "title": "PL-10 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pl-10_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Select the appropriate FedRAMP Baseline" + } + ] } ] } ] }, { - "control-id": "si-4.23", + "control-id": "ra-3", "adds": [ { - "position": "starting", - "by-id": "si-4.23_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.23_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.23", - "props": [ + "position": "ending", + "by-id": "ra-3_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ra-3_fr", + "name": "item", + "title": "RA-3 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ra-3_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." + }, + { + "id": "ra-3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(e) Requirement:" + } + ], + "prose": "Include all Authorizing Officials; for JAB authorizations to include FedRAMP." + } + ] } ] } ] }, { - "control-id": "si-4.4", + "control-id": "ra-5", "adds": [ { - "position": "starting", - "by-id": "si-4.4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.4_smt.a", - "props": [ + "position": "ending", + "by-id": "ra-5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ra-5_fr", + "name": "item", + "title": "RA-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ra-5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See the FedRAMP Documents page> Vulnerability Scanning Requirements https://www.FedRAMP.gov/documents/" + }, + { + "id": "ra-5_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "an accredited independent assessor scans operating systems/infrastructure, web applications, and databases once annually." + }, + { + "id": "ra-5_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(d) Requirement:" + } + ], + "prose": "If a vulnerability is listed among the CISA Known Exploited Vulnerability (KEV) Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) the KEV remediation date supersedes the FedRAMP parameter requirement." + }, + { + "id": "ra-5_fr_smt.3", + "name": "item", + "props": [ + { + "name": "label", + "value": "(e) Requirement:" + } + ], + "prose": "to include all Authorizing Officials; for JAB authorizations to include FedRAMP" + }, + { + "id": "ra-5_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a \u201cwarning\u201d as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on \u201cTracking of Compliance Scans\u201d in FAQs." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ra-5.8", + "adds": [ { - "position": "starting", - "by-id": "si-4.4_smt.b", - "props": [ + "position": "ending", + "by-id": "ra-5.8_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ra-5.8_fr", + "name": "item", + "title": "RA-5(8) Additional FedRAMP Requirement", + "parts": [ + { + "id": "ra-5.8_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "This enhancement is required for all high (or critical) vulnerability scan findings." + } + ] } ] } ] }, { - "control-id": "si-4.5", + "control-id": "sa-4", "adds": [ { "position": "ending", - "by-id": "si-4.5_smt", + "by-id": "sa-4_smt", "parts": [ { - "id": "si-4.5_fr", + "id": "sa-4_fr", "name": "item", - "title": "SI-4 (5) Additional FedRAMP Requirements and Guidance", + "title": "SA-4 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-4.5_fr_gdn.1", + "id": "sa-4_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must comply with Federal Acquisition Regulation (FAR) Subpart 7.103, and Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year 2019 (Pub. L. 115-232), and FAR Subpart 4.21, which implements Section 889 (as well as any added updates related to FISMA to address security concerns in the system acquisitions process)." + }, + { + "id": "sa-4_fr_gdn.1", "name": "guidance", "props": [ { @@ -40612,812 +5224,421 @@ "value": "Guidance:" } ], - "prose": "In accordance with the incident response plan." + "prose": "The use of Common Criteria (ISO/IEC 15408) evaluated products is strongly preferred.\n\nSee https://www.niap-ccevs.org/Product/index.cfm or https://www.commoncriteriaportal.org/products/." } ] } ] - }, - { - "position": "starting", - "by-id": "si-4.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "si-4.10", + "control-id": "sa-10", "adds": [ { "position": "ending", - "by-id": "si-4.10_smt", + "by-id": "sa-10_smt", "parts": [ { - "id": "si-4.10_fr", + "id": "sa-10_fr", "name": "item", - "title": "SI-4 (10) Additional FedRAMP Requirements and Guidance", + "title": "SA-10 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-4.10_fr_smt.1", + "id": "sa-10_fr_smt.1", "name": "item", "props": [ { "name": "label", - "value": "Requirement:" + "value": "(e) Requirement:" } ], - "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf) and M-22-09 (https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf)." + "prose": "track security flaws and flaw resolution within the system, component, or service and report findings to organization-defined personnel, to include FedRAMP." } ] } ] - }, - { - "position": "starting", - "by-id": "si-4.10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.10", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "si-5", + "control-id": "sa-11.1", "adds": [ { "position": "ending", - "by-id": "si-5_smt", + "by-id": "sa-11.1_smt", "parts": [ { - "id": "si-5_fr_smt.1", + "id": "sa-11.1_fr", "name": "item", - "title": "SI-5 Additional FedRAMP Requirements and Guidance", - "props": [ + "title": "SA-11(1) Additional FedRAMP Requirements", + "parts": [ { - "name": "label", - "value": "Requirement:" + "id": "sa-11.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must document its methodology for reviewing newly developed code for the Service in its Continuous Monitoring Plan.\n\nIf Static code analysis cannot be performed (for example, when the source code is not available), then dynamic code analysis must be performed (see SA-11 (8))" } - ], - "prose": "Service Providers must address the CISA Emergency and Binding Operational Directives applicable to their cloud service offering per FedRAMP guidance. This includes listing the applicable directives and stating compliance status." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "si-5.1", - "adds": [ - { - "position": "starting", - "by-id": "si-5.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "si-6", - "adds": [ - { - "position": "starting", - "by-id": "si-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-6_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-6_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-6_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + ] } ] } ] }, { - "control-id": "si-7", + "control-id": "sc-7", "adds": [ { - "position": "starting", - "by-id": "si-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-7", - "props": [ + "position": "ending", + "by-id": "sc-7_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "sc-7_fr", + "name": "item", + "title": "SC-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-7_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b) Guidance:" + } + ], + "prose": "SC-7 (b) should be met by subnet isolation. A subnetwork (subnet) is a physically or logically segmented section of a larger network defined at TCP/IP Layer 3, to both minimize traffic and, important for a FedRAMP Authorization, add a crucial layer of network isolation. Subnets are distinct from VLANs (Layer 2), security groups, and VPCs and are specifically required to satisfy SC-7 part b and other controls. See the FedRAMP Subnets White Paper (https://www.fedramp.gov/assets/resources/documents/FedRAMP_subnets_white_paper.pdf) for additional information." + } + ] } ] } ] }, { - "control-id": "si-7.1", + "control-id": "sc-7.5", "adds": [ { - "position": "starting", - "by-id": "si-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-7.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-7.1", - "props": [ + "position": "ending", + "by-id": "sc-7.5_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "sc-7.5_fr", + "name": "item", + "title": "SC-7 (5) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-7.5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For JAB Authorization, CSPs shall include details of this control in their Architecture Briefing" + } + ] } ] } ] }, { - "control-id": "si-7.15", + "control-id": "sc-8", "adds": [ { - "position": "starting", - "by-id": "si-7.15_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-7.15_smt", - "props": [ + "position": "ending", + "by-id": "sc-8_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-8_fr", + "name": "item", + "title": "SC-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n\n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work \u2013 e.g. log collection, scanning, etc.\n\n\n\n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters\n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information]" + }, + { + "id": "sc-8_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n\n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n\n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS\u2019s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS\u2019 recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n\n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n\n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n\n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf" + } + ] } ] } ] }, { - "control-id": "si-7.2", + "control-id": "sc-8.1", "adds": [ { - "position": "starting", - "by-id": "si-7.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-7.2_smt", - "props": [ + "position": "ending", + "by-id": "sc-8.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-8.1_fr", + "name": "item", + "title": "SC-8 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-8.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Please ensure SSP Section 10.3 Cryptographic Modules Implemented for Data At Rest (DAR) and Data In Transit (DIT) is fully populated for reference in this control." + }, + { + "id": "sc-8.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See M-22-09, including \\\"Agencies encrypt all DNS requests and HTTP traffic within their environment\\\"\n\nSC-8 (1) applies when encryption has been selected as the method to protect confidentiality and integrity. Otherwise refer to SC-8 (5). SC-8 (1) is strongly encouraged." + }, + { + "id": "sc-8.1_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" + }, + { + "id": "sc-8.1_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When leveraging encryption from the underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + } + ] } ] } ] }, { - "control-id": "si-7.5", + "control-id": "sc-12", "adds": [ { - "position": "starting", - "by-id": "si-7.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, + "position": "ending", + "by-id": "sc-12_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" + "id": "sc-12_fr", + "name": "item", + "title": "SC-12 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-12_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See references in NIST 800-53 documentation." + }, + { + "id": "sc-12_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Must meet applicable Federal Cryptographic Requirements. See References Section of control." + }, + { + "id": "sc-12_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Wildcard certificates may be used internally within the system, but are not permitted for external customer access to the system." + } + ] } ] - }, + } + ] + }, + { + "control-id": "sc-13", + "adds": [ { - "position": "starting", - "by-id": "si-7.5_smt", - "props": [ + "position": "ending", + "by-id": "sc-13_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-13_fr", + "name": "item", + "title": "SC-13 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-13_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "This control applies to all use of cryptography. In addition to encryption, this includes functions such as hashing, random number generation, and key generation. Examples include the following:\n\n* Encryption of data\n* Decryption of data\n* Generation of one time passwords (OTPs) for MFA\n* Protocols such as TLS, SSH, and HTTPS\n\n\n\n\nThe requirement for FIPS 140 validation, as well as timelines for acceptance of FIPS 140-2, and 140-3 can be found at the NIST Cryptographic Module Validation Program (CMVP).\n\nhttps://csrc.nist.gov/projects/cryptographic-module-validation-program" + }, + { + "id": "sc-13_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For NSA-approved cryptography, the National Information Assurance Partnership (NIAP) oversees a national program to evaluate Commercial IT Products for Use in National Security Systems. The NIAP Product Compliant List can be found at the following location:\n\nhttps://www.niap-ccevs.org/Product/index.cfm" + }, + { + "id": "sc-13_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + }, + { + "id": "sc-13_fr_gdn.4", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Moving to non-FIPS CM or product is acceptable when:\n\n* FIPS validated version has a known vulnerability\n* Feature with vulnerability is in use\n* Non-FIPS version fixes the vulnerability\n* Non-FIPS version is submitted to NIST for FIPS validation\n* POA&M is added to track approval, and deployment when ready\n" + }, + { + "id": "sc-13_fr_gdn.5", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "At a minimum, this control applies to cryptography in use for the following controls: AU-9(3), CP-9(8), IA-2(6), IA-5(1), MP-5, SC-8(1), and SC-28(1)." + } + ] } ] } ] }, { - "control-id": "si-7.7", + "control-id": "sc-15", "adds": [ { - "position": "starting", - "by-id": "si-7.7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-7.7_smt", - "props": [ + "position": "ending", + "by-id": "sc-15_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-15_fr", + "name": "item", + "title": "SC-15 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-15_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use." + } + ] } ] } ] }, { - "control-id": "si-8", + "control-id": "sc-20", "adds": [ { "position": "ending", - "by-id": "si-8_smt", + "by-id": "sc-20_smt", "parts": [ { - "id": "si-8_fr", + "id": "sc-20_fr", "name": "item", - "title": "SI-8 Additional FedRAMP Requirements and Guidance", + "title": "SC-20 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-8_fr_gdn.1", + "id": "sc-20_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Control Description should include how DNSSEC is implemented on authoritative DNS servers to supply valid responses to external DNSSEC requests." + }, + { + "id": "sc-20_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Authoritative DNS servers must be geolocated in accordance with SA-9 (5)." + }, + { + "id": "sc-20_fr_gdn.1", "name": "guidance", "props": [ { @@ -41425,10 +5646,10 @@ "value": "Guidance:" } ], - "prose": "When CSO sends email on behalf of the government as part of the business offering, Control Description should include implementation of Domain-based Message Authentication, Reporting & Conformance (DMARC) on the sending domain for outgoing messages as described in DHS Binding Operational Directive (BOD) 18-01.\n\nhttps://cyber.dhs.gov/bod/18-01/" + "prose": "SC-20 applies to use of external authoritative DNS to access a CSO from outside the boundary." }, { - "id": "si-8_fr_gdn.2", + "id": "sc-20_fr_gdn.2", "name": "guidance", "props": [ { @@ -41436,96 +5657,39 @@ "value": "Guidance:" } ], - "prose": "CSPs should confirm DMARC configuration (where appropriate) to ensure that policy=reject and the rua parameter includes reports@dmarc.cyber.dhs.gov. DMARC compliance should be documented in the SI-08 control implementation solution description, and list the FROM: domain(s) that will be seen by email recipients." + "prose": "External authoritative DNS servers may be located outside an authorized environment. Positioning these servers inside an authorized boundary is encouraged." + }, + { + "id": "sc-20_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "CSPs are recommended to self-check DNSSEC configuration through one of many available analyzers such as Sandia National Labs (https://dnsviz.net)" } ] } ] - }, - { - "position": "starting", - "by-id": "si-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "si-10", + "control-id": "sc-21", "adds": [ { "position": "ending", - "by-id": "si-10_smt", + "by-id": "sc-21_smt", "parts": [ { - "id": "si-10_fr", + "id": "sc-21_fr", "name": "item", - "title": "SI-10 Additional FedRAMP Requirements and Guidance", + "title": "SC-21 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-10_fr_smt.1", + "id": "sc-21_fr_smt.1", "name": "item", "props": [ { @@ -41533,767 +5697,342 @@ "value": "Requirement:" } ], - "prose": "Validate all information inputs and document any exceptions" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "si-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-10", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "si-8.2", - "adds": [ - { - "position": "starting", - "by-id": "si-8.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-8.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sr-1", - "adds": [ - { - "position": "starting", - "by-id": "sr-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." + "prose": "Control description should include how DNSSEC is implemented on recursive DNS servers to make DNSSEC requests when resolving DNS requests from internal components to domains external to the CSO boundary.\n\n* If the reply is signed, and fails DNSSEC, do not use the reply\n* If the reply is unsigned: * CSP chooses the policy to apply \n" + }, + { + "id": "sc-21_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Internal recursive DNS servers must be located inside an authorized environment. It is typically within the boundary, or leveraged from an underlying IaaS/PaaS." + }, + { + "id": "sc-21_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Accepting an unsigned reply is acceptable" + }, + { + "id": "sc-21_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SC-21 applies to use of internal recursive DNS to access a domain outside the boundary by a component inside the boundary.\n\n- DNSSEC resolution to access a component inside the boundary is excluded." + } + ] } ] } ] }, { - "control-id": "sr-10", + "control-id": "sc-28", "adds": [ { - "position": "starting", - "by-id": "sr-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-10_smt", - "props": [ + "position": "ending", + "by-id": "sc-28_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-28_fr", + "name": "item", + "title": "SC-28 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-28_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The organization supports the capability to use cryptographic mechanisms to protect information at rest." + }, + { + "id": "sc-28_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + }, + { + "id": "sc-28_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Note that this enhancement requires the use of cryptography in accordance with SC-13." + } + ] } ] } ] }, { - "control-id": "sr-11.1", + "control-id": "sc-28.1", "adds": [ { - "position": "starting", - "by-id": "sr-11.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11.1_smt", - "props": [ + "position": "ending", + "by-id": "sc-28.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-28.1_fr", + "name": "item", + "title": "SC-28 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-28.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Organizations should select a mode of protection that is targeted towards the relevant threat scenarios.\n\nExamples:\n\nA. Organizations may apply full disk encryption (FDE) to a mobile device where the primary threat is loss of the device while storage is locked.\n\nB. For a database application housing data for a single customer, encryption at the file system level would often provide more protection than FDE against the more likely threat of an intruder on the operating system accessing the storage.\n\nC. For a database application housing data for multiple customers, encryption with unique keys for each customer at the database record level may be more appropriate." + } + ] } ] } ] }, { - "control-id": "sr-11.2", + "control-id": "sc-45.1", "adds": [ { - "position": "starting", - "by-id": "sr-11.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11.2_smt", - "props": [ + "position": "ending", + "by-id": "sc-45.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-45.1_fr", + "name": "item", + "title": "SC-45(1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-45.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider selects primary and secondary time servers used by the NIST Internet time service. The secondary server is selected from a different geographic region than the primary server." + }, + { + "id": "sc-45.1_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider synchronizes the system clocks of network computers that run operating systems other than Windows to the Windows Server Domain Controller emulator or to the same time source for that server." + }, + { + "id": "sc-45.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Synchronization of system clocks improves the accuracy of log analysis." + } + ] } ] } ] }, { - "control-id": "sr-12", + "control-id": "si-4", "adds": [ { - "position": "starting", - "by-id": "sr-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-12_smt", - "props": [ + "position": "ending", + "by-id": "si-4_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "si-4_fr", + "name": "item", + "title": "SI-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "si-4_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See US-CERT Incident Response Reporting Guidelines." + } + ] } ] } ] }, { - "control-id": "sr-2", + "control-id": "si-4.5", "adds": [ { - "position": "starting", - "by-id": "sr-2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_smt.b", - "props": [ + "position": "ending", + "by-id": "si-4.5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "si-4.5_fr", + "name": "item", + "title": "SI-4 (5) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "si-4.5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "In accordance with the incident response plan." + } + ] } ] - }, + } + ] + }, + { + "control-id": "si-4.10", + "adds": [ { - "position": "starting", - "by-id": "sr-2_smt.c", - "props": [ + "position": "ending", + "by-id": "si-4.10_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "si-4.10_fr", + "name": "item", + "title": "SI-4 (10) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "si-4.10_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf) and M-22-09 (https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf)." + } + ] } ] } ] }, { - "control-id": "sr-2.1", + "control-id": "si-5", "adds": [ { - "position": "starting", - "by-id": "sr-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "si-5_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" + "id": "si-5_fr_smt.1", + "name": "item", + "title": "SI-5 Additional FedRAMP Requirements and Guidance", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Service Providers must address the CISA Emergency and Binding Operational Directives applicable to their cloud service offering per FedRAMP guidance. This includes listing the applicable directives and stating compliance status." } ] - }, + } + ] + }, + { + "control-id": "si-8", + "adds": [ { - "position": "starting", - "by-id": "sr-2.1_smt", - "props": [ + "position": "ending", + "by-id": "si-8_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "si-8_fr", + "name": "item", + "title": "SI-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "si-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When CSO sends email on behalf of the government as part of the business offering, Control Description should include implementation of Domain-based Message Authentication, Reporting & Conformance (DMARC) on the sending domain for outgoing messages as described in DHS Binding Operational Directive (BOD) 18-01.\n\nhttps://cyber.dhs.gov/bod/18-01/" + }, + { + "id": "si-8_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "CSPs should confirm DMARC configuration (where appropriate) to ensure that policy=reject and the rua parameter includes reports@dmarc.cyber.dhs.gov. DMARC compliance should be documented in the SI-08 control implementation solution description, and list the FROM: domain(s) that will be seen by email recipients." + } + ] } ] } ] }, { - "control-id": "sr-3", + "control-id": "si-10", "adds": [ { "position": "ending", - "by-id": "sr-3_smt", + "by-id": "si-10_smt", "parts": [ { - "id": "sr-3_fr", + "id": "si-10_fr", "name": "item", - "title": "SR-3 Additional FedRAMP Requirements and Guidance", + "title": "SI-10 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sr-3_fr_smt.1", + "id": "si-10_fr_smt.1", "name": "item", "props": [ { @@ -42301,179 +6040,38 @@ "value": "Requirement:" } ], - "prose": "CSO must document and maintain the supply chain custody, including replacement devices, to ensure the integrity of the devices before being introduced to the boundary." + "prose": "Validate all information inputs and document any exceptions" } ] } ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "sr-5", + "control-id": "sr-3", "adds": [ { - "position": "starting", - "by-id": "sr-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-5_smt", - "props": [ + "position": "ending", + "by-id": "sr-3_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sr-3_fr", + "name": "item", + "title": "SR-3 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sr-3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "CSO must document and maintain the supply chain custody, including replacement devices, to ensure the integrity of the devices before being introduced to the boundary." + } + ] } ] } @@ -42505,40 +6103,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, @@ -42568,40 +6132,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, @@ -42631,79 +6161,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sr-9.1", - "adds": [ - { - "position": "starting", - "by-id": "sr-9.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-9.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, @@ -42733,143 +6190,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] } @@ -42903,7 +6223,7 @@ }, { "uuid": "051a77c1-b61d-4995-8275-dacfe688d510", - "title": "NIST Special Publication (SP) 800-53", + "title": "NIST Special Publication (SP) 800-53 revision 5", "props": [ { "name": "version", @@ -42912,8 +6232,8 @@ ], "rlinks": [ { - "href": "https://raw.githubusercontent.com/usnistgov/oscal-content/v1.2.0/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json", - "media-type": "application/json" + "href": "NIST_SP-800-53_rev5_catalog.json", + "media-type": "application/oscal+json" } ] } diff --git a/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline_profile.json b/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline_profile.json index d44e95069..1820e8ccd 100644 --- a/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline_profile.json +++ b/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline_profile.json @@ -1,11 +1,11 @@ { "profile": { - "uuid": "2ef3cdd1-6928-494b-b2ef-593e774fae38", + "uuid": "8ed4b202-ef72-45d1-a0a1-21342469d481", "metadata": { "title": "FedRAMP Rev 5 High Baseline", "published": "2023-08-31T00:00:00Z", - "last-modified": "2024-01-11T23:40:17Z", - "version": "5.1.1+fedramp-20240111-0", + "last-modified": "2023-12-18T15:22:59Z", + "version": "5.1.1+20231218-1", "oscal-version": "1.1.1", "roles": [ { @@ -2027,7 +2027,7 @@ "param-id": "ps-03.03_odp", "constraints": [ { - "description": "personnel screening criteria - as required by specific information" + "description": "personnel screening criteria – as required by specific information" } ] }, @@ -2730,34871 +2730,996 @@ ], "alters": [ { - "control-id": "ac-1", + "control-id": "ac-2.3", "adds": [ { - "position": "starting", - "by-id": "ac-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_smt.c", - "props": [ + "position": "ending", + "by-id": "ac-2.3_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." + "id": "ac-2.3_fr", + "name": "item", + "title": "AC-2 (3) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-2.3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider defines the time period for non-user accounts (e.g., accounts associated with devices). The time periods are approved and accepted by the JAB/AO. Where user management is a function of the service, reports of activity of consumer users shall be made available." + }, + { + "id": "ac-2.3_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(d) Requirement:" + } + ], + "prose": "The service provider defines the time period of inactivity for device identifiers." + }, + { + "id": "ac-2.3_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For DoD clouds, see DoD cloud website for specific DoD requirements that go above and beyond FedRAMP https://public.cyber.mil/dccs/." + } + ] } ] } ] }, { - "control-id": "ac-10", + "control-id": "ac-2.5", "adds": [ { - "position": "starting", - "by-id": "ac-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-10_smt", - "props": [ + "position": "ending", + "by-id": "ac-2.5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-2.5_fr", + "name": "item", + "title": "AC-2 (5) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-2.5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Should use a shorter timeframe than AC-12." + } + ] } ] } ] }, { - "control-id": "ac-11", + "control-id": "ac-2.9", "adds": [ { - "position": "starting", - "by-id": "ac-11_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-11_smt.b", - "props": [ + "position": "ending", + "by-id": "ac-2.9_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-2.9_fr", + "name": "item", + "title": "AC-2 (9) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-2.9_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Required if shared/group accounts are deployed." + } + ] } ] } ] }, { - "control-id": "ac-11.1", + "control-id": "ac-2.12", "adds": [ { - "position": "starting", - "by-id": "ac-11.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-11.1_smt", - "props": [ + "position": "ending", + "by-id": "ac-2.12_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-2.12_fr", + "name": "item", + "title": "AC-2 (12) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-2.12_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "Required for privileged accounts." + }, + { + "id": "ac-2.12_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(b) Requirement:" + } + ], + "prose": "Required for privileged accounts." + } + ] } ] } ] }, { - "control-id": "ac-12", + "control-id": "ac-4.4", "adds": [ { - "position": "starting", - "by-id": "ac-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-12_smt", - "props": [ + "position": "ending", + "by-id": "ac-4.4_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-4.4_fr", + "name": "item", + "title": "AC-4 (4) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-4.4_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf) and M-22-09 (https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf)." + } + ] } ] } ] }, { - "control-id": "ac-14", + "control-id": "ac-5", "adds": [ { - "position": "starting", - "by-id": "ac-14_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-14_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, + "position": "ending", + "by-id": "ac-5_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-14_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-14_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-5_fr", + "name": "item", + "title": "AC-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "CSPs have the option to provide a separation of duties matrix as an attachment to the SSP." + } + ] } ] } ] }, { - "control-id": "ac-17", + "control-id": "ac-6.2", "adds": [ { - "position": "starting", - "by-id": "ac-17_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-17_smt.b", - "props": [ + "position": "ending", + "by-id": "ac-6.2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-6.2_fr", + "name": "item", + "title": "AC-6 (2) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-6.2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Examples of security functions include but are not limited to: establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters, system programming, system and security administration, other privileged functions." + } + ] } ] } ] }, { - "control-id": "ac-17.1", + "control-id": "ac-7", "adds": [ { - "position": "starting", - "by-id": "ac-17.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.1_smt", - "props": [ + "position": "ending", + "by-id": "ac-7_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-7_fr", + "name": "item", + "title": "AC-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-7_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "In alignment with NIST SP 800-63B." + } + ] } ] } ] }, { - "control-id": "ac-17.2", + "control-id": "ac-8", "adds": [ { - "position": "starting", - "by-id": "ac-17.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.2", - "props": [ + "position": "ending", + "by-id": "ac-8_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ac-8_fr", + "name": "item", + "title": "AC-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-8_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider shall determine elements of the cloud environment that require the System Use Notification control. The elements of the cloud environment that require System Use Notification are approved and accepted by the JAB/AO." + }, + { + "id": "ac-8_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider shall determine how System Use Notification is going to be verified and provide appropriate periodicity of the check. The System Use Notification verification and periodicity are approved and accepted by the JAB/AO." + }, + { + "id": "ac-8_fr_smt.3", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "If not performed as part of a Configuration Baseline check, then there must be documented agreement on how to provide results of verification and the necessary periodicity of the verification by the service provider. The documented agreement on how to provide verification of the results are approved and accepted by the JAB/AO." + }, + { + "id": "ac-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "If performed as part of a Configuration Baseline check, then the % of items requiring setting that are checked and that pass (or fail) check can be provided." + } + ] } ] } ] }, { - "control-id": "ac-17.3", + "control-id": "ac-20", "adds": [ { - "position": "starting", - "by-id": "ac-17.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.3_smt", - "props": [ + "position": "ending", + "by-id": "ac-20_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-20_fr", + "name": "item", + "title": "AC-20 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-20_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The interrelated controls of AC-20, CA-3, and SA-9 should be differentiated as follows:\n\nAC-20 describes system access to and from external systems.\n\nCA-3 describes documentation of an agreement between the respective system owners when data is exchanged between the CSO and an external system.\n\nSA-9 describes the responsibilities of external system owners. These responsibilities would typically be captured in the agreement required by CA-3." + } + ] } ] } ] }, { - "control-id": "ac-17.4", + "control-id": "au-2", "adds": [ { - "position": "starting", - "by-id": "ac-17.4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_smt.b", - "props": [ + "position": "ending", + "by-id": "au-2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-2_fr", + "name": "item", + "title": "AU-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-2_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO." + }, + { + "id": "au-2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(e) Guidance:" + } + ], + "prose": "Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO." + } + ] } ] } ] }, { - "control-id": "ac-18", + "control-id": "au-3.1", "adds": [ { - "position": "starting", - "by-id": "ac-18_obj.a", - "props": [ + "position": "ending", + "by-id": "au-3.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-18_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-3.1_fr", + "name": "item", + "title": "AU-3 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-3.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For client-server transactions, the number of bytes sent and received gives bidirectional transfer information that can be helpful during an investigation or inquiry." + } + ] } ] } ] }, { - "control-id": "ac-18.1", + "control-id": "au-6", "adds": [ { - "position": "starting", - "by-id": "ac-18.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18.1_smt", - "props": [ + "position": "ending", + "by-id": "au-6_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-6_fr", + "name": "item", + "title": "AU-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-6_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO. In multi-tenant environments, capability and means for providing review, analysis, and reporting to consumer for data pertaining to consumer shall be documented." + } + ] } ] } ] }, { - "control-id": "ac-18.3", + "control-id": "au-6.6", "adds": [ { - "position": "starting", - "by-id": "ac-18.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18.3_smt", - "props": [ + "position": "ending", + "by-id": "au-6.6_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-6.6_fr", + "name": "item", + "title": "AU-6 (6) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-6.6_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO." + } + ] } ] } ] }, { - "control-id": "ac-18.4", + "control-id": "au-9.3", "adds": [ { - "position": "starting", - "by-id": "ac-18.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18.4_smt", - "props": [ + "position": "ending", + "by-id": "au-9.3_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-9.3_fr", + "name": "item", + "title": "AU-9 (3) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-9.3_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" + } + ] } ] } ] }, { - "control-id": "ac-18.5", + "control-id": "au-11", "adds": [ { - "position": "starting", - "by-id": "ac-18.5_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18.5_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18.5_smt", - "props": [ + "position": "ending", + "by-id": "au-11_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-11_fr", + "name": "item", + "title": "AU-11 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-11_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider retains audit records on-line for at least ninety days and further preserves audit records off-line for a period that is in accordance with NARA requirements." + }, + { + "id": "au-11_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf)" + }, + { + "id": "au-11_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The service provider is encouraged to align with M-21-31 where possible" + } + ] } ] } ] }, { - "control-id": "ac-19", + "control-id": "ca-2", "adds": [ { - "position": "starting", - "by-id": "ac-19_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-19_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-19_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-19_smt.b", - "props": [ + "position": "ending", + "by-id": "ca-2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ca-2_fr", + "name": "item", + "title": "CA-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Reference FedRAMP Annual Assessment Guidance." + } + ] } ] } ] }, { - "control-id": "ac-19.5", + "control-id": "ca-2.1", "adds": [ { - "position": "starting", - "by-id": "ac-19.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-19.5_smt", - "props": [ + "position": "ending", + "by-id": "ca-2.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ca-2.1_fr", + "name": "item", + "title": "CA-2 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-2.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "For JAB Authorization, must use an accredited 3PAO." + } + ] } ] } ] }, { - "control-id": "ac-2", + "control-id": "ca-2.2", "adds": [ { - "position": "starting", - "by-id": "ac-2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, + "position": "ending", + "by-id": "ca-2.2_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.i.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.i.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.i.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.j", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.k-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.k-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.l", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.j", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.k", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.l", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.1", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.11", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.11", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.13", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.13_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.13_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.13", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.2", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.3", - "adds": [ - { - "position": "ending", - "by-id": "ac-2.3_smt", - "parts": [ - { - "id": "ac-2.3_fr", - "name": "item", - "title": "AC-2 (3) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-2.3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider defines the time period for non-user accounts (e.g., accounts associated with devices). The time periods are approved and accepted by the JAB/AO. Where user management is a function of the service, reports of activity of consumer users shall be made available." - }, - { - "id": "ac-2.3_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(d) Requirement:" - } - ], - "prose": "The service provider defines the time period of inactivity for device identifiers." - }, - { - "id": "ac-2.3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "For DoD clouds, see DoD cloud website for specific DoD requirements that go above and beyond FedRAMP https://public.cyber.mil/dccs/." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.4", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.5", - "adds": [ - { - "position": "ending", - "by-id": "ac-2.5_smt", - "parts": [ - { - "id": "ac-2.5_fr", - "name": "item", - "title": "AC-2 (5) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-2.5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Should use a shorter timeframe than AC-12." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.7", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.9", - "adds": [ - { - "position": "ending", - "by-id": "ac-2.9_smt", - "parts": [ - { - "id": "ac-2.9_fr", - "name": "item", - "title": "AC-2 (9) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-2.9_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Required if shared/group accounts are deployed." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.9", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.12", - "adds": [ - { - "position": "ending", - "by-id": "ac-2.12_smt", - "parts": [ - { - "id": "ac-2.12_fr", - "name": "item", - "title": "AC-2 (12) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-2.12_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "Required for privileged accounts." - }, - { - "id": "ac-2.12_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "Required for privileged accounts." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-20.1", - "adds": [ - { - "position": "starting", - "by-id": "ac-20.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-20.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-20.2", - "adds": [ - { - "position": "starting", - "by-id": "ac-20.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-21", - "adds": [ - { - "position": "starting", - "by-id": "ac-21_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-21_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-21_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-21_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-22", - "adds": [ - { - "position": "starting", - "by-id": "ac-22_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-3", - "adds": [ - { - "position": "starting", - "by-id": "ac-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-4", - "adds": [ - { - "position": "starting", - "by-id": "ac-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-4.21", - "adds": [ - { - "position": "starting", - "by-id": "ac-4.21_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-4.21_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-4.4", - "adds": [ - { - "position": "ending", - "by-id": "ac-4.4_smt", - "parts": [ - { - "id": "ac-4.4_fr", - "name": "item", - "title": "AC-4 (4) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-4.4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf) and M-22-09 (https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-4.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-4.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-5", - "adds": [ - { - "position": "ending", - "by-id": "ac-5_smt", - "parts": [ - { - "id": "ac-5_fr", - "name": "item", - "title": "AC-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "CSPs have the option to provide a separation of duties matrix as an attachment to the SSP." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-6", - "adds": [ - { - "position": "starting", - "by-id": "ac-6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.1", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-6.10", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.10", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.2", - "adds": [ - { - "position": "ending", - "by-id": "ac-6.2_smt", - "parts": [ - { - "id": "ac-6.2_fr", - "name": "item", - "title": "AC-6 (2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-6.2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Examples of security functions include but are not limited to: establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters, system programming, system and security administration, other privileged functions." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.3", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.3_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.3_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.5", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.7", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-6.8", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.9", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-7", - "adds": [ - { - "position": "ending", - "by-id": "ac-7_smt", - "parts": [ - { - "id": "ac-7_fr", - "name": "item", - "title": "AC-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "In alignment with NIST SP 800-63B." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-8", - "adds": [ - { - "position": "ending", - "by-id": "ac-8_smt", - "parts": [ - { - "id": "ac-8_fr", - "name": "item", - "title": "AC-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider shall determine elements of the cloud environment that require the System Use Notification control. The elements of the cloud environment that require System Use Notification are approved and accepted by the JAB/AO." - }, - { - "id": "ac-8_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider shall determine how System Use Notification is going to be verified and provide appropriate periodicity of the check. The System Use Notification verification and periodicity are approved and accepted by the JAB/AO." - }, - { - "id": "ac-8_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "If not performed as part of a Configuration Baseline check, then there must be documented agreement on how to provide results of verification and the necessary periodicity of the verification by the service provider. The documented agreement on how to provide verification of the results are approved and accepted by the JAB/AO." - }, - { - "id": "ac-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "If performed as part of a Configuration Baseline check, then the % of items requiring setting that are checked and that pass (or fail) check can be provided." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-20", - "adds": [ - { - "position": "ending", - "by-id": "ac-20_smt", - "parts": [ - { - "id": "ac-20_fr", - "name": "item", - "title": "AC-20 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-20_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The interrelated controls of AC-20, CA-3, and SA-9 should be differentiated as follows:\n\nAC-20 describes system access to and from external systems.\n\nCA-3 describes documentation of an agreement between the respective system owners when data is exchanged between the CSO and an external system.\n\nSA-9 describes the responsibilities of external system owners. These responsibilities would typically be captured in the agreement required by CA-3." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-1", - "adds": [ - { - "position": "starting", - "by-id": "at-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "at-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "at-2", - "adds": [ - { - "position": "starting", - "by-id": "at-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.1-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.1-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-2.2", - "adds": [ - { - "position": "starting", - "by-id": "at-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-2.3", - "adds": [ - { - "position": "starting", - "by-id": "at-2.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-3", - "adds": [ - { - "position": "starting", - "by-id": "at-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-4", - "adds": [ - { - "position": "starting", - "by-id": "at-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-1", - "adds": [ - { - "position": "starting", - "by-id": "au-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "au-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "au-10", - "adds": [ - { - "position": "starting", - "by-id": "au-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-10", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-12", - "adds": [ - { - "position": "starting", - "by-id": "au-12_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-12.1", - "adds": [ - { - "position": "starting", - "by-id": "au-12.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-12.3", - "adds": [ - { - "position": "starting", - "by-id": "au-12.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12.3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-2", - "adds": [ - { - "position": "ending", - "by-id": "au-2_smt", - "parts": [ - { - "id": "au-2_fr", - "name": "item", - "title": "AU-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO." - }, - { - "id": "au-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(e) Guidance:" - } - ], - "prose": "Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-3", - "adds": [ - { - "position": "starting", - "by-id": "au-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-3.1", - "adds": [ - { - "position": "ending", - "by-id": "au-3.1_smt", - "parts": [ - { - "id": "au-3.1_fr", - "name": "item", - "title": "AU-3 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-3.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "For client-server transactions, the number of bytes sent and received gives bidirectional transfer information that can be helpful during an investigation or inquiry." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-3.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-3.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-4", - "adds": [ - { - "position": "starting", - "by-id": "au-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-5", - "adds": [ - { - "position": "starting", - "by-id": "au-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-5.1", - "adds": [ - { - "position": "starting", - "by-id": "au-5.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-5.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-5.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-5.2", - "adds": [ - { - "position": "starting", - "by-id": "au-5.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-5.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-5.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6", - "adds": [ - { - "position": "ending", - "by-id": "au-6_smt", - "parts": [ - { - "id": "au-6_fr", - "name": "item", - "title": "AU-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO. In multi-tenant environments, capability and means for providing review, analysis, and reporting to consumer for data pertaining to consumer shall be documented." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6.1", - "adds": [ - { - "position": "starting", - "by-id": "au-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6.3", - "adds": [ - { - "position": "starting", - "by-id": "au-6.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6.3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6.4", - "adds": [ - { - "position": "starting", - "by-id": "au-6.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6.4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6.5", - "adds": [ - { - "position": "starting", - "by-id": "au-6.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6.6", - "adds": [ - { - "position": "ending", - "by-id": "au-6.6_smt", - "parts": [ - { - "id": "au-6.6_fr", - "name": "item", - "title": "AU-6 (6) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-6.6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-6.6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6.6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6.6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6.7", - "adds": [ - { - "position": "starting", - "by-id": "au-6.7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6.7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6.7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-7", - "adds": [ - { - "position": "starting", - "by-id": "au-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-7.1", - "adds": [ - { - "position": "starting", - "by-id": "au-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-7.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-8", - "adds": [ - { - "position": "starting", - "by-id": "au-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-9", - "adds": [ - { - "position": "starting", - "by-id": "au-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-9.2", - "adds": [ - { - "position": "starting", - "by-id": "au-9.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-9.3", - "adds": [ - { - "position": "ending", - "by-id": "au-9.3_smt", - "parts": [ - { - "id": "au-9.3_fr", - "name": "item", - "title": "AU-9 (3) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-9.3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-9.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-11", - "adds": [ - { - "position": "ending", - "by-id": "au-11_smt", - "parts": [ - { - "id": "au-11_fr", - "name": "item", - "title": "AU-11 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-11_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider retains audit records on-line for at least ninety days and further preserves audit records off-line for a period that is in accordance with NARA requirements." - }, - { - "id": "au-11_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf)" - }, - { - "id": "au-11_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The service provider is encouraged to align with M-21-31 where possible" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-11", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-9.4", - "adds": [ - { - "position": "starting", - "by-id": "au-9.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-1", - "adds": [ - { - "position": "starting", - "by-id": "ca-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ca-2", - "adds": [ - { - "position": "ending", - "by-id": "ca-2_smt", - "parts": [ - { - "id": "ca-2_fr", - "name": "item", - "title": "CA-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Reference FedRAMP Annual Assessment Guidance." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.b.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-2.1", - "adds": [ - { - "position": "ending", - "by-id": "ca-2.1_smt", - "parts": [ - { - "id": "ca-2.1_fr", - "name": "item", - "title": "CA-2 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-2.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "For JAB Authorization, must use an accredited 3PAO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-2.2", - "adds": [ - { - "position": "ending", - "by-id": "ca-2.2_smt", - "parts": [ - { - "id": "ca-2.2_fr", - "name": "item", - "title": "CA-2 (2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-2.2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "To include 'announced', 'vulnerability scanning'" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-2.3", - "adds": [ - { - "position": "starting", - "by-id": "ca-2.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-3", - "adds": [ - { - "position": "starting", - "by-id": "ca-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-3.6", - "adds": [ - { - "position": "starting", - "by-id": "ca-3.6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3.6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-5", - "adds": [ - { - "position": "ending", - "by-id": "ca-5_smt", - "parts": [ - { - "id": "ca-5_fr", - "name": "item", - "title": "CA-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "POA&Ms must be provided at least monthly." - }, - { - "id": "ca-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Reference FedRAMP-POAM-Template" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-6", - "adds": [ - { - "position": "ending", - "by-id": "ca-6_smt", - "parts": [ - { - "id": "ca-6_fr", - "name": "item", - "title": "CA-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-6_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(e) Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F and according to FedRAMP Significant Change Policies and Procedures. The service provider describes the types of changes to the information system or the environment of operations that would impact the risk posture. The types of changes are approved and accepted by the JAB/AO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-7", - "adds": [ - { - "position": "ending", - "by-id": "ca-7_smt", - "parts": [ - { - "id": "ca-7_fr", - "name": "item", - "title": "CA-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Operating System, Database, Web Application, Container, and Service Configuration Scans: at least monthly. All scans performed by Independent Assessor: at least annually." - }, - { - "id": "ca-7_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "CSOs with more than one agency ATO must implement a collaborative Continuous Monitoring (ConMon) approach described in the FedRAMP Guide for Multi-Agency Continuous Monitoring. This requirement applies to CSOs authorized via the Agency path as each agency customer is responsible for performing ConMon oversight. It does not apply to CSOs authorized via the JAB path because the JAB performs ConMon oversight." - }, - { - "id": "ca-7_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "FedRAMP does not provide a template for the Continuous Monitoring Plan. CSPs should reference the FedRAMP Continuous Monitoring Strategy Guide when developing the Continuous Monitoring Plan." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-7.1", - "adds": [ - { - "position": "starting", - "by-id": "ca-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-7.4", - "adds": [ - { - "position": "starting", - "by-id": "ca-7.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-8", - "adds": [ - { - "position": "ending", - "by-id": "ca-8_smt", - "parts": [ - { - "id": "ca-8_fr", - "name": "item", - "title": "CA-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Reference the FedRAMP Penetration Test Guidance." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-8.1", - "adds": [ - { - "position": "starting", - "by-id": "ca-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-8.2", - "adds": [ - { - "position": "ending", - "by-id": "ca-8.2_smt", - "parts": [ - { - "id": "ca-8.2_fr", - "name": "item", - "title": "CA-8(2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-8.2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See the FedRAMP Documents page> Penetration Test Guidance\n\nhttps://www.FedRAMP.gov/documents/" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-8.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-8.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-8.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ca-9", - "adds": [ - { - "position": "starting", - "by-id": "ca-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-1", - "adds": [ - { - "position": "starting", - "by-id": "cm-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "cm-10", - "adds": [ - { - "position": "starting", - "by-id": "cm-10_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-11", - "adds": [ - { - "position": "starting", - "by-id": "cm-11_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-2", - "adds": [ - { - "position": "ending", - "by-id": "cm-2_smt", - "parts": [ - { - "id": "cm-2_fr", - "name": "item", - "title": "CM-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(b)(1) Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.b.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-2.2", - "adds": [ - { - "position": "starting", - "by-id": "cm-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-2.3", - "adds": [ - { - "position": "starting", - "by-id": "cm-2.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-2.7", - "adds": [ - { - "position": "starting", - "by-id": "cm-2.7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-3", - "adds": [ - { - "position": "ending", - "by-id": "cm-3_smt", - "parts": [ - { - "id": "cm-3_fr", - "name": "item", - "title": "CM-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider establishes a central means of communicating major changes to or developments in the information system or environment of operations that may affect its services to the federal government and associated service consumers (e.g., electronic bulletin board, web status page). The means of communication are approved and accepted by the JAB/AO." - }, - { - "id": "cm-3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(e) Guidance:" - } - ], - "prose": "In accordance with record retention policies and procedures." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.g-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.g-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-3.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-3.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.1_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-3.2", - "adds": [ - { - "position": "starting", - "by-id": "cm-3.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-3.4", - "adds": [ - { - "position": "starting", - "by-id": "cm-3.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-3.6", - "adds": [ - { - "position": "starting", - "by-id": "cm-3.6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-4", - "adds": [ - { - "position": "starting", - "by-id": "cm-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-4.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-4.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.1_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.1_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.1_obj-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.1_obj-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.1_obj-7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.1_obj-8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.1_obj-9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-4.2", - "adds": [ - { - "position": "starting", - "by-id": "cm-4.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-5", - "adds": [ - { - "position": "starting", - "by-id": "cm-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-5.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-5.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-5.5", - "adds": [ - { - "position": "starting", - "by-id": "cm-5.5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-6", - "adds": [ - { - "position": "ending", - "by-id": "cm-6_smt", - "parts": [ - { - "id": "cm-6_fr", - "name": "item", - "title": "CM-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement 1:" - } - ], - "prose": "The service provider shall use the DoD STIGs to establish configuration settings; Center for Internet Security up to Level 2 (CIS Level 2) guidelines shall be used if STIGs are not available; Custom baselines shall be used if CIS is not available." - }, - { - "id": "cm-6_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement 2:" - } - ], - "prose": "The service provider shall ensure that checklists for configuration settings are Security Content Automation Protocol (SCAP) validated or SCAP compatible (if validated checklists are not available)." - }, - { - "id": "cm-6_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP's Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-6.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-6.2", - "adds": [ - { - "position": "starting", - "by-id": "cm-6.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-7", - "adds": [ - { - "position": "ending", - "by-id": "cm-7_smt", - "parts": [ - { - "id": "cm-7_fr", - "name": "item", - "title": "CM-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider shall use Security guidelines (See CM-6) to establish list of prohibited or restricted functions, ports, protocols, and/or services or establishes its own list of prohibited or restricted functions, ports, protocols, and/or services if STIGs or CIS is not available." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-7.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-7.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-7.2", - "adds": [ - { - "position": "ending", - "by-id": "cm-7.2_smt", - "parts": [ - { - "id": "cm-7.2_fr", - "name": "item", - "title": "CM-7 (2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-7.2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "This control refers to software deployment by CSP personnel into the production environment. The control requires a policy that states conditions for deploying software. This control shall be implemented in a technical manner on the information system to only allow programs to run that adhere to the policy (i.e. allow-listing). This control is not to be based off of strictly written policy on what is allowed or not allowed to run." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-7.5", - "adds": [ - { - "position": "starting", - "by-id": "cm-7.5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-8", - "adds": [ - { - "position": "ending", - "by-id": "cm-8_smt", - "parts": [ - { - "id": "cm-8_fr", - "name": "item", - "title": "CM-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "must be provided at least monthly or when there is a change." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-8.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-8.2", - "adds": [ - { - "position": "starting", - "by-id": "cm-8.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-8.3", - "adds": [ - { - "position": "starting", - "by-id": "cm-8.3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-8.4", - "adds": [ - { - "position": "starting", - "by-id": "cm-8.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-9", - "adds": [ - { - "position": "ending", - "by-id": "cm-9_smt", - "parts": [ - { - "id": "cm-9_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "FedRAMP does not provide a template for the Configuration Management Plan. However, NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems, provides guidelines for the implementation of CM controls as well as a sample CMP outline in Appendix D of the Guide" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-12", - "adds": [ - { - "position": "ending", - "by-id": "cm-12_smt", - "parts": [ - { - "id": "cm-12_fr", - "name": "item", - "title": "CM-12 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-12_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to FedRAMP Authorization Boundary Guidance" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-12.1", - "adds": [ - { - "position": "ending", - "by-id": "cm-12.1_smt", - "parts": [ - { - "id": "cm-12.1_fr", - "name": "item", - "title": "CM-12 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-12.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to FedRAMP Authorization Boundary Guidance." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-12.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-14", - "adds": [ - { - "position": "ending", - "by-id": "cm-14_smt", - "parts": [ - { - "id": "cm-14_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "If digital signatures/certificates are unavailable, alternative cryptographic integrity checks (hashes, self-signed certs, etc.) can be utilized." - } - ] - }, - { - "position": "starting", - "by-id": "cm-14_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-14_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-1", - "adds": [ - { - "position": "starting", - "by-id": "cp-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "cp-10", - "adds": [ - { - "position": "starting", - "by-id": "cp-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-10.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-10.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-10.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-10.4", - "adds": [ - { - "position": "starting", - "by-id": "cp-10.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-10.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2", - "adds": [ - { - "position": "ending", - "by-id": "cp-2_smt", - "parts": [ - { - "id": "cp-2_fr", - "name": "item", - "title": "CP-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "For JAB authorizations the contingency lists include designated FedRAMP personnel." - }, - { - "id": "cp-2_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "CSPs must use the FedRAMP Information System Contingency Plan (ISCP) Template (available on the fedramp.gov: https://www.fedramp.gov/assets/resources/templates/SSP-A06-FedRAMP-ISCP-Template.docx)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.e-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.e-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2.3", - "adds": [ - { - "position": "starting", - "by-id": "cp-2.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2.5", - "adds": [ - { - "position": "starting", - "by-id": "cp-2.5_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2.5_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2.8", - "adds": [ - { - "position": "starting", - "by-id": "cp-2.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-3", - "adds": [ - { - "position": "ending", - "by-id": "cp-3_smt", - "parts": [ - { - "id": "cp-3_fr", - "name": "item", - "title": "CP-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "Privileged admins and engineers must take the basic contingency training within 10 days. Consideration must be given for those privileged admins and engineers with critical contingency-related roles, to gain enough system context and situational awareness to understand the full impact of contingency training as it applies to their respective level. Newly hired critical contingency personnel must take this more in-depth training within 60 days of hire date when the training will have more impact." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-3.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-3.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-4", - "adds": [ - { - "position": "ending", - "by-id": "cp-4_smt", - "parts": [ - { - "id": "cp-4_fr", - "name": "item", - "title": "CP-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider develops test plans in accordance with NIST Special Publication 800-34 (as amended); plans are approved by the JAB/AO prior to initiating testing." - }, - { - "id": "cp-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider must include the Contingency Plan test results with the security package within the Contingency Plan-designated appendix (Appendix G, Contingency Plan Test Report)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cp-4.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-4.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-4.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-4.2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4.2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-6", - "adds": [ - { - "position": "starting", - "by-id": "cp-6_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-6.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-6.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-6.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-6.3", - "adds": [ - { - "position": "starting", - "by-id": "cp-6.3_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6.3_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-7", - "adds": [ - { - "position": "ending", - "by-id": "cp-7_smt", - "parts": [ - { - "id": "cp-7_fr", - "name": "item", - "title": "CP-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider defines a time period consistent with the recovery time objectives and business impact analysis." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-7.1", - "adds": [ - { - "position": "ending", - "by-id": "cp-7.1_smt", - "parts": [ - { - "id": "cp-7.1_fr", - "name": "item", - "title": "CP-7 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-7.1_fr_smt.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The service provider may determine what is considered a sufficient degree of separation between the primary and alternate processing sites, based on the types of threats that are of concern. For one particular type of threat (i.e., hostile cyber attack), the degree of separation between sites will be less relevant." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-7.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-7.2_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.2_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-7.3", - "adds": [ - { - "position": "starting", - "by-id": "cp-7.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-7.4", - "adds": [ - { - "position": "starting", - "by-id": "cp-7.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-8", - "adds": [ - { - "position": "ending", - "by-id": "cp-8_smt", - "parts": [ - { - "id": "cp-8_fr", - "name": "item", - "title": "CP-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-8_fr_gdn.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider defines a time period consistent with the recovery time objectives and business impact analysis." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-8.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-8.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-8.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-8.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-8.3", - "adds": [ - { - "position": "starting", - "by-id": "cp-8.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-8.4", - "adds": [ - { - "position": "starting", - "by-id": "cp-8.4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-9", - "adds": [ - { - "position": "ending", - "by-id": "cp-9_smt", - "parts": [ - { - "id": "cp-9_fr", - "name": "item", - "title": "CP-9 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-9_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider shall determine what elements of the cloud environment require the Information System Backup control. The service provider shall determine how Information System Backup is going to be verified and appropriate periodicity of the check." - }, - { - "id": "cp-9_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider maintains at least three backup copies of user-level information (at least one of which is available online) or provides an equivalent alternative." - }, - { - "id": "cp-9_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider maintains at least three backup copies of system-level information (at least one of which is available online) or provides an equivalent alternative." - }, - { - "id": "cp-9_fr_smt.4", - "name": "item", - "props": [ - { - "name": "label", - "value": "(c) Requirement:" - } - ], - "prose": "The service provider maintains at least three backup copies of information system documentation including security information (at least one of which is available online) or provides an equivalent alternative." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-9.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-9.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-9.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-9.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-9.3", - "adds": [ - { - "position": "starting", - "by-id": "cp-9.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-9.5", - "adds": [ - { - "position": "starting", - "by-id": "cp-9.5_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.5_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-9.8", - "adds": [ - { - "position": "ending", - "by-id": "cp-9.8_smt", - "parts": [ - { - "id": "cp-9.8_fr", - "name": "item", - "title": "CP-9 (8) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-9.8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-1", - "adds": [ - { - "position": "starting", - "by-id": "ia-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ia-12.2", - "adds": [ - { - "position": "starting", - "by-id": "ia-12.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-12.3", - "adds": [ - { - "position": "starting", - "by-id": "ia-12.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-12.4", - "adds": [ - { - "position": "starting", - "by-id": "ia-12.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-2", - "adds": [ - { - "position": "ending", - "by-id": "ia-2_smt", - "parts": [ - { - "id": "ia-2_fr", - "name": "item", - "title": "IA-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "For all control enhancements that specify multifactor authentication, the implementation must adhere to the Digital Identity Guidelines specified in NIST Special Publication 800-63B." - }, - { - "id": "ia-2_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Multi-factor authentication must be phishing-resistant." - }, - { - "id": "ia-2_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "All uses of encrypted virtual private networks must meet all applicable Federal requirements and architecture, dataflow, and security and privacy controls must be documented, assessed, and authorized to operate." - }, - { - "id": "ia-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "\\\"Phishing-resistant\\\" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.1", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.1_smt", - "parts": [ - { - "id": "ia-2.1_fr", - "name": "item", - "title": "IA-2 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." - }, - { - "id": "ia-2.1_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Multi-factor authentication must be phishing-resistant." - }, - { - "id": "ia-2.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.2", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.2_smt", - "parts": [ - { - "id": "ia-2.2_fr", - "name": "item", - "title": "IA-2 (2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." - }, - { - "id": "ia-2.2_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Multi-factor authentication must be phishing-resistant." - }, - { - "id": "ia-2.2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.5", - "adds": [ - { - "position": "starting", - "by-id": "ia-2.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.6", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.6_smt", - "parts": [ - { - "id": "ia-2.6_fr", - "name": "item", - "title": "IA-2 (6) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.6_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "PIV=separate device. Please refer to NIST SP 800-157 Guidelines for Derived Personal Identity Verification (PIV) Credentials." - }, - { - "id": "ia-2.6_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See SC-13 Guidance for more information on FIPS-validated or NSA-approved cryptography." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.12", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.12_smt", - "parts": [ - { - "id": "ia-2.12_fr", - "name": "item", - "title": "IA-2 (12) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.12_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Include Common Access Card (CAC), i.e., the DoD technical implementation of PIV/FIPS 201/HSPD-12." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.8", - "adds": [ - { - "position": "starting", - "by-id": "ia-2.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-3", - "adds": [ - { - "position": "starting", - "by-id": "ia-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-4", - "adds": [ - { - "position": "starting", - "by-id": "ia-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-4.4", - "adds": [ - { - "position": "starting", - "by-id": "ia-4.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5", - "adds": [ - { - "position": "ending", - "by-id": "ia-5_smt", - "parts": [ - { - "id": "ia-5_fr", - "name": "item", - "title": "IA-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Authenticators must be compliant with NIST SP 800-63-3 Digital Identity Guidelines IAL, AAL, FAL level 3. Link https://pages.nist.gov/800-63-3" - }, - { - "id": "ia-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "SP 800-63C Section 6.2.3 Encrypted Assertion requires that authentication assertions be encrypted when passed through third parties, such as a browser. For example, a SAML assertion can be encrypted using XML-Encryption, or an OpenID Connect ID Token can be encrypted using JSON Web Encryption (JWE)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.h-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.h-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-5.1", - "adds": [ - { - "position": "ending", - "by-id": "ia-5.1_smt", - "parts": [ - { - "id": "ia-5.1_fr", - "name": "item", - "title": "IA-5 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Password policies must be compliant with NIST SP 800-63B for all memorized, lookup, out-of-band, or One-Time-Passwords (OTP). Password policies shall not enforce special character or minimum password rotation requirements for memorized secrets of users." - }, - { - "id": "ia-5.1_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(h) Requirement:" - } - ], - "prose": "For cases where technology doesn't allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." - }, - { - "id": "ia-5.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Note that (c) and (d) require the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5.2", - "adds": [ - { - "position": "starting", - "by-id": "ia-5.2_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5.6", - "adds": [ - { - "position": "starting", - "by-id": "ia-5.6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5.7", - "adds": [ - { - "position": "ending", - "by-id": "ia-5.7_smt", - "parts": [ - { - "id": "ia-5.7_fr", - "name": "item", - "title": "IA-5 (7) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5.7_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "In this context, prohibited static storage refers to any storage where unencrypted authenticators, such as passwords, persist beyond the time required to complete the access process." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5.8", - "adds": [ - { - "position": "ending", - "by-id": "ia-5.8_smt", - "parts": [ - { - "id": "ia-5.8_fr", - "name": "item", - "title": "IA-5 (8) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5.8_fr_gdn.x", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "If a single user authentication domain is used to access multiple systems, such as in single-sign-on, then only a single authenticator is required." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5.13", - "adds": [ - { - "position": "ending", - "by-id": "ia-5.13_smt", - "parts": [ - { - "id": "ia-5.13_fr", - "name": "item", - "title": "IA-5 (13) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5.13_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "For components subject to configuration baseline(s) (such as STIG or CIS,) the time period should conform to the baseline standard." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.13_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.13_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-11", - "adds": [ - { - "position": "ending", - "by-id": "ia-11_smt", - "parts": [ - { - "id": "ia-11_fr", - "name": "item", - "title": "IA-11 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-11_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The fixed time period cannot exceed the limits set in SP 800-63. At this writing they are:\n\n* AAL3 (high baseline) * 12 hours or * 15 minutes of inactivity \n" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-12", - "adds": [ - { - "position": "ending", - "by-id": "ia-12_smt", - "parts": [ - { - "id": "ia-12_fr", - "name": "item", - "title": "IA-12 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-12_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "In accordance with NIST SP 800-63A Enrollment and Identity Proofing" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-12.5", - "adds": [ - { - "position": "ending", - "by-id": "ia-12.5_smt", - "parts": [ - { - "id": "ia-12.5_fr", - "name": "item", - "title": "IA-12 (5) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-12.5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "In accordance with NIST SP 800-63A Enrollment and Identity Proofing" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-12.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-6", - "adds": [ - { - "position": "starting", - "by-id": "ia-6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-7", - "adds": [ - { - "position": "starting", - "by-id": "ia-7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8", - "adds": [ - { - "position": "starting", - "by-id": "ia-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8.1", - "adds": [ - { - "position": "starting", - "by-id": "ia-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8.2", - "adds": [ - { - "position": "starting", - "by-id": "ia-8.2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8.4", - "adds": [ - { - "position": "starting", - "by-id": "ia-8.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-1", - "adds": [ - { - "position": "starting", - "by-id": "ir-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ir-2", - "adds": [ - { - "position": "starting", - "by-id": "ir-2_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-2.1", - "adds": [ - { - "position": "starting", - "by-id": "ir-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-2.2", - "adds": [ - { - "position": "starting", - "by-id": "ir-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-3", - "adds": [ - { - "position": "ending", - "by-id": "ir-3_smt", - "parts": [ - { - "id": "ir-3_fr", - "name": "item", - "title": "IR-3-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider defines tests and/or exercises in accordance with NIST Special Publication 800-61 (as amended). Functional testing must occur prior to testing for initial authorization. Annual functional testing may be concurrent with required penetration tests (see CA-8). The service provider provides test plans to the JAB/AO annually. Test plans are approved and accepted by the JAB/AO prior to test commencing." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-3.2", - "adds": [ - { - "position": "starting", - "by-id": "ir-3.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-3.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-4", - "adds": [ - { - "position": "ending", - "by-id": "ir-4_smt", - "parts": [ - { - "id": "ir-4_fr", - "name": "item", - "title": "IR-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The FISMA definition of \\\"incident\\\" shall be used: \\\"An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.\\\"" - }, - { - "id": "ir-4_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider ensures that individuals conducting incident handling meet personnel security requirements commensurate with the criticality/sensitivity of the information being processed, stored, and transmitted by the information system." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-4.1", - "adds": [ - { - "position": "starting", - "by-id": "ir-4.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-4.11", - "adds": [ - { - "position": "starting", - "by-id": "ir-4.11_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.11_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-4.2", - "adds": [ - { - "position": "starting", - "by-id": "ir-4.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-4.4", - "adds": [ - { - "position": "starting", - "by-id": "ir-4.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-4.6", - "adds": [ - { - "position": "starting", - "by-id": "ir-4.6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-5", - "adds": [ - { - "position": "starting", - "by-id": "ir-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-5.1", - "adds": [ - { - "position": "starting", - "by-id": "ir-5.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-5.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-6", - "adds": [ - { - "position": "ending", - "by-id": "ir-6_smt", - "parts": [ - { - "id": "ir-6_fr", - "name": "item", - "title": "IR-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Reports security incident information according to FedRAMP Incident Communications Procedure." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-6.1", - "adds": [ - { - "position": "starting", - "by-id": "ir-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-6.3", - "adds": [ - { - "position": "starting", - "by-id": "ir-6.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-7", - "adds": [ - { - "position": "starting", - "by-id": "ir-7_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-7_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-7.1", - "adds": [ - { - "position": "starting", - "by-id": "ir-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-7.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-8", - "adds": [ - { - "position": "ending", - "by-id": "ir-8_smt", - "parts": [ - { - "id": "ir-8_fr", - "name": "item", - "title": "IR-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." - }, - { - "id": "ir-8_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(d) Requirement:" - } - ], - "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.10", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-9", - "adds": [ - { - "position": "starting", - "by-id": "ir-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-9.2", - "adds": [ - { - "position": "starting", - "by-id": "ir-9.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-9.3", - "adds": [ - { - "position": "starting", - "by-id": "ir-9.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-9.4", - "adds": [ - { - "position": "starting", - "by-id": "ir-9.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-1", - "adds": [ - { - "position": "starting", - "by-id": "ma-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ma-2", - "adds": [ - { - "position": "starting", - "by-id": "ma-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-2.2", - "adds": [ - { - "position": "starting", - "by-id": "ma-2.2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2.2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-3", - "adds": [ - { - "position": "starting", - "by-id": "ma-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-3.1", - "adds": [ - { - "position": "starting", - "by-id": "ma-3.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-3.2", - "adds": [ - { - "position": "starting", - "by-id": "ma-3.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ma-3.3", - "adds": [ - { - "position": "starting", - "by-id": "ma-3.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-4", - "adds": [ - { - "position": "starting", - "by-id": "ma-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-4.3", - "adds": [ - { - "position": "starting", - "by-id": "ma-4.3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4.3_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4.3_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4.3_obj.b-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-5", - "adds": [ - { - "position": "starting", - "by-id": "ma-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-5.1", - "adds": [ - { - "position": "starting", - "by-id": "ma-5.1_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5.1_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-5.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-6", - "adds": [ - { - "position": "starting", - "by-id": "ma-6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-1", - "adds": [ - { - "position": "starting", - "by-id": "mp-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "mp-2", - "adds": [ - { - "position": "starting", - "by-id": "mp-2_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-2_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-3", - "adds": [ - { - "position": "ending", - "by-id": "mp-3_smt", - "parts": [ - { - "id": "mp-3_fr", - "name": "item", - "title": "MP-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "mp-3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(b) Guidance:" - } - ], - "prose": "Second parameter not-applicable" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "mp-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-4", - "adds": [ - { - "position": "ending", - "by-id": "mp-4_smt", - "parts": [ - { - "id": "mp-4_fr", - "name": "item", - "title": "MP-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "mp-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider defines controlled areas within facilities where the information and information system reside." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-5", - "adds": [ - { - "position": "ending", - "by-id": "mp-5_smt", - "parts": [ - { - "id": "mp-5_fr", - "name": "item", - "title": "MP-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "mp-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider defines security measures to protect digital and non-digital media in transport. The security measures are approved and accepted by the JAB/AO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-6", - "adds": [ - { - "position": "starting", - "by-id": "mp-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-6.1", - "adds": [ - { - "position": "ending", - "by-id": "mp-6.1_smt", - "parts": [ - { - "id": "mp-6.1_fr", - "name": "item", - "title": "MP-6 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "mp-6.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Must comply with NIST SP 800-88" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "mp-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-6.2", - "adds": [ - { - "position": "ending", - "by-id": "mp-6.2_smt", - "parts": [ - { - "id": "mp-6.2_fr", - "name": "item", - "title": "MP-6 (2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "mp-6.2_fr_smt.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Equipment and procedures may be tested or validated for effectiveness" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "mp-6.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-6.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-6.3", - "adds": [ - { - "position": "ending", - "by-id": "mp-6.3_smt", - "parts": [ - { - "id": "mp-6.3_fr", - "name": "item", - "title": "MP-6 (3) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "mp-6.3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Must comply with NIST SP 800-88" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "mp-6.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-6.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-7", - "adds": [ - { - "position": "starting", - "by-id": "mp-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-1", - "adds": [ - { - "position": "starting", - "by-id": "pe-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "pe-10", - "adds": [ - { - "position": "starting", - "by-id": "pe-10_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-11", - "adds": [ - { - "position": "starting", - "by-id": "pe-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-11.1", - "adds": [ - { - "position": "starting", - "by-id": "pe-11.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-11.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-11.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-12", - "adds": [ - { - "position": "starting", - "by-id": "pe-12_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-13", - "adds": [ - { - "position": "starting", - "by-id": "pe-13_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-13.1", - "adds": [ - { - "position": "starting", - "by-id": "pe-13.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.1_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-13.2", - "adds": [ - { - "position": "starting", - "by-id": "pe-13.2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-14", - "adds": [ - { - "position": "ending", - "by-id": "pe-14_smt", - "parts": [ - { - "id": "pe-14_fr", - "name": "item", - "title": "PE-14 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pe-14_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider measures temperature at server inlets and humidity levels by dew point." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-14.2", - "adds": [ - { - "position": "starting", - "by-id": "pe-14.2_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-14.2_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-14.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-15", - "adds": [ - { - "position": "starting", - "by-id": "pe-15_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-15.1", - "adds": [ - { - "position": "starting", - "by-id": "pe-15.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-16", - "adds": [ - { - "position": "starting", - "by-id": "pe-16_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-17", - "adds": [ - { - "position": "starting", - "by-id": "pe-17_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-18", - "adds": [ - { - "position": "starting", - "by-id": "pe-18_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-18_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-2", - "adds": [ - { - "position": "starting", - "by-id": "pe-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-3", - "adds": [ - { - "position": "starting", - "by-id": "pe-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.g-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.g-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "pe-3.1", - "adds": [ - { - "position": "starting", - "by-id": "pe-3.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3.1_obj.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-4", - "adds": [ - { - "position": "starting", - "by-id": "pe-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-5", - "adds": [ - { - "position": "starting", - "by-id": "pe-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-6", - "adds": [ - { - "position": "starting", - "by-id": "pe-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-6.1", - "adds": [ - { - "position": "starting", - "by-id": "pe-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-6.4", - "adds": [ - { - "position": "starting", - "by-id": "pe-6.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-8", - "adds": [ - { - "position": "starting", - "by-id": "pe-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-8.1", - "adds": [ - { - "position": "starting", - "by-id": "pe-8.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-9", - "adds": [ - { - "position": "starting", - "by-id": "pe-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-1", - "adds": [ - { - "position": "starting", - "by-id": "pl-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "pl-11", - "adds": [ - { - "position": "starting", - "by-id": "pl-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-2", - "adds": [ - { - "position": "starting", - "by-id": "pl-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.4-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.4-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.10-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.10-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.11", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.12-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.12-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.13-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.13-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.14-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.14-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.15-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.15-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-4", - "adds": [ - { - "position": "starting", - "by-id": "pl-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-4.1", - "adds": [ - { - "position": "starting", - "by-id": "pl-4.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-8", - "adds": [ - { - "position": "ending", - "by-id": "pl-8_smt", - "parts": [ - { - "id": "pl-8_fr", - "name": "item", - "title": "PL-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pl-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(b) Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-10", - "adds": [ - { - "position": "ending", - "by-id": "pl-10_smt", - "parts": [ - { - "id": "pl-10_fr", - "name": "item", - "title": "PL-10 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pl-10_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Select the appropriate FedRAMP Baseline" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "pl-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-1", - "adds": [ - { - "position": "starting", - "by-id": "ps-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ps-2", - "adds": [ - { - "position": "starting", - "by-id": "ps-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-3", - "adds": [ - { - "position": "starting", - "by-id": "ps-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-3.3", - "adds": [ - { - "position": "starting", - "by-id": "ps-3.3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3.3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-3.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-4", - "adds": [ - { - "position": "starting", - "by-id": "ps-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-4.2", - "adds": [ - { - "position": "starting", - "by-id": "ps-4.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-5", - "adds": [ - { - "position": "starting", - "by-id": "ps-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-6", - "adds": [ - { - "position": "starting", - "by-id": "ps-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-7", - "adds": [ - { - "position": "starting", - "by-id": "ps-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-8", - "adds": [ - { - "position": "starting", - "by-id": "ps-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-9", - "adds": [ - { - "position": "starting", - "by-id": "ps-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-1", - "adds": [ - { - "position": "starting", - "by-id": "ra-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ra-2", - "adds": [ - { - "position": "starting", - "by-id": "ra-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-3", - "adds": [ - { - "position": "ending", - "by-id": "ra-3_smt", - "parts": [ - { - "id": "ra-3_fr", - "name": "item", - "title": "RA-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ra-3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." - }, - { - "id": "ra-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(e) Requirement:" - } - ], - "prose": "Include all Authorizing Officials; for JAB authorizations to include FedRAMP." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-3.1", - "adds": [ - { - "position": "starting", - "by-id": "ra-3.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-5", - "adds": [ - { - "position": "ending", - "by-id": "ra-5_smt", - "parts": [ - { - "id": "ra-5_fr", - "name": "item", - "title": "RA-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ra-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See the FedRAMP Documents page> Vulnerability Scanning Requirements https://www.FedRAMP.gov/documents/" - }, - { - "id": "ra-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "an accredited independent assessor scans operating systems/infrastructure, web applications, and databases once annually." - }, - { - "id": "ra-5_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(d) Requirement:" - } - ], - "prose": "If a vulnerability is listed among the CISA Known Exploited Vulnerability (KEV) Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) the KEV remediation date supersedes the FedRAMP parameter requirement." - }, - { - "id": "ra-5_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "(e) Requirement:" - } - ], - "prose": "to include all Authorizing Officials; for JAB authorizations to include FedRAMP" - }, - { - "id": "ra-5_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a \\\"warning\\\" as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on \\\"Tracking of Compliance Scans\\\" in FAQs." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ra-5.11", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-5.2", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ra-5.3", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ra-5.4", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.4_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.4_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-5.5", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-5.8", - "adds": [ - { - "position": "ending", - "by-id": "ra-5.8_smt", - "parts": [ - { - "id": "ra-5.8_fr", - "name": "item", - "title": "RA-5(8) Additional FedRAMP Requirement", - "parts": [ - { - "id": "ra-5.8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "This enhancement is required for all high (or critical) vulnerability scan findings." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-7", - "adds": [ - { - "position": "starting", - "by-id": "ra-7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-9", - "adds": [ - { - "position": "starting", - "by-id": "ra-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-1", - "adds": [ - { - "position": "starting", - "by-id": "sa-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "sa-11", - "adds": [ - { - "position": "starting", - "by-id": "sa-11_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-11.2", - "adds": [ - { - "position": "starting", - "by-id": "sa-11.2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.b-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.b-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.d-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.d-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-15", - "adds": [ - { - "position": "starting", - "by-id": "sa-15_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-15.3", - "adds": [ - { - "position": "starting", - "by-id": "sa-15.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-15.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-16", - "adds": [ - { - "position": "starting", - "by-id": "sa-16_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-16_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-17", - "adds": [ - { - "position": "starting", - "by-id": "sa-17_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-17_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-17_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-17_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-17_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-17_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-17_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-17_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-17_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-2", - "adds": [ - { - "position": "starting", - "by-id": "sa-2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-21", - "adds": [ - { - "position": "starting", - "by-id": "sa-21_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-21_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-21_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-21_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-22", - "adds": [ - { - "position": "starting", - "by-id": "sa-22_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-22_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-22_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-22_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-3", - "adds": [ - { - "position": "starting", - "by-id": "sa-3_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4", - "adds": [ - { - "position": "ending", - "by-id": "sa-4_smt", - "parts": [ - { - "id": "sa-4_fr", - "name": "item", - "title": "SA-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "sa-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider must comply with Federal Acquisition Regulation (FAR) Subpart 7.103, and Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year 2019 (Pub. L. 115-232), and FAR Subpart 4.21, which implements Section 889 (as well as any added updates related to FISMA to address security concerns in the system acquisitions process)." - }, - { - "id": "sa-4_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The use of Common Criteria (ISO/IEC 15408) evaluated products is strongly preferred.\n\nSee https://www.niap-ccevs.org/Product/index.cfm or https://www.commoncriteriaportal.org/products/." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-10", - "adds": [ - { - "position": "ending", - "by-id": "sa-10_smt", - "parts": [ - { - "id": "sa-10_fr", - "name": "item", - "title": "SA-10 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "sa-10_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(e) Requirement:" - } - ], - "prose": "track security flaws and flaw resolution within the system, component, or service and report findings to organization-defined personnel, to include FedRAMP." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-11.1", - "adds": [ - { - "position": "ending", - "by-id": "sa-11.1_smt", - "parts": [ - { - "id": "sa-11.1_fr", - "name": "item", - "title": "SA-11(1) Additional FedRAMP Requirements", - "parts": [ - { - "id": "sa-11.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider must document its methodology for reviewing newly developed code for the Service in its Continuous Monitoring Plan.\n\nIf Static code analysis cannot be performed (for example, when the source code is not available), then dynamic code analysis must be performed (see SA-11 (8))" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sa-4.1", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4.10", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4.2", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4.5", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4.9", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-5", - "adds": [ - { - "position": "starting", - "by-id": "sa-5_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.2-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.2-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.3-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.3-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-8", - "adds": [ - { - "position": "starting", - "by-id": "sa-8_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-10", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-9", - "adds": [ - { - "position": "starting", - "by-id": "sa-9_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sa-9.1", - "adds": [ - { - "position": "starting", - "by-id": "sa-9.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-9.2", - "adds": [ - { - "position": "starting", - "by-id": "sa-9.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-9.5", - "adds": [ - { - "position": "starting", - "by-id": "sa-9.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-1", - "adds": [ - { - "position": "starting", - "by-id": "sc-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "sc-10", - "adds": [ - { - "position": "starting", - "by-id": "sc-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-12.1", - "adds": [ - { - "position": "starting", - "by-id": "sc-12.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-12.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-17", - "adds": [ - { - "position": "starting", - "by-id": "sc-17_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-17_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-17_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-17_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-18", - "adds": [ - { - "position": "starting", - "by-id": "sc-18_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-18_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-18_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-18_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-2", - "adds": [ - { - "position": "starting", - "by-id": "sc-2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-22", - "adds": [ - { - "position": "starting", - "by-id": "sc-22_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-22_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-23", - "adds": [ - { - "position": "starting", - "by-id": "sc-23_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-23_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-24", - "adds": [ - { - "position": "starting", - "by-id": "sc-24_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-24_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-3", - "adds": [ - { - "position": "starting", - "by-id": "sc-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-39", - "adds": [ - { - "position": "starting", - "by-id": "sc-39_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-39_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-4", - "adds": [ - { - "position": "starting", - "by-id": "sc-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-45", - "adds": [ - { - "position": "starting", - "by-id": "sc-45_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-45_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-5", - "adds": [ - { - "position": "starting", - "by-id": "sc-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-7", - "adds": [ - { - "position": "ending", - "by-id": "sc-7_smt", - "parts": [ - { - "id": "sc-7_fr", + "id": "ca-2.2_fr", "name": "item", - "title": "SC-7 Additional FedRAMP Requirements and Guidance", + "title": "CA-2 (2) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-7_fr_gdn.1", - "name": "guidance", + "id": "ca-2.2_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "(b) Guidance:" + "value": "Requirement:" } ], - "prose": "SC-7 (b) should be met by subnet isolation. A subnetwork (subnet) is a physically or logically segmented section of a larger network defined at TCP/IP Layer 3, to both minimize traffic and, important for a FedRAMP Authorization, add a crucial layer of network isolation. Subnets are distinct from VLANs (Layer 2), security groups, and VPCs and are specifically required to satisfy SC-7 part b and other controls. See the FedRAMP Subnets White Paper (https://www.fedramp.gov/assets/resources/documents/FedRAMP_subnets_white_paper.pdf) for additional information." + "prose": "To include 'announced', 'vulnerability scanning'" } ] } ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-7.10", - "adds": [ - { - "position": "starting", - "by-id": "sc-7.10_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.10_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.10_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.10_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-7.12", - "adds": [ - { - "position": "starting", - "by-id": "sc-7.12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-7.18", + "control-id": "ca-5", "adds": [ { - "position": "starting", - "by-id": "sc-7.18_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.18_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.18", - "props": [ + "position": "ending", + "by-id": "ca-5_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ca-5_fr", + "name": "item", + "title": "CA-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-5_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "POA&Ms must be provided at least monthly." + }, + { + "id": "ca-5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Reference FedRAMP-POAM-Template" + } + ] } ] } ] }, { - "control-id": "sc-7.20", + "control-id": "ca-6", "adds": [ { - "position": "starting", - "by-id": "sc-7.20_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.20_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.20", - "props": [ + "position": "ending", + "by-id": "ca-6_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ca-6_fr", + "name": "item", + "title": "CA-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-6_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(e) Guidance:" + } + ], + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F and according to FedRAMP Significant Change Policies and Procedures. The service provider describes the types of changes to the information system or the environment of operations that would impact the risk posture. The types of changes are approved and accepted by the JAB/AO." + } + ] } ] } ] }, { - "control-id": "sc-7.21", + "control-id": "ca-7", "adds": [ { - "position": "starting", - "by-id": "sc-7.21_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.21_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.21", - "props": [ + "position": "ending", + "by-id": "ca-7_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ca-7_fr", + "name": "item", + "title": "CA-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-7_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Operating System, Database, Web Application, Container, and Service Configuration Scans: at least monthly. All scans performed by Independent Assessor: at least annually." + }, + { + "id": "ca-7_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "CSOs with more than one agency ATO must implement a collaborative Continuous Monitoring (ConMon) approach described in the FedRAMP Guide for Multi-Agency Continuous Monitoring. This requirement applies to CSOs authorized via the Agency path as each agency customer is responsible for performing ConMon oversight. It does not apply to CSOs authorized via the JAB path because the JAB performs ConMon oversight." + }, + { + "id": "ca-7_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "FedRAMP does not provide a template for the Continuous Monitoring Plan. CSPs should reference the FedRAMP Continuous Monitoring Strategy Guide when developing the Continuous Monitoring Plan." + } + ] } ] } ] }, { - "control-id": "sc-7.3", + "control-id": "ca-8", "adds": [ { - "position": "starting", - "by-id": "sc-7.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.3", - "props": [ + "position": "ending", + "by-id": "ca-8_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ca-8_fr", + "name": "item", + "title": "CA-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Reference the FedRAMP Penetration Test Guidance." + } + ] } ] } ] }, { - "control-id": "sc-7.4", + "control-id": "ca-8.2", "adds": [ { - "position": "starting", - "by-id": "sc-7.4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.h", - "props": [ + "position": "ending", + "by-id": "ca-8.2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ca-8.2_fr", + "name": "item", + "title": "CM-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-8.2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See the FedRAMP Documents page> Penetration Test Guidance\n\nhttps://www.FedRAMP.gov/documents/" + } + ] } ] - }, + } + ] + }, + { + "control-id": "cm-2", + "adds": [ { - "position": "starting", - "by-id": "sc-7.4", - "props": [ + "position": "ending", + "by-id": "cm-2_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "cm-2_fr", + "name": "item", + "title": "CM-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cm-2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b)(1) Guidance:" + } + ], + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." + } + ] } ] } ] }, { - "control-id": "sc-7.5", + "control-id": "cm-3", "adds": [ { "position": "ending", - "by-id": "sc-7.5_smt", + "by-id": "cm-3_smt", "parts": [ { - "id": "sc-7.5_fr", + "id": "cm-3_fr", "name": "item", - "title": "SC-7 (5) Additional FedRAMP Requirements and Guidance", + "title": "CM-3 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-7.5_fr_gdn.1", + "id": "cm-3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider establishes a central means of communicating major changes to or developments in the information system or environment of operations that may affect its services to the federal government and associated service consumers (e.g., electronic bulletin board, web status page). The means of communication are approved and accepted by the JAB/AO." + }, + { + "id": "cm-3_fr_gdn.1", "name": "guidance", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(e) Guidance:" } ], - "prose": "For JAB Authorization, CSPs shall include details of this control in their Architecture Briefing" + "prose": "In accordance with record retention policies and procedures." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-7.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-7.7", + "control-id": "cm-6", "adds": [ { - "position": "starting", - "by-id": "sc-7.7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.7", - "props": [ + "position": "ending", + "by-id": "cm-6_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "cm-6_fr", + "name": "item", + "title": "CM-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cm-6_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement 1:" + } + ], + "prose": "The service provider shall use the DoD STIGs to establish configuration settings; Center for Internet Security up to Level 2 (CIS Level 2) guidelines shall be used if STIGs are not available; Custom baselines shall be used if CIS is not available." + }, + { + "id": "cm-6_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement 2:" + } + ], + "prose": "The service provider shall ensure that checklists for configuration settings are Security Content Automation Protocol (SCAP) validated or SCAP compatible (if validated checklists are not available)." + }, + { + "id": "cm-6_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP’s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." + } + ] } ] } ] }, { - "control-id": "sc-7.8", + "control-id": "cm-7", "adds": [ { - "position": "starting", - "by-id": "sc-7.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.8", - "props": [ + "position": "ending", + "by-id": "cm-7_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "cm-7_fr", + "name": "item", + "title": "CM-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cm-7_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(b) Requirement:" + } + ], + "prose": "The service provider shall use Security guidelines (See CM-6) to establish list of prohibited or restricted functions, ports, protocols, and/or services or establishes its own list of prohibited or restricted functions, ports, protocols, and/or services if STIGs or CIS is not available." + } + ] } ] } ] }, { - "control-id": "sc-8", + "control-id": "cm-7.2", "adds": [ { "position": "ending", - "by-id": "sc-8_smt", + "by-id": "cm-7.2_smt", "parts": [ { - "id": "sc-8_fr", + "id": "cm-7.2_fr", "name": "item", - "title": "SC-8 Additional FedRAMP Requirements and Guidance", + "title": "CM-7 (2) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-8_fr_gdn.1", + "id": "cm-7.2_fr_gdn.1", "name": "guidance", "props": [ { @@ -37602,90 +3727,159 @@ "value": "Guidance:" } ], - "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n\n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work - e.g. log collection, scanning, etc.\n\n\n\n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters\n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information]" - }, + "prose": "This control refers to software deployment by CSP personnel into the production environment. The control requires a policy that states conditions for deploying software. This control shall be implemented in a technical manner on the information system to only allow programs to run that adhere to the policy (i.e. allow-listing). This control is not to be based off of strictly written policy on what is allowed or not allowed to run." + } + ] + } + ] + } + ] + }, + { + "control-id": "cm-8", + "adds": [ + { + "position": "ending", + "by-id": "cm-8_smt", + "parts": [ + { + "id": "cm-8_fr", + "name": "item", + "title": "CM-8 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-8_fr_gdn.2", - "name": "guidance", + "id": "cm-8_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n\n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n\n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS's Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS' recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n\n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n\n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n\n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf" + "prose": "must be provided at least monthly or when there is a change." } ] } ] - }, + } + ] + }, + { + "control-id": "cm-9", + "adds": [ { - "position": "starting", - "by-id": "sc-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "cm-9_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, + "id": "cm-9_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "FedRAMP does not provide a template for the Configuration Management Plan. However, NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems, provides guidelines for the implementation of CM controls as well as a sample CMP outline in Appendix D of the Guide" + } + ] + } + ] + }, + { + "control-id": "cm-12", + "adds": [ + { + "position": "ending", + "by-id": "cm-12_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" + "id": "cm-12_fr", + "name": "item", + "title": "CM-12 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cm-12_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "According to FedRAMP Authorization Boundary Guidance" + } + ] } ] - }, + } + ] + }, + { + "control-id": "cm-12.1", + "adds": [ { - "position": "starting", - "by-id": "sc-8_smt", - "props": [ + "position": "ending", + "by-id": "cm-12.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "cm-12.1_fr", + "name": "item", + "title": "CM-12 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cm-12.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "According to FedRAMP Authorization Boundary Guidance." + } + ] } ] - }, + } + ] + }, + { + "control-id": "cm-14", + "adds": [ { - "position": "starting", - "by-id": "sc-8", - "props": [ + "position": "ending", + "by-id": "cm-14_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "cm-14_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "If digital signatures/certificates are unavailable, alternative cryptographic integrity checks (hashes, self-signed certs, etc.) can be utilized." } ] } ] }, { - "control-id": "sc-8.1", + "control-id": "cp-2", "adds": [ { "position": "ending", - "by-id": "sc-8.1_smt", + "by-id": "cp-2_smt", "parts": [ { - "id": "sc-8.1_fr", + "id": "cp-2_fr", "name": "item", - "title": "SC-8 (1) Additional FedRAMP Requirements and Guidance", + "title": "CP-2 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-8.1_fr_smt.1", + "id": "cp-2_fr_smt.1", "name": "item", "props": [ { @@ -37693,361 +3887,166 @@ "value": "Requirement:" } ], - "prose": "Please ensure SSP Section 10.3 Cryptographic Modules Implemented for Data At Rest (DAR) and Data In Transit (DIT) is fully populated for reference in this control." - }, - { - "id": "sc-8.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See M-22-09, including \\\"Agencies encrypt all DNS requests and HTTP traffic within their environment\\\"\n\nSC-8 (1) applies when encryption has been selected as the method to protect confidentiality and integrity. Otherwise refer to SC-8 (5). SC-8 (1) is strongly encouraged." - }, - { - "id": "sc-8.1_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" + "prose": "For JAB authorizations the contingency lists include designated FedRAMP personnel." }, { - "id": "sc-8.1_fr_gdn.3", - "name": "guidance", + "id": "cp-2_fr_smt.2", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "When leveraging encryption from the underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + "prose": "CSPs must use the FedRAMP Information System Contingency Plan (ISCP) Template (available on the fedramp.gov: https://www.fedramp.gov/assets/resources/templates/SSP-A06-FedRAMP-ISCP-Template.docx)." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "sc-12", + "control-id": "cp-3", "adds": [ { "position": "ending", - "by-id": "sc-12_smt", + "by-id": "cp-3_smt", "parts": [ { - "id": "sc-12_fr", + "id": "cp-3_fr", "name": "item", - "title": "SC-12 Additional FedRAMP Requirements and Guidance", + "title": "CP-3 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-12_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See references in NIST 800-53 documentation." - }, - { - "id": "sc-12_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Must meet applicable Federal Cryptographic Requirements. See References Section of control." - }, - { - "id": "sc-12_fr_gdn.3", - "name": "guidance", + "id": "cp-3_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "Wildcard certificates may be used internally within the system, but are not permitted for external customer access to the system." + "prose": "Privileged admins and engineers must take the basic contingency training within 10 days. Consideration must be given for those privileged admins and engineers with critical contingency-related roles, to gain enough system context and situational awareness to understand the full impact of contingency training as it applies to their respective level. Newly hired critical contingency personnel must take this more in-depth training within 60 days of hire date when the training will have more impact." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-13", + "control-id": "cp-4", "adds": [ { "position": "ending", - "by-id": "sc-13_smt", + "by-id": "cp-4_smt", "parts": [ { - "id": "sc-13_fr", + "id": "cp-4_fr", "name": "item", - "title": "SC-13 Additional FedRAMP Requirements and Guidance", + "title": "CP-4 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-13_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "This control applies to all use of cryptography. In addition to encryption, this includes functions such as hashing, random number generation, and key generation. Examples include the following:\n\n* Encryption of data\n* Decryption of data\n* Generation of one time passwords (OTPs) for MFA\n* Protocols such as TLS, SSH, and HTTPS\n\n\n\n\nThe requirement for FIPS 140 validation, as well as timelines for acceptance of FIPS 140-2, and 140-3 can be found at the NIST Cryptographic Module Validation Program (CMVP).\n\nhttps://csrc.nist.gov/projects/cryptographic-module-validation-program" - }, - { - "id": "sc-13_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "For NSA-approved cryptography, the National Information Assurance Partnership (NIAP) oversees a national program to evaluate Commercial IT Products for Use in National Security Systems. The NIAP Product Compliant List can be found at the following location:\n\nhttps://www.niap-ccevs.org/Product/index.cfm" - }, - { - "id": "sc-13_fr_gdn.3", - "name": "guidance", + "id": "cp-4_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + "prose": "The service provider develops test plans in accordance with NIST Special Publication 800-34 (as amended); plans are approved by the JAB/AO prior to initiating testing." }, { - "id": "sc-13_fr_gdn.4", - "name": "guidance", + "id": "cp-4_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(b) Requirement:" } ], - "prose": "Moving to non-FIPS CM or product is acceptable when:\n\n* FIPS validated version has a known vulnerability\n* Feature with vulnerability is in use\n* Non-FIPS version fixes the vulnerability\n* Non-FIPS version is submitted to NIST for FIPS validation\n* POA&M is added to track approval, and deployment when ready\n" - }, + "prose": "The service provider must include the Contingency Plan test results with the security package within the Contingency Plan-designated appendix (Appendix G, Contingency Plan Test Report)." + } + ] + } + ] + } + ] + }, + { + "control-id": "cp-7", + "adds": [ + { + "position": "ending", + "by-id": "cp-7_smt", + "parts": [ + { + "id": "cp-7_fr", + "name": "item", + "title": "CP-7 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-13_fr_gdn.5", - "name": "guidance", + "id": "cp-7_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "At a minimum, this control applies to cryptography in use for the following controls: AU-9(3), CP-9(8), IA-2(6), IA-5(1), MP-5, SC-8(1), and SC-28(1)." + "prose": "The service provider defines a time period consistent with the recovery time objectives and business impact analysis." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-13_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-13_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-13_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-13_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, + } + ] + }, + { + "control-id": "cp-7.1", + "adds": [ { - "position": "starting", - "by-id": "sc-13", - "props": [ + "position": "ending", + "by-id": "cp-7.1_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "cp-7.1_fr", + "name": "item", + "title": "CP-7 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cp-7.1_fr_smt.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The service provider may determine what is considered a sufficient degree of separation between the primary and alternate processing sites, based on the types of threats that are of concern. For one particular type of threat (i.e., hostile cyber attack), the degree of separation between sites will be less relevant." + } + ] } ] } ] }, { - "control-id": "sc-15", + "control-id": "cp-8", "adds": [ { "position": "ending", - "by-id": "sc-15_smt", + "by-id": "cp-8_smt", "parts": [ { - "id": "sc-15_fr", + "id": "cp-8_fr", "name": "item", - "title": "SC-15 Additional FedRAMP Requirements and Guidance", + "title": "CP-8 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-15_fr_smt.1", + "id": "cp-8_fr_gdn.1", "name": "item", "props": [ { @@ -38055,102 +4054,28 @@ "value": "Requirement:" } ], - "prose": "The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use." + "prose": "The service provider defines a time period consistent with the recovery time objectives and business impact analysis." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-15_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-15_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-15_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-15_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "sc-20", + "control-id": "cp-9", "adds": [ { "position": "ending", - "by-id": "sc-20_smt", + "by-id": "cp-9_smt", "parts": [ { - "id": "sc-20_fr", + "id": "cp-9_fr", "name": "item", - "title": "SC-20 Additional FedRAMP Requirements and Guidance", + "title": "CP-9 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-20_fr_smt.1", + "id": "cp-9_fr_smt.1", "name": "item", "props": [ { @@ -38158,214 +4083,61 @@ "value": "Requirement:" } ], - "prose": "Control Description should include how DNSSEC is implemented on authoritative DNS servers to supply valid responses to external DNSSEC requests." + "prose": "The service provider shall determine what elements of the cloud environment require the Information System Backup control. The service provider shall determine how Information System Backup is going to be verified and appropriate periodicity of the check." }, { - "id": "sc-20_fr_smt.2", + "id": "cp-9_fr_smt.2", "name": "item", "props": [ { "name": "label", - "value": "Requirement:" - } - ], - "prose": "Authoritative DNS servers must be geolocated in accordance with SA-9 (5)." - }, - { - "id": "sc-20_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "SC-20 applies to use of external authoritative DNS to access a CSO from outside the boundary." + "prose": "The service provider maintains at least three backup copies of user-level information (at least one of which is available online) or provides an equivalent alternative." }, { - "id": "sc-20_fr_gdn.2", - "name": "guidance", + "id": "cp-9_fr_smt.3", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(b) Requirement:" } ], - "prose": "External authoritative DNS servers may be located outside an authorized environment. Positioning these servers inside an authorized boundary is encouraged." + "prose": "The service provider maintains at least three backup copies of system-level information (at least one of which is available online) or provides an equivalent alternative." }, { - "id": "sc-20_fr_gdn.3", - "name": "guidance", + "id": "cp-9_fr_smt.4", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(c) Requirement:" } ], - "prose": "CSPs are recommended to self-check DNSSEC configuration through one of many available analyzers such as Sandia National Labs (https://dnsviz.net)" + "prose": "The service provider maintains at least three backup copies of information system documentation including security information (at least one of which is available online) or provides an equivalent alternative." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-20_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "sc-21", + "control-id": "cp-9.8", "adds": [ { "position": "ending", - "by-id": "sc-21_smt", + "by-id": "cp-9.8_smt", "parts": [ { - "id": "sc-21_fr", + "id": "cp-9.8_fr", "name": "item", - "title": "SC-21 Additional FedRAMP Requirements and Guidance", + "title": "CP-9 (8) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-21_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Control description should include how DNSSEC is implemented on recursive DNS servers to make DNSSEC requests when resolving DNS requests from internal components to domains external to the CSO boundary.\n\n* If the reply is signed, and fails DNSSEC, do not use the reply\n* If the reply is unsigned: * CSP chooses the policy to apply \n" - }, - { - "id": "sc-21_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Internal recursive DNS servers must be located inside an authorized environment. It is typically within the boundary, or leveraged from an underlying IaaS/PaaS." - }, - { - "id": "sc-21_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Accepting an unsigned reply is acceptable" - }, - { - "id": "sc-21_fr_gdn.2", + "id": "cp-9.8_fr_gdn.1", "name": "guidance", "props": [ { @@ -38373,181 +4145,61 @@ "value": "Guidance:" } ], - "prose": "SC-21 applies to use of internal recursive DNS to access a domain outside the boundary by a component inside the boundary.\n\n- DNSSEC resolution to access a component inside the boundary is excluded." + "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" } ] } ] - }, - { - "position": "starting", - "by-id": "sc-21_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-21_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-21", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-28", + "control-id": "ia-2", "adds": [ { "position": "ending", - "by-id": "sc-28_smt", + "by-id": "ia-2_smt", "parts": [ { - "id": "sc-28_fr", + "id": "ia-2_fr", "name": "item", - "title": "SC-28 Additional FedRAMP Requirements and Guidance", + "title": "IA-2 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-28_fr_gdn.1", - "name": "guidance", + "id": "ia-2_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "The organization supports the capability to use cryptographic mechanisms to protect information at rest." + "prose": "For all control enhancements that specify multifactor authentication, the implementation must adhere to the Digital Identity Guidelines specified in NIST Special Publication 800-63B." }, { - "id": "sc-28_fr_gdn.2", - "name": "guidance", + "id": "ia-2_fr_smt.2", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + "prose": "Multi-factor authentication must be phishing-resistant." }, { - "id": "sc-28_fr_gdn.3", - "name": "guidance", + "id": "ia-2_fr_smt.3", + "name": "item", "props": [ { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Note that this enhancement requires the use of cryptography in accordance with SC-13." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sc-28_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-28_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-28", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-28.1", - "adds": [ - { - "position": "ending", - "by-id": "sc-28.1_smt", - "parts": [ - { - "id": "sc-28.1_fr", - "name": "item", - "title": "SC-28 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ + "name": "label", + "value": "Requirement:" + } + ], + "prose": "All uses of encrypted virtual private networks must meet all applicable Federal requirements and architecture, dataflow, and security and privacy controls must be documented, assessed, and authorized to operate." + }, { - "id": "sc-28.1_fr_gdn.1", + "id": "ia-2_fr_gdn.1", "name": "guidance", "props": [ { @@ -38555,68 +4207,28 @@ "value": "Guidance:" } ], - "prose": "Organizations should select a mode of protection that is targeted towards the relevant threat scenarios.\n\nExamples:\n\nA. Organizations may apply full disk encryption (FDE) to a mobile device where the primary threat is loss of the device while storage is locked.\n\nB. For a database application housing data for a single customer, encryption at the file system level would often provide more protection than FDE against the more likely threat of an intruder on the operating system accessing the storage.\n\nC. For a database application housing data for multiple customers, encryption with unique keys for each customer at the database record level may be more appropriate." + "prose": "\\\"Phishing-resistant\\\" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-28.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-28.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "sc-45.1", + "control-id": "ia-2.1", "adds": [ { "position": "ending", - "by-id": "sc-45.1_smt", + "by-id": "ia-2.1_smt", "parts": [ { - "id": "sc-45.1_fr", + "id": "ia-2.1_fr", "name": "item", - "title": "SC-45(1) Additional FedRAMP Requirements and Guidance", + "title": "IA-2 (1) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-45.1_fr_smt.1", + "id": "ia-2.1_fr_smt.1", "name": "item", "props": [ { @@ -38624,10 +4236,10 @@ "value": "Requirement:" } ], - "prose": "The service provider selects primary and secondary time servers used by the NIST Internet time service. The secondary server is selected from a different geographic region than the primary server." + "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." }, { - "id": "sc-45.1_fr_smt.2", + "id": "ia-2.1_fr_smt.2", "name": "item", "props": [ { @@ -38635,10 +4247,10 @@ "value": "Requirement:" } ], - "prose": "The service provider synchronizes the system clocks of network computers that run operating systems other than Windows to the Windows Server Domain Controller emulator or to the same time source for that server." + "prose": "Multi-factor authentication must be phishing-resistant." }, { - "id": "sc-45.1_fr_gdn.1", + "id": "ia-2.1_fr_gdn.1", "name": "guidance", "props": [ { @@ -38646,955 +4258,239 @@ "value": "Guidance:" } ], - "prose": "Synchronization of system clocks improves the accuracy of log analysis." + "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-45.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-45.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-45.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-45.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-45.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "si-1", - "adds": [ - { - "position": "starting", - "by-id": "si-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "si-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "si-11", - "adds": [ - { - "position": "starting", - "by-id": "si-11_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "si-12", - "adds": [ - { - "position": "starting", - "by-id": "si-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "si-16", - "adds": [ - { - "position": "starting", - "by-id": "si-16_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-16_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "si-2", + "control-id": "ia-2.2", "adds": [ { - "position": "starting", - "by-id": "si-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.d", - "props": [ + "position": "ending", + "by-id": "ia-2.2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-2.2_fr", + "name": "item", + "title": "IA-2 (2) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-2.2_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." + }, + { + "id": "ia-2.2_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Multi-factor authentication must be phishing-resistant." + }, + { + "id": "ia-2.2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." + } + ] } ] } ] }, { - "control-id": "si-2.2", + "control-id": "ia-2.6", "adds": [ { - "position": "starting", - "by-id": "si-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2.2_smt", - "props": [ + "position": "ending", + "by-id": "ia-2.6_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-2.6_fr", + "name": "item", + "title": "IA-2 (6) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-2.6_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "PIV=separate device. Please refer to NIST SP 800-157 Guidelines for Derived Personal Identity Verification (PIV) Credentials." + }, + { + "id": "ia-2.6_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See SC-13 Guidance for more information on FIPS-validated or NSA-approved cryptography." + } + ] } ] } ] }, { - "control-id": "si-2.3", + "control-id": "ia-2.12", "adds": [ { - "position": "starting", - "by-id": "si-2.3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2.3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2.3_smt.b", - "props": [ + "position": "ending", + "by-id": "ia-2.12_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-2.12_fr", + "name": "item", + "title": "IA-2 (12) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-2.12_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Include Common Access Card (CAC), i.e., the DoD technical implementation of PIV/FIPS 201/HSPD-12." + } + ] } ] } ] }, { - "control-id": "si-3", + "control-id": "ia-5", "adds": [ { - "position": "starting", - "by-id": "si-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.2-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.2-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.d", - "props": [ + "position": "ending", + "by-id": "ia-5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-5_fr", + "name": "item", + "title": "IA-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-5_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Authenticators must be compliant with NIST SP 800-63-3 Digital Identity Guidelines IAL, AAL, FAL level 3. Link https://pages.nist.gov/800-63-3" + }, + { + "id": "ia-5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SP 800-63C Section 6.2.3 Encrypted Assertion requires that authentication assertions be encrypted when passed through third parties, such as a browser. For example, a SAML assertion can be encrypted using XML-Encryption, or an OpenID Connect ID Token can be encrypted using JSON Web Encryption (JWE)." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ia-5.1", + "adds": [ { - "position": "starting", - "by-id": "si-3", - "props": [ + "position": "ending", + "by-id": "ia-5.1_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ia-5.1_fr", + "name": "item", + "title": "IA-5 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-5.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Password policies must be compliant with NIST SP 800-63B for all memorized, lookup, out-of-band, or One-Time-Passwords (OTP). Password policies shall not enforce special character or minimum password rotation requirements for memorized secrets of users." + }, + { + "id": "ia-5.1_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(h) Requirement:" + } + ], + "prose": "For cases where technology doesn’t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." + }, + { + "id": "ia-5.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Note that (c) and (d) require the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13)." + } + ] } ] } ] }, { - "control-id": "si-4", + "control-id": "ia-5.7", "adds": [ { "position": "ending", - "by-id": "si-4_smt", + "by-id": "ia-5.7_smt", "parts": [ { - "id": "si-4_fr", + "id": "ia-5.7_fr", "name": "item", - "title": "SI-4 Additional FedRAMP Requirements and Guidance", + "title": "IA-5 (7) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-4_fr_gdn.1", + "id": "ia-5.7_fr_gdn.1", "name": "guidance", "props": [ { @@ -39602,1009 +4498,725 @@ "value": "Guidance:" } ], - "prose": "See US-CERT Incident Response Reporting Guidelines." + "prose": "In this context, prohibited static storage refers to any storage where unencrypted authenticators, such as passwords, persist beyond the time required to complete the access process." } ] } ] - }, - { - "position": "starting", - "by-id": "si-4_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, + } + ] + }, + { + "control-id": "ia-5.8", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.a", - "props": [ + "position": "ending", + "by-id": "ia-5.8_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-5.8_fr", + "name": "item", + "title": "IA-5 (8) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-5.8_fr_gdn.x", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "If a single user authentication domain is used to access multiple systems, such as in single-sign-on, then only a single authenticator is required." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ia-5.13", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.b", - "props": [ + "position": "ending", + "by-id": "ia-5.13_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-5.13_fr", + "name": "item", + "title": "IA-5 (13) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-5.13_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For components subject to configuration baseline(s) (such as STIG or CIS,) the time period should conform to the baseline standard." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ia-11", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.c", - "props": [ + "position": "ending", + "by-id": "ia-11_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-11_fr", + "name": "item", + "title": "IA-11 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-11_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The fixed time period cannot exceed the limits set in SP 800-63. At this writing they are:\n\n* AAL3 (high baseline) * 12 hours or * 15 minutes of inactivity \n" + } + ] } ] - }, + } + ] + }, + { + "control-id": "ia-12", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.d", - "props": [ + "position": "ending", + "by-id": "ia-12_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-12_fr", + "name": "item", + "title": "IA-12 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-12_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "In accordance with NIST SP 800-63A Enrollment and Identity Proofing" + } + ] } ] - }, + } + ] + }, + { + "control-id": "ia-12.5", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.e", - "props": [ + "position": "ending", + "by-id": "ia-12.5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-12.5_fr", + "name": "item", + "title": "IA-12 (5) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-12.5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "In accordance with NIST SP 800-63A Enrollment and Identity Proofing" + } + ] } ] - }, + } + ] + }, + { + "control-id": "ir-3", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.f", - "props": [ + "position": "ending", + "by-id": "ir-3_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ir-3_fr", + "name": "item", + "title": "IR-3-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider defines tests and/or exercises in accordance with NIST Special Publication 800-61 (as amended). Functional testing must occur prior to testing for initial authorization. Annual functional testing may be concurrent with required penetration tests (see CA-8). The service provider provides test plans to the JAB/AO annually. Test plans are approved and accepted by the JAB/AO prior to test commencing." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ir-4", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.g", - "props": [ + "position": "ending", + "by-id": "ir-4_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ir-4_fr", + "name": "item", + "title": "IR-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-4_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The FISMA definition of \\\"incident\\\" shall be used: \\\"An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.\\\"" + }, + { + "id": "ir-4_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider ensures that individuals conducting incident handling meet personnel security requirements commensurate with the criticality/sensitivity of the information being processed, stored, and transmitted by the information system." + } + ] } ] } ] }, { - "control-id": "si-4.1", + "control-id": "ir-6", "adds": [ { - "position": "starting", - "by-id": "si-4.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.1", - "props": [ + "position": "ending", + "by-id": "ir-6_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ir-6_fr", + "name": "item", + "title": "IR-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-6_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Reports security incident information according to FedRAMP Incident Communications Procedure." + } + ] } ] } ] }, { - "control-id": "si-4.11", + "control-id": "ir-8", "adds": [ { - "position": "starting", - "by-id": "si-4.11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.11_smt", - "props": [ + "position": "ending", + "by-id": "ir-8_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ir-8_fr", + "name": "item", + "title": "IR-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-8_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(b) Requirement:" + } + ], + "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." + }, + { + "id": "ir-8_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(d) Requirement:" + } + ], + "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." + } + ] } ] } ] }, { - "control-id": "si-4.12", + "control-id": "mp-3", "adds": [ { - "position": "starting", - "by-id": "si-4.12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.12_smt", - "props": [ + "position": "ending", + "by-id": "mp-3_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "mp-3_fr", + "name": "item", + "title": "MP-3 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "mp-3_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b) Guidance:" + } + ], + "prose": "Second parameter not-applicable" + } + ] } ] } ] }, { - "control-id": "si-4.14", + "control-id": "mp-4", "adds": [ { - "position": "starting", - "by-id": "si-4.14_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.14_smt", - "props": [ + "position": "ending", + "by-id": "mp-4_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "mp-4_fr", + "name": "item", + "title": "MP-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "mp-4_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "The service provider defines controlled areas within facilities where the information and information system reside." + } + ] } ] } ] }, { - "control-id": "si-4.16", + "control-id": "mp-5", "adds": [ { - "position": "starting", - "by-id": "si-4.16_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.16_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.16", - "props": [ + "position": "ending", + "by-id": "mp-5_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "mp-5_fr", + "name": "item", + "title": "MP-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "mp-5_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "The service provider defines security measures to protect digital and non-digital media in transport. The security measures are approved and accepted by the JAB/AO." + } + ] } ] } ] }, { - "control-id": "si-4.18", + "control-id": "mp-6.1", "adds": [ { - "position": "starting", - "by-id": "si-4.18_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.18_smt", - "props": [ + "position": "ending", + "by-id": "mp-6.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "mp-6.1_fr", + "name": "item", + "title": "MP-6 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "mp-6.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Must comply with NIST SP 800-88" + } + ] } ] } ] }, { - "control-id": "si-4.19", + "control-id": "mp-6.2", "adds": [ { - "position": "starting", - "by-id": "si-4.19_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.19_smt", - "props": [ + "position": "ending", + "by-id": "mp-6.2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "mp-6.2_fr", + "name": "item", + "title": "MP-6 (2) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "mp-6.2_fr_smt.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Equipment and procedures may be tested or validated for effectiveness" + } + ] } ] - }, + } + ] + }, + { + "control-id": "mp-6.3", + "adds": [ { - "position": "starting", - "by-id": "si-4.19", - "props": [ + "position": "ending", + "by-id": "mp-6.3_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "mp-6.3_fr", + "name": "item", + "title": "MP-6 (3) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "mp-6.3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Must comply with NIST SP 800-88" + } + ] } ] } ] }, { - "control-id": "si-4.2", + "control-id": "pe-14", "adds": [ { - "position": "starting", - "by-id": "si-4.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.2", - "props": [ + "position": "ending", + "by-id": "pe-14_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "pe-14_fr", + "name": "item", + "title": "PE-14 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pe-14_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "The service provider measures temperature at server inlets and humidity levels by dew point." + } + ] } ] } ] }, { - "control-id": "si-4.20", + "control-id": "pl-8", "adds": [ { - "position": "starting", - "by-id": "si-4.20_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.20_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.20", - "props": [ + "position": "ending", + "by-id": "pl-8_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "pl-8_fr", + "name": "item", + "title": "PL-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pl-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b) Guidance:" + } + ], + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." + } + ] } ] } ] }, { - "control-id": "si-4.22", + "control-id": "pl-10", "adds": [ { - "position": "starting", - "by-id": "si-4.22_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.22_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.22_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.22_smt.b", - "props": [ + "position": "ending", + "by-id": "pl-10_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "pl-10_fr", + "name": "item", + "title": "PL-10 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pl-10_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Select the appropriate FedRAMP Baseline" + } + ] } ] } ] }, { - "control-id": "si-4.23", + "control-id": "ra-3", "adds": [ { - "position": "starting", - "by-id": "si-4.23_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.23_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.23", - "props": [ + "position": "ending", + "by-id": "ra-3_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ra-3_fr", + "name": "item", + "title": "RA-3 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ra-3_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." + }, + { + "id": "ra-3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(e) Requirement:" + } + ], + "prose": "Include all Authorizing Officials; for JAB authorizations to include FedRAMP." + } + ] } ] } ] }, { - "control-id": "si-4.4", + "control-id": "ra-5", "adds": [ { - "position": "starting", - "by-id": "si-4.4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.4_smt.a", - "props": [ + "position": "ending", + "by-id": "ra-5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ra-5_fr", + "name": "item", + "title": "RA-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ra-5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See the FedRAMP Documents page> Vulnerability Scanning Requirements https://www.FedRAMP.gov/documents/" + }, + { + "id": "ra-5_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "an accredited independent assessor scans operating systems/infrastructure, web applications, and databases once annually." + }, + { + "id": "ra-5_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(d) Requirement:" + } + ], + "prose": "If a vulnerability is listed among the CISA Known Exploited Vulnerability (KEV) Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) the KEV remediation date supersedes the FedRAMP parameter requirement." + }, + { + "id": "ra-5_fr_smt.3", + "name": "item", + "props": [ + { + "name": "label", + "value": "(e) Requirement:" + } + ], + "prose": "to include all Authorizing Officials; for JAB authorizations to include FedRAMP" + }, + { + "id": "ra-5_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a “warning” as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on “Tracking of Compliance Scans” in FAQs." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ra-5.8", + "adds": [ { - "position": "starting", - "by-id": "si-4.4_smt.b", - "props": [ + "position": "ending", + "by-id": "ra-5.8_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ra-5.8_fr", + "name": "item", + "title": "RA-5(8) Additional FedRAMP Requirement", + "parts": [ + { + "id": "ra-5.8_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "This enhancement is required for all high (or critical) vulnerability scan findings." + } + ] } ] } ] }, { - "control-id": "si-4.5", + "control-id": "sa-4", "adds": [ { "position": "ending", - "by-id": "si-4.5_smt", + "by-id": "sa-4_smt", "parts": [ { - "id": "si-4.5_fr", + "id": "sa-4_fr", "name": "item", - "title": "SI-4 (5) Additional FedRAMP Requirements and Guidance", + "title": "SA-4 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-4.5_fr_gdn.1", + "id": "sa-4_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must comply with Federal Acquisition Regulation (FAR) Subpart 7.103, and Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year 2019 (Pub. L. 115-232), and FAR Subpart 4.21, which implements Section 889 (as well as any added updates related to FISMA to address security concerns in the system acquisitions process)." + }, + { + "id": "sa-4_fr_gdn.1", "name": "guidance", "props": [ { @@ -40612,812 +5224,421 @@ "value": "Guidance:" } ], - "prose": "In accordance with the incident response plan." + "prose": "The use of Common Criteria (ISO/IEC 15408) evaluated products is strongly preferred.\n\nSee https://www.niap-ccevs.org/Product/index.cfm or https://www.commoncriteriaportal.org/products/." } ] } ] - }, - { - "position": "starting", - "by-id": "si-4.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "si-4.10", + "control-id": "sa-10", "adds": [ { "position": "ending", - "by-id": "si-4.10_smt", + "by-id": "sa-10_smt", "parts": [ { - "id": "si-4.10_fr", + "id": "sa-10_fr", "name": "item", - "title": "SI-4 (10) Additional FedRAMP Requirements and Guidance", + "title": "SA-10 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-4.10_fr_smt.1", + "id": "sa-10_fr_smt.1", "name": "item", "props": [ { "name": "label", - "value": "Requirement:" + "value": "(e) Requirement:" } ], - "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf) and M-22-09 (https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf)." + "prose": "track security flaws and flaw resolution within the system, component, or service and report findings to organization-defined personnel, to include FedRAMP." } ] } ] - }, - { - "position": "starting", - "by-id": "si-4.10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.10", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "si-5", + "control-id": "sa-11.1", "adds": [ { "position": "ending", - "by-id": "si-5_smt", + "by-id": "sa-11.1_smt", "parts": [ { - "id": "si-5_fr_smt.1", + "id": "sa-11.1_fr", "name": "item", - "title": "SI-5 Additional FedRAMP Requirements and Guidance", - "props": [ + "title": "SA-11(1) Additional FedRAMP Requirements", + "parts": [ { - "name": "label", - "value": "Requirement:" + "id": "sa-11.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must document its methodology for reviewing newly developed code for the Service in its Continuous Monitoring Plan.\n\nIf Static code analysis cannot be performed (for example, when the source code is not available), then dynamic code analysis must be performed (see SA-11 (8))" } - ], - "prose": "Service Providers must address the CISA Emergency and Binding Operational Directives applicable to their cloud service offering per FedRAMP guidance. This includes listing the applicable directives and stating compliance status." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "si-5.1", - "adds": [ - { - "position": "starting", - "by-id": "si-5.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "si-6", - "adds": [ - { - "position": "starting", - "by-id": "si-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-6_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-6_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-6_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + ] } ] } ] }, { - "control-id": "si-7", + "control-id": "sc-7", "adds": [ { - "position": "starting", - "by-id": "si-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-7", - "props": [ + "position": "ending", + "by-id": "sc-7_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "sc-7_fr", + "name": "item", + "title": "SC-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-7_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b) Guidance:" + } + ], + "prose": "SC-7 (b) should be met by subnet isolation. A subnetwork (subnet) is a physically or logically segmented section of a larger network defined at TCP/IP Layer 3, to both minimize traffic and, important for a FedRAMP Authorization, add a crucial layer of network isolation. Subnets are distinct from VLANs (Layer 2), security groups, and VPCs and are specifically required to satisfy SC-7 part b and other controls. See the FedRAMP Subnets White Paper (https://www.fedramp.gov/assets/resources/documents/FedRAMP_subnets_white_paper.pdf) for additional information." + } + ] } ] } ] }, { - "control-id": "si-7.1", + "control-id": "sc-7.5", "adds": [ { - "position": "starting", - "by-id": "si-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-7.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-7.1", - "props": [ + "position": "ending", + "by-id": "sc-7.5_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "sc-7.5_fr", + "name": "item", + "title": "SC-7 (5) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-7.5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For JAB Authorization, CSPs shall include details of this control in their Architecture Briefing" + } + ] } ] } ] }, { - "control-id": "si-7.15", + "control-id": "sc-8", "adds": [ { - "position": "starting", - "by-id": "si-7.15_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-7.15_smt", - "props": [ + "position": "ending", + "by-id": "sc-8_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-8_fr", + "name": "item", + "title": "SC-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n\n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work – e.g. log collection, scanning, etc.\n\n\n\n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters\n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information]" + }, + { + "id": "sc-8_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n\n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n\n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS’s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS’ recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n\n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n\n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n\n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf" + } + ] } ] } ] }, { - "control-id": "si-7.2", + "control-id": "sc-8.1", "adds": [ { - "position": "starting", - "by-id": "si-7.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-7.2_smt", - "props": [ + "position": "ending", + "by-id": "sc-8.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-8.1_fr", + "name": "item", + "title": "SC-8 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-8.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Please ensure SSP Section 10.3 Cryptographic Modules Implemented for Data At Rest (DAR) and Data In Transit (DIT) is fully populated for reference in this control." + }, + { + "id": "sc-8.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See M-22-09, including \\\"Agencies encrypt all DNS requests and HTTP traffic within their environment\\\"\n\nSC-8 (1) applies when encryption has been selected as the method to protect confidentiality and integrity. Otherwise refer to SC-8 (5). SC-8 (1) is strongly encouraged." + }, + { + "id": "sc-8.1_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" + }, + { + "id": "sc-8.1_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When leveraging encryption from the underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + } + ] } ] } ] }, { - "control-id": "si-7.5", + "control-id": "sc-12", "adds": [ { - "position": "starting", - "by-id": "si-7.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, + "position": "ending", + "by-id": "sc-12_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" + "id": "sc-12_fr", + "name": "item", + "title": "SC-12 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-12_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See references in NIST 800-53 documentation." + }, + { + "id": "sc-12_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Must meet applicable Federal Cryptographic Requirements. See References Section of control." + }, + { + "id": "sc-12_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Wildcard certificates may be used internally within the system, but are not permitted for external customer access to the system." + } + ] } ] - }, + } + ] + }, + { + "control-id": "sc-13", + "adds": [ { - "position": "starting", - "by-id": "si-7.5_smt", - "props": [ + "position": "ending", + "by-id": "sc-13_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-13_fr", + "name": "item", + "title": "SC-13 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-13_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "This control applies to all use of cryptography. In addition to encryption, this includes functions such as hashing, random number generation, and key generation. Examples include the following:\n\n* Encryption of data\n* Decryption of data\n* Generation of one time passwords (OTPs) for MFA\n* Protocols such as TLS, SSH, and HTTPS\n\n\n\n\nThe requirement for FIPS 140 validation, as well as timelines for acceptance of FIPS 140-2, and 140-3 can be found at the NIST Cryptographic Module Validation Program (CMVP).\n\nhttps://csrc.nist.gov/projects/cryptographic-module-validation-program" + }, + { + "id": "sc-13_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For NSA-approved cryptography, the National Information Assurance Partnership (NIAP) oversees a national program to evaluate Commercial IT Products for Use in National Security Systems. The NIAP Product Compliant List can be found at the following location:\n\nhttps://www.niap-ccevs.org/Product/index.cfm" + }, + { + "id": "sc-13_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + }, + { + "id": "sc-13_fr_gdn.4", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Moving to non-FIPS CM or product is acceptable when:\n\n* FIPS validated version has a known vulnerability\n* Feature with vulnerability is in use\n* Non-FIPS version fixes the vulnerability\n* Non-FIPS version is submitted to NIST for FIPS validation\n* POA&M is added to track approval, and deployment when ready\n" + }, + { + "id": "sc-13_fr_gdn.5", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "At a minimum, this control applies to cryptography in use for the following controls: AU-9(3), CP-9(8), IA-2(6), IA-5(1), MP-5, SC-8(1), and SC-28(1)." + } + ] } ] } ] }, { - "control-id": "si-7.7", + "control-id": "sc-15", "adds": [ { - "position": "starting", - "by-id": "si-7.7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-7.7_smt", - "props": [ + "position": "ending", + "by-id": "sc-15_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-15_fr", + "name": "item", + "title": "SC-15 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-15_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use." + } + ] } ] } ] }, { - "control-id": "si-8", + "control-id": "sc-20", "adds": [ { "position": "ending", - "by-id": "si-8_smt", + "by-id": "sc-20_smt", "parts": [ { - "id": "si-8_fr", + "id": "sc-20_fr", "name": "item", - "title": "SI-8 Additional FedRAMP Requirements and Guidance", + "title": "SC-20 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-8_fr_gdn.1", + "id": "sc-20_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Control Description should include how DNSSEC is implemented on authoritative DNS servers to supply valid responses to external DNSSEC requests." + }, + { + "id": "sc-20_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Authoritative DNS servers must be geolocated in accordance with SA-9 (5)." + }, + { + "id": "sc-20_fr_gdn.1", "name": "guidance", "props": [ { @@ -41425,10 +5646,10 @@ "value": "Guidance:" } ], - "prose": "When CSO sends email on behalf of the government as part of the business offering, Control Description should include implementation of Domain-based Message Authentication, Reporting & Conformance (DMARC) on the sending domain for outgoing messages as described in DHS Binding Operational Directive (BOD) 18-01.\n\nhttps://cyber.dhs.gov/bod/18-01/" + "prose": "SC-20 applies to use of external authoritative DNS to access a CSO from outside the boundary." }, { - "id": "si-8_fr_gdn.2", + "id": "sc-20_fr_gdn.2", "name": "guidance", "props": [ { @@ -41436,96 +5657,39 @@ "value": "Guidance:" } ], - "prose": "CSPs should confirm DMARC configuration (where appropriate) to ensure that policy=reject and the rua parameter includes reports@dmarc.cyber.dhs.gov. DMARC compliance should be documented in the SI-08 control implementation solution description, and list the FROM: domain(s) that will be seen by email recipients." + "prose": "External authoritative DNS servers may be located outside an authorized environment. Positioning these servers inside an authorized boundary is encouraged." + }, + { + "id": "sc-20_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "CSPs are recommended to self-check DNSSEC configuration through one of many available analyzers such as Sandia National Labs (https://dnsviz.net)" } ] } ] - }, - { - "position": "starting", - "by-id": "si-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "si-10", + "control-id": "sc-21", "adds": [ { "position": "ending", - "by-id": "si-10_smt", + "by-id": "sc-21_smt", "parts": [ { - "id": "si-10_fr", + "id": "sc-21_fr", "name": "item", - "title": "SI-10 Additional FedRAMP Requirements and Guidance", + "title": "SC-21 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-10_fr_smt.1", + "id": "sc-21_fr_smt.1", "name": "item", "props": [ { @@ -41533,767 +5697,342 @@ "value": "Requirement:" } ], - "prose": "Validate all information inputs and document any exceptions" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "si-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-10", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "si-8.2", - "adds": [ - { - "position": "starting", - "by-id": "si-8.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-8.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sr-1", - "adds": [ - { - "position": "starting", - "by-id": "sr-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." + "prose": "Control description should include how DNSSEC is implemented on recursive DNS servers to make DNSSEC requests when resolving DNS requests from internal components to domains external to the CSO boundary.\n\n* If the reply is signed, and fails DNSSEC, do not use the reply\n* If the reply is unsigned: * CSP chooses the policy to apply \n" + }, + { + "id": "sc-21_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Internal recursive DNS servers must be located inside an authorized environment. It is typically within the boundary, or leveraged from an underlying IaaS/PaaS." + }, + { + "id": "sc-21_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Accepting an unsigned reply is acceptable" + }, + { + "id": "sc-21_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SC-21 applies to use of internal recursive DNS to access a domain outside the boundary by a component inside the boundary.\n\n- DNSSEC resolution to access a component inside the boundary is excluded." + } + ] } ] } ] }, { - "control-id": "sr-10", + "control-id": "sc-28", "adds": [ { - "position": "starting", - "by-id": "sr-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-10_smt", - "props": [ + "position": "ending", + "by-id": "sc-28_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-28_fr", + "name": "item", + "title": "SC-28 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-28_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The organization supports the capability to use cryptographic mechanisms to protect information at rest." + }, + { + "id": "sc-28_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + }, + { + "id": "sc-28_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Note that this enhancement requires the use of cryptography in accordance with SC-13." + } + ] } ] } ] }, { - "control-id": "sr-11.1", + "control-id": "sc-28.1", "adds": [ { - "position": "starting", - "by-id": "sr-11.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11.1_smt", - "props": [ + "position": "ending", + "by-id": "sc-28.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-28.1_fr", + "name": "item", + "title": "SC-28 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-28.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Organizations should select a mode of protection that is targeted towards the relevant threat scenarios.\n\nExamples:\n\nA. Organizations may apply full disk encryption (FDE) to a mobile device where the primary threat is loss of the device while storage is locked.\n\nB. For a database application housing data for a single customer, encryption at the file system level would often provide more protection than FDE against the more likely threat of an intruder on the operating system accessing the storage.\n\nC. For a database application housing data for multiple customers, encryption with unique keys for each customer at the database record level may be more appropriate." + } + ] } ] } ] }, { - "control-id": "sr-11.2", + "control-id": "sc-45.1", "adds": [ { - "position": "starting", - "by-id": "sr-11.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11.2_smt", - "props": [ + "position": "ending", + "by-id": "sc-45.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-45.1_fr", + "name": "item", + "title": "SC-45(1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-45.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider selects primary and secondary time servers used by the NIST Internet time service. The secondary server is selected from a different geographic region than the primary server." + }, + { + "id": "sc-45.1_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider synchronizes the system clocks of network computers that run operating systems other than Windows to the Windows Server Domain Controller emulator or to the same time source for that server." + }, + { + "id": "sc-45.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Synchronization of system clocks improves the accuracy of log analysis." + } + ] } ] } ] }, { - "control-id": "sr-12", + "control-id": "si-4", "adds": [ { - "position": "starting", - "by-id": "sr-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-12_smt", - "props": [ + "position": "ending", + "by-id": "si-4_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "si-4_fr", + "name": "item", + "title": "SI-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "si-4_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See US-CERT Incident Response Reporting Guidelines." + } + ] } ] } ] }, { - "control-id": "sr-2", + "control-id": "si-4.5", "adds": [ { - "position": "starting", - "by-id": "sr-2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_smt.b", - "props": [ + "position": "ending", + "by-id": "si-4.5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "si-4.5_fr", + "name": "item", + "title": "SI-4 (5) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "si-4.5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "In accordance with the incident response plan." + } + ] } ] - }, + } + ] + }, + { + "control-id": "si-4.10", + "adds": [ { - "position": "starting", - "by-id": "sr-2_smt.c", - "props": [ + "position": "ending", + "by-id": "si-4.10_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "si-4.10_fr", + "name": "item", + "title": "SI-4 (10) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "si-4.10_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf) and M-22-09 (https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf)." + } + ] } ] } ] }, { - "control-id": "sr-2.1", + "control-id": "si-5", "adds": [ { - "position": "starting", - "by-id": "sr-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "si-5_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" + "id": "si-5_fr_smt.1", + "name": "item", + "title": "SI-5 Additional FedRAMP Requirements and Guidance", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Service Providers must address the CISA Emergency and Binding Operational Directives applicable to their cloud service offering per FedRAMP guidance. This includes listing the applicable directives and stating compliance status." } ] - }, + } + ] + }, + { + "control-id": "si-8", + "adds": [ { - "position": "starting", - "by-id": "sr-2.1_smt", - "props": [ + "position": "ending", + "by-id": "si-8_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "si-8_fr", + "name": "item", + "title": "SI-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "si-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When CSO sends email on behalf of the government as part of the business offering, Control Description should include implementation of Domain-based Message Authentication, Reporting & Conformance (DMARC) on the sending domain for outgoing messages as described in DHS Binding Operational Directive (BOD) 18-01.\n\nhttps://cyber.dhs.gov/bod/18-01/" + }, + { + "id": "si-8_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "CSPs should confirm DMARC configuration (where appropriate) to ensure that policy=reject and the rua parameter includes reports@dmarc.cyber.dhs.gov. DMARC compliance should be documented in the SI-08 control implementation solution description, and list the FROM: domain(s) that will be seen by email recipients." + } + ] } ] } ] }, { - "control-id": "sr-3", + "control-id": "si-10", "adds": [ { "position": "ending", - "by-id": "sr-3_smt", + "by-id": "si-10_smt", "parts": [ { - "id": "sr-3_fr", + "id": "si-10_fr", "name": "item", - "title": "SR-3 Additional FedRAMP Requirements and Guidance", + "title": "SI-10 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sr-3_fr_smt.1", + "id": "si-10_fr_smt.1", "name": "item", "props": [ { @@ -42301,179 +6040,38 @@ "value": "Requirement:" } ], - "prose": "CSO must document and maintain the supply chain custody, including replacement devices, to ensure the integrity of the devices before being introduced to the boundary." + "prose": "Validate all information inputs and document any exceptions" } ] } ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "sr-5", + "control-id": "sr-3", "adds": [ { - "position": "starting", - "by-id": "sr-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-5_smt", - "props": [ + "position": "ending", + "by-id": "sr-3_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sr-3_fr", + "name": "item", + "title": "SR-3 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sr-3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "CSO must document and maintain the supply chain custody, including replacement devices, to ensure the integrity of the devices before being introduced to the boundary." + } + ] } ] } @@ -42505,40 +6103,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, @@ -42568,40 +6132,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, @@ -42631,79 +6161,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sr-9.1", - "adds": [ - { - "position": "starting", - "by-id": "sr-9.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-9.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, @@ -42733,143 +6190,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] } @@ -42903,7 +6223,7 @@ }, { "uuid": "051a77c1-b61d-4995-8275-dacfe688d510", - "title": "NIST Special Publication (SP) 800-53", + "title": "NIST Special Publication (SP) 800-53 revision 5", "props": [ { "name": "version", @@ -42912,8 +6232,8 @@ ], "rlinks": [ { - "href": "https://raw.githubusercontent.com/usnistgov/oscal-content/v1.2.0/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json", - "media-type": "application/json" + "href": "NIST_SP-800-53_rev5_catalog.json", + "media-type": "application/oscal+json" } ] } diff --git a/dist/content/rev5/baselines/json/FedRAMP_rev5_LI-SaaS-baseline-resolved-profile_catalog-min.json b/dist/content/rev5/baselines/json/FedRAMP_rev5_LI-SaaS-baseline-resolved-profile_catalog-min.json index 750d9947d..6a1567591 100644 --- a/dist/content/rev5/baselines/json/FedRAMP_rev5_LI-SaaS-baseline-resolved-profile_catalog-min.json +++ b/dist/content/rev5/baselines/json/FedRAMP_rev5_LI-SaaS-baseline-resolved-profile_catalog-min.json @@ -1,11 +1,11 @@ { "catalog": { - "uuid": "f851c7cc-dd32-4233-b0a2-9fd83f561e67", + "uuid": "1f13921f-e208-46d9-9506-2a14e20bbb0a", "metadata": { "title": "FedRAMP Rev 5 Tailored Low Impact Software as a Service (LI-SaaS) Baseline", "published": "2023-08-31T00:00:00Z", - "last-modified": "2024-01-19T14:50:30.575664-05:00", - "version": "5.1.1+fedramp-20240111-0", + "last-modified": "2024-02-06T11:18:05.811433-05:00", + "version": "5.1.1+20231218-1", "oscal-version": "1.1.1", "links": [ { @@ -205,6 +205,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-01", + "class": "zero-padded" + }, { "name": "label", "value": "AC-1" @@ -230,7 +235,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -517,6 +522,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-02", + "class": "zero-padded" + }, { "name": "label", "value": "AC-2" @@ -537,7 +547,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -777,19 +787,19 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "EXAMINE", "class": "fedramp" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "INTERVIEW", "class": "fedramp" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "TEST", "class": "fedramp" } @@ -802,7 +812,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "EXAMINE" } ], @@ -819,7 +829,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "INTERVIEW" } ], @@ -836,7 +846,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "TEST" } ], @@ -854,6 +864,11 @@ "class": "SP800-53", "title": "Access Enforcement", "props": [ + { + "name": "label", + "value": "AC-03", + "class": "zero-padded" + }, { "name": "label", "value": "AC-3" @@ -874,7 +889,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1258,6 +1273,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-07", + "class": "zero-padded" + }, { "name": "label", "value": "AC-7" @@ -1278,13 +1298,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1523,6 +1543,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-08", + "class": "zero-padded" + }, { "name": "label", "value": "AC-8" @@ -1548,7 +1573,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "FED", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1716,6 +1741,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-14", + "class": "zero-padded" + }, { "name": "label", "value": "AC-14" @@ -1736,7 +1766,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "FED", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1801,6 +1831,11 @@ "class": "SP800-53", "title": "Remote Access", "props": [ + { + "name": "label", + "value": "AC-17", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17" @@ -1821,7 +1856,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2152,6 +2187,11 @@ "class": "SP800-53", "title": "Wireless Access", "props": [ + { + "name": "label", + "value": "AC-18", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18" @@ -2172,7 +2212,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2285,6 +2325,11 @@ "class": "SP800-53", "title": "Access Control for Mobile Devices", "props": [ + { + "name": "label", + "value": "AC-19", + "class": "zero-padded" + }, { "name": "label", "value": "AC-19" @@ -2305,7 +2350,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2493,6 +2538,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-20", + "class": "zero-padded" + }, { "name": "label", "value": "AC-20" @@ -2513,7 +2563,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2649,6 +2699,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-22", + "class": "zero-padded" + }, { "name": "label", "value": "AC-22" @@ -2669,7 +2724,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3062,6 +3117,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-01", + "class": "zero-padded" + }, { "name": "label", "value": "AT-1" @@ -3087,7 +3147,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3337,6 +3397,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-02", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2" @@ -3362,7 +3427,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3544,6 +3609,11 @@ "class": "SP800-53-enhancement", "title": "Insider Threat", "props": [ + { + "name": "label", + "value": "AT-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2(2)" @@ -3569,7 +3639,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3665,6 +3735,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-03", + "class": "zero-padded" + }, { "name": "label", "value": "AT-3" @@ -3690,7 +3765,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3889,6 +3964,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-04", + "class": "zero-padded" + }, { "name": "label", "value": "AT-4" @@ -3914,7 +3994,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4092,6 +4172,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-01", + "class": "zero-padded" + }, { "name": "label", "value": "AU-1" @@ -4117,7 +4202,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4333,6 +4418,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-02", + "class": "zero-padded" + }, { "name": "label", "value": "AU-2" @@ -4353,7 +4443,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4578,6 +4668,11 @@ "class": "SP800-53", "title": "Content of Audit Records", "props": [ + { + "name": "label", + "value": "AU-03", + "class": "zero-padded" + }, { "name": "label", "value": "AU-3" @@ -4598,7 +4693,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4946,6 +5041,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-04", + "class": "zero-padded" + }, { "name": "label", "value": "AU-4" @@ -4971,7 +5071,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5071,6 +5171,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-05", + "class": "zero-padded" + }, { "name": "label", "value": "AU-5" @@ -5091,7 +5196,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5337,6 +5442,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-06", + "class": "zero-padded" + }, { "name": "label", "value": "AU-6" @@ -5362,7 +5472,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5689,6 +5799,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-08", + "class": "zero-padded" + }, { "name": "label", "value": "AU-8" @@ -5709,7 +5824,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5784,6 +5899,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-09", + "class": "zero-padded" + }, { "name": "label", "value": "AU-9" @@ -5804,7 +5924,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5936,6 +6056,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-11", + "class": "zero-padded" + }, { "name": "label", "value": "AU-11" @@ -5956,7 +6081,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -6051,6 +6176,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-12", + "class": "zero-padded" + }, { "name": "label", "value": "AU-12" @@ -6071,7 +6201,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -6308,6 +6438,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-01", + "class": "zero-padded" + }, { "name": "label", "value": "CA-1" @@ -6333,7 +6468,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -6546,6 +6681,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-02", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2" @@ -6571,7 +6711,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -7137,6 +7277,11 @@ "class": "SP800-53-enhancement", "title": "Independent Assessors", "props": [ + { + "name": "label", + "value": "CA-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2(1)" @@ -7162,7 +7307,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -7233,6 +7378,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-03", + "class": "zero-padded" + }, { "name": "label", "value": "CA-3" @@ -7258,13 +7408,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -7637,6 +7787,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-05", + "class": "zero-padded" + }, { "name": "label", "value": "CA-5" @@ -7662,7 +7817,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -7767,6 +7922,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-06", + "class": "zero-padded" + }, { "name": "label", "value": "CA-6" @@ -7792,7 +7952,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -8238,6 +8398,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-07", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7" @@ -8263,7 +8428,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -8931,6 +9096,11 @@ "class": "SP800-53-enhancement", "title": "Risk Monitoring", "props": [ + { + "name": "label", + "value": "CA-07(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7(4)" @@ -8961,7 +9131,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -9199,6 +9369,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-08", + "class": "zero-padded" + }, { "name": "label", "value": "CA-8" @@ -9224,7 +9399,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -9389,6 +9564,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-09", + "class": "zero-padded" + }, { "name": "label", "value": "CA-9" @@ -9414,13 +9594,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -9874,6 +10054,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-01", + "class": "zero-padded" + }, { "name": "label", "value": "CM-1" @@ -9899,7 +10084,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -10096,6 +10281,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2" @@ -10121,7 +10311,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -10288,6 +10478,11 @@ "class": "SP800-53", "title": "Impact Analyses", "props": [ + { + "name": "label", + "value": "CM-04", + "class": "zero-padded" + }, { "name": "label", "value": "CM-4" @@ -10313,7 +10508,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -10518,6 +10713,11 @@ "class": "SP800-53", "title": "Access Restrictions for Change", "props": [ + { + "name": "label", + "value": "CM-05", + "class": "zero-padded" + }, { "name": "label", "value": "CM-5" @@ -10538,7 +10738,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -10840,6 +11040,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-06", + "class": "zero-padded" + }, { "name": "label", "value": "CM-6" @@ -10865,7 +11070,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -11414,6 +11619,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-07", + "class": "zero-padded" + }, { "name": "label", "value": "CM-7" @@ -11439,7 +11649,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -11600,6 +11810,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-08", + "class": "zero-padded" + }, { "name": "label", "value": "CM-8" @@ -11625,7 +11840,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -12045,6 +12260,11 @@ "class": "SP800-53", "title": "Software Usage Restrictions", "props": [ + { + "name": "label", + "value": "CM-10", + "class": "zero-padded" + }, { "name": "label", "value": "CM-10" @@ -12065,7 +12285,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -12187,6 +12407,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-11", + "class": "zero-padded" + }, { "name": "label", "value": "CM-11" @@ -12207,7 +12432,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -12417,6 +12642,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-01", + "class": "zero-padded" + }, { "name": "label", "value": "CP-1" @@ -12442,7 +12672,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -12691,6 +12921,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-02", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2" @@ -12711,7 +12946,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -13070,6 +13305,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-03", + "class": "zero-padded" + }, { "name": "label", "value": "CP-3" @@ -13095,7 +13335,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -13266,6 +13506,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-04", + "class": "zero-padded" + }, { "name": "label", "value": "CP-4" @@ -13291,7 +13536,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -13464,6 +13709,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9" @@ -13484,7 +13734,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -13857,6 +14107,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-10", + "class": "zero-padded" + }, { "name": "label", "value": "CP-10" @@ -13877,7 +14132,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -14049,6 +14304,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-01", + "class": "zero-padded" + }, { "name": "label", "value": "IA-1" @@ -14074,7 +14334,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -14265,6 +14525,11 @@ "class": "SP800-53", "title": "Identification and Authentication (Organizational Users)", "props": [ + { + "name": "label", + "value": "IA-02", + "class": "zero-padded" + }, { "name": "label", "value": "IA-2" @@ -14290,13 +14555,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -14466,6 +14731,11 @@ "class": "SP800-53-enhancement", "title": "Multi-factor Authentication to Privileged Accounts", "props": [ + { + "name": "label", + "value": "IA-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-2(1)" @@ -14486,7 +14756,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -14626,6 +14896,11 @@ "class": "SP800-53-enhancement", "title": "Multi-factor Authentication to Non-privileged Accounts", "props": [ + { + "name": "label", + "value": "IA-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-2(2)" @@ -14646,7 +14921,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -14665,13 +14940,6 @@ { "id": "ia-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "Required" - } - ], "prose": "Implement multi-factor authentication for access to non-privileged accounts." }, { @@ -14698,6 +14966,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-02(08)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-2(8)" @@ -14718,7 +14991,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -14838,6 +15111,11 @@ "class": "SP800-53-enhancement", "title": "Acceptance of PIV Credentials", "props": [ + { + "name": "label", + "value": "IA-02(12)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-2(12)" @@ -14858,13 +15136,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -14988,19 +15266,19 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "EXAMINE", "class": "fedramp" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "INTERVIEW", "class": "fedramp" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "TEST", "class": "fedramp" } @@ -15046,6 +15324,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-04", + "class": "zero-padded" + }, { "name": "label", "value": "IA-4" @@ -15066,7 +15349,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -15245,6 +15528,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-05", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5" @@ -15270,7 +15558,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -15520,6 +15808,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(1)" @@ -15545,7 +15838,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -15670,6 +15963,11 @@ "class": "SP800-53", "title": "Authentication Feedback", "props": [ + { + "name": "label", + "value": "IA-06", + "class": "zero-padded" + }, { "name": "label", "value": "IA-6" @@ -15690,7 +15988,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -15810,6 +16108,11 @@ "class": "SP800-53", "title": "Cryptographic Module Authentication", "props": [ + { + "name": "label", + "value": "IA-07", + "class": "zero-padded" + }, { "name": "label", "value": "IA-7" @@ -15830,7 +16133,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -15865,13 +16168,6 @@ { "id": "ia-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "Required" - } - ], "prose": "Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication." }, { @@ -15886,6 +16182,11 @@ "class": "SP800-53", "title": "Identification and Authentication (Non-organizational Users)", "props": [ + { + "name": "label", + "value": "IA-08", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8" @@ -15906,7 +16207,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -16023,6 +16324,11 @@ "class": "SP800-53-enhancement", "title": "Acceptance of PIV Credentials from Other Agencies", "props": [ + { + "name": "label", + "value": "IA-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(1)" @@ -16043,13 +16349,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -16215,6 +16521,11 @@ "class": "SP800-53-enhancement", "title": "Acceptance of External Authenticators", "props": [ + { + "name": "label", + "value": "IA-08(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(2)" @@ -16235,13 +16546,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -16474,6 +16785,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-08(04)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(4)" @@ -16494,7 +16810,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -16536,6 +16852,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-11", + "class": "zero-padded" + }, { "name": "label", "value": "IA-11" @@ -16561,7 +16882,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -16712,6 +17033,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-01", + "class": "zero-padded" + }, { "name": "label", "value": "IR-1" @@ -16737,7 +17063,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -16965,6 +17291,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-02", + "class": "zero-padded" + }, { "name": "label", "value": "IR-2" @@ -16990,7 +17321,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -17113,6 +17444,11 @@ "class": "SP800-53", "title": "Incident Handling", "props": [ + { + "name": "label", + "value": "IR-04", + "class": "zero-padded" + }, { "name": "label", "value": "IR-4" @@ -17133,7 +17469,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -17710,6 +18046,11 @@ "class": "SP800-53", "title": "Incident Monitoring", "props": [ + { + "name": "label", + "value": "IR-05", + "class": "zero-padded" + }, { "name": "label", "value": "IR-5" @@ -17735,7 +18076,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -17837,6 +18178,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-06", + "class": "zero-padded" + }, { "name": "label", "value": "IR-6" @@ -17857,7 +18203,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -18073,6 +18419,11 @@ "class": "SP800-53", "title": "Incident Response Assistance", "props": [ + { + "name": "label", + "value": "IR-07", + "class": "zero-padded" + }, { "name": "label", "value": "IR-7" @@ -18093,7 +18444,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -18246,6 +18597,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-08", + "class": "zero-padded" + }, { "name": "label", "value": "IR-8" @@ -18266,7 +18622,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -18622,6 +18978,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-01", + "class": "zero-padded" + }, { "name": "label", "value": "MA-1" @@ -18647,7 +19008,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -18839,6 +19200,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-02", + "class": "zero-padded" + }, { "name": "label", "value": "MA-2" @@ -18859,13 +19225,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -19310,6 +19676,11 @@ "class": "SP800-53", "title": "Nonlocal Maintenance", "props": [ + { + "name": "label", + "value": "MA-04", + "class": "zero-padded" + }, { "name": "label", "value": "MA-4" @@ -19330,7 +19701,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -19491,6 +19862,11 @@ "class": "SP800-53", "title": "Maintenance Personnel", "props": [ + { + "name": "label", + "value": "MA-05", + "class": "zero-padded" + }, { "name": "label", "value": "MA-5" @@ -19511,13 +19887,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -19914,6 +20290,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-01", + "class": "zero-padded" + }, { "name": "label", "value": "MP-1" @@ -19939,7 +20320,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -20148,6 +20529,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-02", + "class": "zero-padded" + }, { "name": "label", "value": "MP-2" @@ -20168,13 +20554,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -20469,6 +20855,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-06", + "class": "zero-padded" + }, { "name": "label", "value": "MP-6" @@ -20489,13 +20880,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -20857,6 +21248,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-07", + "class": "zero-padded" + }, { "name": "label", "value": "MP-7" @@ -20877,13 +21273,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -21198,6 +21594,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-01", + "class": "zero-padded" + }, { "name": "label", "value": "PE-1" @@ -21223,7 +21624,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -21402,6 +21803,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-02", + "class": "zero-padded" + }, { "name": "label", "value": "PE-2" @@ -21422,13 +21828,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -21911,6 +22317,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-03", + "class": "zero-padded" + }, { "name": "label", "value": "PE-3" @@ -21931,13 +22342,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -22590,6 +23001,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-06", + "class": "zero-padded" + }, { "name": "label", "value": "PE-6" @@ -22615,13 +23031,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -22976,6 +23392,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-08", + "class": "zero-padded" + }, { "name": "label", "value": "PE-8" @@ -23001,13 +23422,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -23229,6 +23650,11 @@ "class": "SP800-53", "title": "Emergency Lighting", "props": [ + { + "name": "label", + "value": "PE-12", + "class": "zero-padded" + }, { "name": "label", "value": "PE-12" @@ -23249,13 +23675,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -23457,6 +23883,11 @@ "class": "SP800-53", "title": "Fire Protection", "props": [ + { + "name": "label", + "value": "PE-13", + "class": "zero-padded" + }, { "name": "label", "value": "PE-13" @@ -23477,13 +23908,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -23769,6 +24200,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-14", + "class": "zero-padded" + }, { "name": "label", "value": "PE-14" @@ -23789,13 +24225,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -24002,6 +24438,11 @@ "class": "SP800-53", "title": "Water Damage Protection", "props": [ + { + "name": "label", + "value": "PE-15", + "class": "zero-padded" + }, { "name": "label", "value": "PE-15" @@ -24022,13 +24463,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -24259,6 +24700,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-16", + "class": "zero-padded" + }, { "name": "label", "value": "PE-16" @@ -24279,13 +24725,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -24681,6 +25127,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-01", + "class": "zero-padded" + }, { "name": "label", "value": "PL-1" @@ -24706,7 +25157,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -24907,6 +25358,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-02", + "class": "zero-padded" + }, { "name": "label", "value": "PL-2" @@ -24932,7 +25388,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -26525,6 +26981,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-04", + "class": "zero-padded" + }, { "name": "label", "value": "PL-4" @@ -26550,7 +27011,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -26704,6 +27165,11 @@ "class": "SP800-53-enhancement", "title": "Social Media and External Site/Application Usage Restrictions", "props": [ + { + "name": "label", + "value": "PL-04(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PL-4(1)" @@ -26729,7 +27195,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -26819,6 +27285,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-08", + "class": "zero-padded" + }, { "name": "label", "value": "PL-8" @@ -26844,7 +27315,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -27415,6 +27886,11 @@ "class": "SP800-53", "title": "Baseline Selection", "props": [ + { + "name": "label", + "value": "PL-10", + "class": "zero-padded" + }, { "name": "label", "value": "PL-10" @@ -27435,7 +27911,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -27520,6 +27996,11 @@ "class": "SP800-53", "title": "Baseline Tailoring", "props": [ + { + "name": "label", + "value": "PL-11", + "class": "zero-padded" + }, { "name": "label", "value": "PL-11" @@ -27540,7 +28021,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -27727,6 +28208,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-01", + "class": "zero-padded" + }, { "name": "label", "value": "PS-1" @@ -27752,7 +28238,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -27927,6 +28413,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-02", + "class": "zero-padded" + }, { "name": "label", "value": "PS-2" @@ -27947,7 +28438,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "FED", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -28083,6 +28574,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-03", + "class": "zero-padded" + }, { "name": "label", "value": "PS-3" @@ -28103,7 +28599,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -28413,6 +28909,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-04", + "class": "zero-padded" + }, { "name": "label", "value": "PS-4" @@ -28433,7 +28934,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -28587,6 +29088,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-05", + "class": "zero-padded" + }, { "name": "label", "value": "PS-5" @@ -28607,7 +29113,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -28731,6 +29237,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-06", + "class": "zero-padded" + }, { "name": "label", "value": "PS-6" @@ -28756,7 +29267,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -28909,6 +29420,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-07", + "class": "zero-padded" + }, { "name": "label", "value": "PS-7" @@ -28934,7 +29450,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -29101,6 +29617,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-08", + "class": "zero-padded" + }, { "name": "label", "value": "PS-8" @@ -29121,7 +29642,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -29185,6 +29706,11 @@ "class": "SP800-53", "title": "Position Descriptions", "props": [ + { + "name": "label", + "value": "PS-09", + "class": "zero-padded" + }, { "name": "label", "value": "PS-9" @@ -29205,7 +29731,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -29336,6 +29862,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-01", + "class": "zero-padded" + }, { "name": "label", "value": "RA-1" @@ -29361,7 +29892,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -29524,6 +30055,11 @@ "class": "SP800-53", "title": "Security Categorization", "props": [ + { + "name": "label", + "value": "RA-02", + "class": "zero-padded" + }, { "name": "label", "value": "RA-2" @@ -29544,7 +30080,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -29769,6 +30305,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-03", + "class": "zero-padded" + }, { "name": "label", "value": "RA-3" @@ -29794,7 +30335,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -30328,6 +30869,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-03(01)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-3(1)" @@ -30353,7 +30899,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -30479,6 +31025,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-05", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5" @@ -30504,7 +31055,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -31055,6 +31606,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-05(02)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5(2)" @@ -31080,7 +31636,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -31204,6 +31760,11 @@ "class": "SP800-53-enhancement", "title": "Public Disclosure Program", "props": [ + { + "name": "label", + "value": "RA-05(11)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5(11)" @@ -31229,7 +31790,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -31351,6 +31912,11 @@ "class": "SP800-53", "title": "Risk Response", "props": [ + { + "name": "label", + "value": "RA-07", + "class": "zero-padded" + }, { "name": "label", "value": "RA-7" @@ -31376,7 +31942,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -31719,6 +32285,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-01", + "class": "zero-padded" + }, { "name": "label", "value": "SA-1" @@ -31744,7 +32315,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -31915,6 +32486,11 @@ "class": "SP800-53", "title": "Allocation of Resources", "props": [ + { + "name": "label", + "value": "SA-02", + "class": "zero-padded" + }, { "name": "label", "value": "SA-2" @@ -31940,7 +32516,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -32046,6 +32622,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-03", + "class": "zero-padded" + }, { "name": "label", "value": "SA-3" @@ -32071,7 +32652,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -32242,6 +32823,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-04", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4" @@ -32267,7 +32853,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -32533,6 +33119,11 @@ "class": "SP800-53-enhancement", "title": "Use of Approved PIV Products", "props": [ + { + "name": "label", + "value": "SA-04(10)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(10)" @@ -32558,7 +33149,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -32626,6 +33217,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-05", + "class": "zero-padded" + }, { "name": "label", "value": "SA-5" @@ -32651,7 +33247,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -32895,6 +33491,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-08", + "class": "zero-padded" + }, { "name": "label", "value": "SA-8" @@ -32920,7 +33521,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -33087,6 +33688,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-09", + "class": "zero-padded" + }, { "name": "label", "value": "SA-9" @@ -33112,7 +33718,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -33498,6 +34104,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-22", + "class": "zero-padded" + }, { "name": "label", "value": "SA-22" @@ -33523,7 +34134,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -33809,6 +34420,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-01", + "class": "zero-padded" + }, { "name": "label", "value": "SC-1" @@ -33834,7 +34450,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -34032,6 +34648,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-05", + "class": "zero-padded" + }, { "name": "label", "value": "SC-5" @@ -34052,13 +34673,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -34274,6 +34895,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-07", + "class": "zero-padded" + }, { "name": "label", "value": "SC-7" @@ -34294,7 +34920,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -34708,6 +35334,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-08", + "class": "zero-padded" + }, { "name": "label", "value": "SC-8" @@ -34728,7 +35359,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -34948,6 +35579,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-8(1)" @@ -34968,7 +35604,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -35114,6 +35750,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-12", + "class": "zero-padded" + }, { "name": "label", "value": "SC-12" @@ -35139,7 +35780,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -35233,10 +35874,6 @@ "href": "#sc-11", "rel": "related" }, - { - "href": "#sc-12", - "rel": "related" - }, { "href": "#sc-13", "rel": "related" @@ -35437,6 +36074,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-13", + "class": "zero-padded" + }, { "name": "label", "value": "SC-13" @@ -35457,13 +36099,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -35780,6 +36422,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-15", + "class": "zero-padded" + }, { "name": "label", "value": "SC-15" @@ -35800,7 +36447,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -35861,6 +36508,11 @@ "class": "SP800-53", "title": "Secure Name/Address Resolution Service (Authoritative Source)", "props": [ + { + "name": "label", + "value": "SC-20", + "class": "zero-padded" + }, { "name": "label", "value": "SC-20" @@ -35881,7 +36533,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -35965,6 +36617,11 @@ "class": "SP800-53", "title": "Secure Name/Address Resolution Service (Recursive or Caching Resolver)", "props": [ + { + "name": "label", + "value": "SC-21", + "class": "zero-padded" + }, { "name": "label", "value": "SC-21" @@ -35985,7 +36642,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -36022,6 +36679,11 @@ "class": "SP800-53", "title": "Architecture and Provisioning for Name/Address Resolution Service", "props": [ + { + "name": "label", + "value": "SC-22", + "class": "zero-padded" + }, { "name": "label", "value": "SC-22" @@ -36042,7 +36704,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -36108,6 +36770,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-28", + "class": "zero-padded" + }, { "name": "label", "value": "SC-28" @@ -36128,7 +36795,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -36381,6 +37048,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-28(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-28(1)" @@ -36401,7 +37073,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -36572,6 +37244,11 @@ "class": "SP800-53", "title": "Process Isolation", "props": [ + { + "name": "label", + "value": "SC-39", + "class": "zero-padded" + }, { "name": "label", "value": "SC-39" @@ -36597,7 +37274,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -36760,6 +37437,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-01", + "class": "zero-padded" + }, { "name": "label", "value": "SI-1" @@ -36785,7 +37467,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -36960,6 +37642,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-02", + "class": "zero-padded" + }, { "name": "label", "value": "SI-2" @@ -36980,7 +37667,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -37552,6 +38239,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-03", + "class": "zero-padded" + }, { "name": "label", "value": "SI-3" @@ -37577,7 +38269,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -38128,6 +38820,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4" @@ -38158,7 +38855,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -38936,6 +39633,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-05", + "class": "zero-padded" + }, { "name": "label", "value": "SI-5" @@ -38961,7 +39663,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -39047,6 +39749,11 @@ "class": "SP800-53", "title": "Information Management and Retention", "props": [ + { + "name": "label", + "value": "SI-12", + "class": "zero-padded" + }, { "name": "label", "value": "SI-12" @@ -39067,7 +39774,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -39336,6 +40043,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-01", + "class": "zero-padded" + }, { "name": "label", "value": "SR-1" @@ -39361,7 +40073,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -39569,6 +40281,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-02", + "class": "zero-padded" + }, { "name": "label", "value": "SR-2" @@ -39594,7 +40311,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -39769,6 +40486,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-2(1)" @@ -39794,7 +40516,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -39874,6 +40596,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-03", + "class": "zero-padded" + }, { "name": "label", "value": "SR-3" @@ -39904,7 +40631,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -40094,6 +40821,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-05", + "class": "zero-padded" + }, { "name": "label", "value": "SR-5" @@ -40119,7 +40851,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -40258,6 +40990,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-08", + "class": "zero-padded" + }, { "name": "label", "value": "SR-8" @@ -40283,7 +41020,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -40388,6 +41125,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-10", + "class": "zero-padded" + }, { "name": "label", "value": "SR-10" @@ -40413,7 +41155,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -40509,6 +41251,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11" @@ -40534,7 +41281,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -40617,6 +41364,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11(1)" @@ -40642,7 +41394,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -40691,6 +41443,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11(2)" @@ -40716,7 +41473,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -40783,6 +41540,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-12", + "class": "zero-padded" + }, { "name": "label", "value": "SR-12" @@ -40808,7 +41570,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } diff --git a/dist/content/rev5/baselines/json/FedRAMP_rev5_LI-SaaS-baseline-resolved-profile_catalog.json b/dist/content/rev5/baselines/json/FedRAMP_rev5_LI-SaaS-baseline-resolved-profile_catalog.json index ec2195d44..fec183acc 100644 --- a/dist/content/rev5/baselines/json/FedRAMP_rev5_LI-SaaS-baseline-resolved-profile_catalog.json +++ b/dist/content/rev5/baselines/json/FedRAMP_rev5_LI-SaaS-baseline-resolved-profile_catalog.json @@ -1,11 +1,11 @@ { "catalog": { - "uuid": "f851c7cc-dd32-4233-b0a2-9fd83f561e67", + "uuid": "1f13921f-e208-46d9-9506-2a14e20bbb0a", "metadata": { "title": "FedRAMP Rev 5 Tailored Low Impact Software as a Service (LI-SaaS) Baseline", "published": "2023-08-31T00:00:00Z", - "last-modified": "2024-01-19T14:50:30.575664-05:00", - "version": "5.1.1+fedramp-20240111-0", + "last-modified": "2024-02-06T11:18:05.811433-05:00", + "version": "5.1.1+20231218-1", "oscal-version": "1.1.1", "links": [ { @@ -205,6 +205,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-01", + "class": "zero-padded" + }, { "name": "label", "value": "AC-1" @@ -230,7 +235,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -517,6 +522,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-02", + "class": "zero-padded" + }, { "name": "label", "value": "AC-2" @@ -537,7 +547,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -777,19 +787,19 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "EXAMINE", "class": "fedramp" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "INTERVIEW", "class": "fedramp" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "TEST", "class": "fedramp" } @@ -802,7 +812,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "EXAMINE" } ], @@ -819,7 +829,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "INTERVIEW" } ], @@ -836,7 +846,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "TEST" } ], @@ -854,6 +864,11 @@ "class": "SP800-53", "title": "Access Enforcement", "props": [ + { + "name": "label", + "value": "AC-03", + "class": "zero-padded" + }, { "name": "label", "value": "AC-3" @@ -874,7 +889,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1258,6 +1273,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-07", + "class": "zero-padded" + }, { "name": "label", "value": "AC-7" @@ -1278,13 +1298,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1523,6 +1543,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-08", + "class": "zero-padded" + }, { "name": "label", "value": "AC-8" @@ -1548,7 +1573,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "FED", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1716,6 +1741,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-14", + "class": "zero-padded" + }, { "name": "label", "value": "AC-14" @@ -1736,7 +1766,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "FED", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1801,6 +1831,11 @@ "class": "SP800-53", "title": "Remote Access", "props": [ + { + "name": "label", + "value": "AC-17", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17" @@ -1821,7 +1856,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2152,6 +2187,11 @@ "class": "SP800-53", "title": "Wireless Access", "props": [ + { + "name": "label", + "value": "AC-18", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18" @@ -2172,7 +2212,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2285,6 +2325,11 @@ "class": "SP800-53", "title": "Access Control for Mobile Devices", "props": [ + { + "name": "label", + "value": "AC-19", + "class": "zero-padded" + }, { "name": "label", "value": "AC-19" @@ -2305,7 +2350,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2493,6 +2538,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-20", + "class": "zero-padded" + }, { "name": "label", "value": "AC-20" @@ -2513,7 +2563,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2649,6 +2699,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-22", + "class": "zero-padded" + }, { "name": "label", "value": "AC-22" @@ -2669,7 +2724,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3062,6 +3117,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-01", + "class": "zero-padded" + }, { "name": "label", "value": "AT-1" @@ -3087,7 +3147,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3337,6 +3397,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-02", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2" @@ -3362,7 +3427,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3544,6 +3609,11 @@ "class": "SP800-53-enhancement", "title": "Insider Threat", "props": [ + { + "name": "label", + "value": "AT-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2(2)" @@ -3569,7 +3639,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3665,6 +3735,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-03", + "class": "zero-padded" + }, { "name": "label", "value": "AT-3" @@ -3690,7 +3765,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3889,6 +3964,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-04", + "class": "zero-padded" + }, { "name": "label", "value": "AT-4" @@ -3914,7 +3994,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4092,6 +4172,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-01", + "class": "zero-padded" + }, { "name": "label", "value": "AU-1" @@ -4117,7 +4202,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4333,6 +4418,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-02", + "class": "zero-padded" + }, { "name": "label", "value": "AU-2" @@ -4353,7 +4443,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4578,6 +4668,11 @@ "class": "SP800-53", "title": "Content of Audit Records", "props": [ + { + "name": "label", + "value": "AU-03", + "class": "zero-padded" + }, { "name": "label", "value": "AU-3" @@ -4598,7 +4693,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4946,6 +5041,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-04", + "class": "zero-padded" + }, { "name": "label", "value": "AU-4" @@ -4971,7 +5071,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5071,6 +5171,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-05", + "class": "zero-padded" + }, { "name": "label", "value": "AU-5" @@ -5091,7 +5196,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5337,6 +5442,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-06", + "class": "zero-padded" + }, { "name": "label", "value": "AU-6" @@ -5362,7 +5472,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5689,6 +5799,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-08", + "class": "zero-padded" + }, { "name": "label", "value": "AU-8" @@ -5709,7 +5824,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5784,6 +5899,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-09", + "class": "zero-padded" + }, { "name": "label", "value": "AU-9" @@ -5804,7 +5924,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5936,6 +6056,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-11", + "class": "zero-padded" + }, { "name": "label", "value": "AU-11" @@ -5956,7 +6081,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -6051,6 +6176,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-12", + "class": "zero-padded" + }, { "name": "label", "value": "AU-12" @@ -6071,7 +6201,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -6308,6 +6438,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-01", + "class": "zero-padded" + }, { "name": "label", "value": "CA-1" @@ -6333,7 +6468,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -6546,6 +6681,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-02", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2" @@ -6571,7 +6711,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -7137,6 +7277,11 @@ "class": "SP800-53-enhancement", "title": "Independent Assessors", "props": [ + { + "name": "label", + "value": "CA-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2(1)" @@ -7162,7 +7307,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -7233,6 +7378,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-03", + "class": "zero-padded" + }, { "name": "label", "value": "CA-3" @@ -7258,13 +7408,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -7637,6 +7787,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-05", + "class": "zero-padded" + }, { "name": "label", "value": "CA-5" @@ -7662,7 +7817,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -7767,6 +7922,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-06", + "class": "zero-padded" + }, { "name": "label", "value": "CA-6" @@ -7792,7 +7952,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -8238,6 +8398,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-07", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7" @@ -8263,7 +8428,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -8931,6 +9096,11 @@ "class": "SP800-53-enhancement", "title": "Risk Monitoring", "props": [ + { + "name": "label", + "value": "CA-07(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7(4)" @@ -8961,7 +9131,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -9199,6 +9369,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-08", + "class": "zero-padded" + }, { "name": "label", "value": "CA-8" @@ -9224,7 +9399,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -9389,6 +9564,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-09", + "class": "zero-padded" + }, { "name": "label", "value": "CA-9" @@ -9414,13 +9594,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -9874,6 +10054,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-01", + "class": "zero-padded" + }, { "name": "label", "value": "CM-1" @@ -9899,7 +10084,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -10096,6 +10281,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2" @@ -10121,7 +10311,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -10288,6 +10478,11 @@ "class": "SP800-53", "title": "Impact Analyses", "props": [ + { + "name": "label", + "value": "CM-04", + "class": "zero-padded" + }, { "name": "label", "value": "CM-4" @@ -10313,7 +10508,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -10518,6 +10713,11 @@ "class": "SP800-53", "title": "Access Restrictions for Change", "props": [ + { + "name": "label", + "value": "CM-05", + "class": "zero-padded" + }, { "name": "label", "value": "CM-5" @@ -10538,7 +10738,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -10840,6 +11040,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-06", + "class": "zero-padded" + }, { "name": "label", "value": "CM-6" @@ -10865,7 +11070,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -11414,6 +11619,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-07", + "class": "zero-padded" + }, { "name": "label", "value": "CM-7" @@ -11439,7 +11649,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -11600,6 +11810,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-08", + "class": "zero-padded" + }, { "name": "label", "value": "CM-8" @@ -11625,7 +11840,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -12045,6 +12260,11 @@ "class": "SP800-53", "title": "Software Usage Restrictions", "props": [ + { + "name": "label", + "value": "CM-10", + "class": "zero-padded" + }, { "name": "label", "value": "CM-10" @@ -12065,7 +12285,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -12187,6 +12407,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-11", + "class": "zero-padded" + }, { "name": "label", "value": "CM-11" @@ -12207,7 +12432,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -12417,6 +12642,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-01", + "class": "zero-padded" + }, { "name": "label", "value": "CP-1" @@ -12442,7 +12672,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -12691,6 +12921,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-02", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2" @@ -12711,7 +12946,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -13070,6 +13305,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-03", + "class": "zero-padded" + }, { "name": "label", "value": "CP-3" @@ -13095,7 +13335,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -13266,6 +13506,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-04", + "class": "zero-padded" + }, { "name": "label", "value": "CP-4" @@ -13291,7 +13536,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -13464,6 +13709,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9" @@ -13484,7 +13734,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -13857,6 +14107,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-10", + "class": "zero-padded" + }, { "name": "label", "value": "CP-10" @@ -13877,7 +14132,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -14049,6 +14304,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-01", + "class": "zero-padded" + }, { "name": "label", "value": "IA-1" @@ -14074,7 +14334,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -14265,6 +14525,11 @@ "class": "SP800-53", "title": "Identification and Authentication (Organizational Users)", "props": [ + { + "name": "label", + "value": "IA-02", + "class": "zero-padded" + }, { "name": "label", "value": "IA-2" @@ -14290,13 +14555,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -14466,6 +14731,11 @@ "class": "SP800-53-enhancement", "title": "Multi-factor Authentication to Privileged Accounts", "props": [ + { + "name": "label", + "value": "IA-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-2(1)" @@ -14486,7 +14756,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -14626,6 +14896,11 @@ "class": "SP800-53-enhancement", "title": "Multi-factor Authentication to Non-privileged Accounts", "props": [ + { + "name": "label", + "value": "IA-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-2(2)" @@ -14646,7 +14921,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -14665,13 +14940,6 @@ { "id": "ia-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "Required" - } - ], "prose": "Implement multi-factor authentication for access to non-privileged accounts." }, { @@ -14698,6 +14966,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-02(08)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-2(8)" @@ -14718,7 +14991,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -14838,6 +15111,11 @@ "class": "SP800-53-enhancement", "title": "Acceptance of PIV Credentials", "props": [ + { + "name": "label", + "value": "IA-02(12)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-2(12)" @@ -14858,13 +15136,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -14988,19 +15266,19 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "EXAMINE", "class": "fedramp" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "INTERVIEW", "class": "fedramp" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "TEST", "class": "fedramp" } @@ -15046,6 +15324,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-04", + "class": "zero-padded" + }, { "name": "label", "value": "IA-4" @@ -15066,7 +15349,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -15245,6 +15528,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-05", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5" @@ -15270,7 +15558,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -15520,6 +15808,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(1)" @@ -15545,7 +15838,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -15670,6 +15963,11 @@ "class": "SP800-53", "title": "Authentication Feedback", "props": [ + { + "name": "label", + "value": "IA-06", + "class": "zero-padded" + }, { "name": "label", "value": "IA-6" @@ -15690,7 +15988,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -15810,6 +16108,11 @@ "class": "SP800-53", "title": "Cryptographic Module Authentication", "props": [ + { + "name": "label", + "value": "IA-07", + "class": "zero-padded" + }, { "name": "label", "value": "IA-7" @@ -15830,7 +16133,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -15865,13 +16168,6 @@ { "id": "ia-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "Required" - } - ], "prose": "Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication." }, { @@ -15886,6 +16182,11 @@ "class": "SP800-53", "title": "Identification and Authentication (Non-organizational Users)", "props": [ + { + "name": "label", + "value": "IA-08", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8" @@ -15906,7 +16207,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -16023,6 +16324,11 @@ "class": "SP800-53-enhancement", "title": "Acceptance of PIV Credentials from Other Agencies", "props": [ + { + "name": "label", + "value": "IA-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(1)" @@ -16043,13 +16349,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -16215,6 +16521,11 @@ "class": "SP800-53-enhancement", "title": "Acceptance of External Authenticators", "props": [ + { + "name": "label", + "value": "IA-08(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(2)" @@ -16235,13 +16546,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -16474,6 +16785,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-08(04)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(4)" @@ -16494,7 +16810,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -16536,6 +16852,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-11", + "class": "zero-padded" + }, { "name": "label", "value": "IA-11" @@ -16561,7 +16882,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -16712,6 +17033,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-01", + "class": "zero-padded" + }, { "name": "label", "value": "IR-1" @@ -16737,7 +17063,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -16965,6 +17291,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-02", + "class": "zero-padded" + }, { "name": "label", "value": "IR-2" @@ -16990,7 +17321,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -17113,6 +17444,11 @@ "class": "SP800-53", "title": "Incident Handling", "props": [ + { + "name": "label", + "value": "IR-04", + "class": "zero-padded" + }, { "name": "label", "value": "IR-4" @@ -17133,7 +17469,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -17710,6 +18046,11 @@ "class": "SP800-53", "title": "Incident Monitoring", "props": [ + { + "name": "label", + "value": "IR-05", + "class": "zero-padded" + }, { "name": "label", "value": "IR-5" @@ -17735,7 +18076,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -17837,6 +18178,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-06", + "class": "zero-padded" + }, { "name": "label", "value": "IR-6" @@ -17857,7 +18203,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -18073,6 +18419,11 @@ "class": "SP800-53", "title": "Incident Response Assistance", "props": [ + { + "name": "label", + "value": "IR-07", + "class": "zero-padded" + }, { "name": "label", "value": "IR-7" @@ -18093,7 +18444,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -18246,6 +18597,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-08", + "class": "zero-padded" + }, { "name": "label", "value": "IR-8" @@ -18266,7 +18622,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -18622,6 +18978,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-01", + "class": "zero-padded" + }, { "name": "label", "value": "MA-1" @@ -18647,7 +19008,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -18839,6 +19200,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-02", + "class": "zero-padded" + }, { "name": "label", "value": "MA-2" @@ -18859,13 +19225,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -19310,6 +19676,11 @@ "class": "SP800-53", "title": "Nonlocal Maintenance", "props": [ + { + "name": "label", + "value": "MA-04", + "class": "zero-padded" + }, { "name": "label", "value": "MA-4" @@ -19330,7 +19701,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -19491,6 +19862,11 @@ "class": "SP800-53", "title": "Maintenance Personnel", "props": [ + { + "name": "label", + "value": "MA-05", + "class": "zero-padded" + }, { "name": "label", "value": "MA-5" @@ -19511,13 +19887,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -19914,6 +20290,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-01", + "class": "zero-padded" + }, { "name": "label", "value": "MP-1" @@ -19939,7 +20320,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -20148,6 +20529,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-02", + "class": "zero-padded" + }, { "name": "label", "value": "MP-2" @@ -20168,13 +20554,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -20469,6 +20855,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-06", + "class": "zero-padded" + }, { "name": "label", "value": "MP-6" @@ -20489,13 +20880,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -20857,6 +21248,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-07", + "class": "zero-padded" + }, { "name": "label", "value": "MP-7" @@ -20877,13 +21273,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -21198,6 +21594,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-01", + "class": "zero-padded" + }, { "name": "label", "value": "PE-1" @@ -21223,7 +21624,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -21402,6 +21803,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-02", + "class": "zero-padded" + }, { "name": "label", "value": "PE-2" @@ -21422,13 +21828,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -21911,6 +22317,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-03", + "class": "zero-padded" + }, { "name": "label", "value": "PE-3" @@ -21931,13 +22342,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -22590,6 +23001,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-06", + "class": "zero-padded" + }, { "name": "label", "value": "PE-6" @@ -22615,13 +23031,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -22976,6 +23392,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-08", + "class": "zero-padded" + }, { "name": "label", "value": "PE-8" @@ -23001,13 +23422,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -23229,6 +23650,11 @@ "class": "SP800-53", "title": "Emergency Lighting", "props": [ + { + "name": "label", + "value": "PE-12", + "class": "zero-padded" + }, { "name": "label", "value": "PE-12" @@ -23249,13 +23675,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -23457,6 +23883,11 @@ "class": "SP800-53", "title": "Fire Protection", "props": [ + { + "name": "label", + "value": "PE-13", + "class": "zero-padded" + }, { "name": "label", "value": "PE-13" @@ -23477,13 +23908,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -23769,6 +24200,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-14", + "class": "zero-padded" + }, { "name": "label", "value": "PE-14" @@ -23789,13 +24225,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -24002,6 +24438,11 @@ "class": "SP800-53", "title": "Water Damage Protection", "props": [ + { + "name": "label", + "value": "PE-15", + "class": "zero-padded" + }, { "name": "label", "value": "PE-15" @@ -24022,13 +24463,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -24259,6 +24700,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-16", + "class": "zero-padded" + }, { "name": "label", "value": "PE-16" @@ -24279,13 +24725,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -24681,6 +25127,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-01", + "class": "zero-padded" + }, { "name": "label", "value": "PL-1" @@ -24706,7 +25157,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -24907,6 +25358,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-02", + "class": "zero-padded" + }, { "name": "label", "value": "PL-2" @@ -24932,7 +25388,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -26525,6 +26981,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-04", + "class": "zero-padded" + }, { "name": "label", "value": "PL-4" @@ -26550,7 +27011,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -26704,6 +27165,11 @@ "class": "SP800-53-enhancement", "title": "Social Media and External Site/Application Usage Restrictions", "props": [ + { + "name": "label", + "value": "PL-04(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PL-4(1)" @@ -26729,7 +27195,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -26819,6 +27285,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-08", + "class": "zero-padded" + }, { "name": "label", "value": "PL-8" @@ -26844,7 +27315,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -27415,6 +27886,11 @@ "class": "SP800-53", "title": "Baseline Selection", "props": [ + { + "name": "label", + "value": "PL-10", + "class": "zero-padded" + }, { "name": "label", "value": "PL-10" @@ -27435,7 +27911,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -27520,6 +27996,11 @@ "class": "SP800-53", "title": "Baseline Tailoring", "props": [ + { + "name": "label", + "value": "PL-11", + "class": "zero-padded" + }, { "name": "label", "value": "PL-11" @@ -27540,7 +28021,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -27727,6 +28208,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-01", + "class": "zero-padded" + }, { "name": "label", "value": "PS-1" @@ -27752,7 +28238,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -27927,6 +28413,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-02", + "class": "zero-padded" + }, { "name": "label", "value": "PS-2" @@ -27947,7 +28438,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "FED", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -28083,6 +28574,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-03", + "class": "zero-padded" + }, { "name": "label", "value": "PS-3" @@ -28103,7 +28599,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -28413,6 +28909,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-04", + "class": "zero-padded" + }, { "name": "label", "value": "PS-4" @@ -28433,7 +28934,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -28587,6 +29088,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-05", + "class": "zero-padded" + }, { "name": "label", "value": "PS-5" @@ -28607,7 +29113,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -28731,6 +29237,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-06", + "class": "zero-padded" + }, { "name": "label", "value": "PS-6" @@ -28756,7 +29267,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -28909,6 +29420,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-07", + "class": "zero-padded" + }, { "name": "label", "value": "PS-7" @@ -28934,7 +29450,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -29101,6 +29617,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-08", + "class": "zero-padded" + }, { "name": "label", "value": "PS-8" @@ -29121,7 +29642,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -29185,6 +29706,11 @@ "class": "SP800-53", "title": "Position Descriptions", "props": [ + { + "name": "label", + "value": "PS-09", + "class": "zero-padded" + }, { "name": "label", "value": "PS-9" @@ -29205,7 +29731,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -29336,6 +29862,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-01", + "class": "zero-padded" + }, { "name": "label", "value": "RA-1" @@ -29361,7 +29892,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -29524,6 +30055,11 @@ "class": "SP800-53", "title": "Security Categorization", "props": [ + { + "name": "label", + "value": "RA-02", + "class": "zero-padded" + }, { "name": "label", "value": "RA-2" @@ -29544,7 +30080,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -29769,6 +30305,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-03", + "class": "zero-padded" + }, { "name": "label", "value": "RA-3" @@ -29794,7 +30335,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -30328,6 +30869,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-03(01)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-3(1)" @@ -30353,7 +30899,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -30479,6 +31025,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-05", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5" @@ -30504,7 +31055,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -31055,6 +31606,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-05(02)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5(2)" @@ -31080,7 +31636,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -31204,6 +31760,11 @@ "class": "SP800-53-enhancement", "title": "Public Disclosure Program", "props": [ + { + "name": "label", + "value": "RA-05(11)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5(11)" @@ -31229,7 +31790,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -31351,6 +31912,11 @@ "class": "SP800-53", "title": "Risk Response", "props": [ + { + "name": "label", + "value": "RA-07", + "class": "zero-padded" + }, { "name": "label", "value": "RA-7" @@ -31376,7 +31942,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -31719,6 +32285,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-01", + "class": "zero-padded" + }, { "name": "label", "value": "SA-1" @@ -31744,7 +32315,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -31915,6 +32486,11 @@ "class": "SP800-53", "title": "Allocation of Resources", "props": [ + { + "name": "label", + "value": "SA-02", + "class": "zero-padded" + }, { "name": "label", "value": "SA-2" @@ -31940,7 +32516,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -32046,6 +32622,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-03", + "class": "zero-padded" + }, { "name": "label", "value": "SA-3" @@ -32071,7 +32652,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -32242,6 +32823,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-04", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4" @@ -32267,7 +32853,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -32533,6 +33119,11 @@ "class": "SP800-53-enhancement", "title": "Use of Approved PIV Products", "props": [ + { + "name": "label", + "value": "SA-04(10)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(10)" @@ -32558,7 +33149,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -32626,6 +33217,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-05", + "class": "zero-padded" + }, { "name": "label", "value": "SA-5" @@ -32651,7 +33247,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -32895,6 +33491,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-08", + "class": "zero-padded" + }, { "name": "label", "value": "SA-8" @@ -32920,7 +33521,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -33087,6 +33688,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-09", + "class": "zero-padded" + }, { "name": "label", "value": "SA-9" @@ -33112,7 +33718,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -33498,6 +34104,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-22", + "class": "zero-padded" + }, { "name": "label", "value": "SA-22" @@ -33523,7 +34134,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -33809,6 +34420,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-01", + "class": "zero-padded" + }, { "name": "label", "value": "SC-1" @@ -33834,7 +34450,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -34032,6 +34648,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-05", + "class": "zero-padded" + }, { "name": "label", "value": "SC-5" @@ -34052,13 +34673,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -34274,6 +34895,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-07", + "class": "zero-padded" + }, { "name": "label", "value": "SC-7" @@ -34294,7 +34920,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -34708,6 +35334,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-08", + "class": "zero-padded" + }, { "name": "label", "value": "SC-8" @@ -34728,7 +35359,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -34948,6 +35579,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-8(1)" @@ -34968,7 +35604,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -35114,6 +35750,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-12", + "class": "zero-padded" + }, { "name": "label", "value": "SC-12" @@ -35139,7 +35780,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -35233,10 +35874,6 @@ "href": "#sc-11", "rel": "related" }, - { - "href": "#sc-12", - "rel": "related" - }, { "href": "#sc-13", "rel": "related" @@ -35437,6 +36074,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-13", + "class": "zero-padded" + }, { "name": "label", "value": "SC-13" @@ -35457,13 +36099,13 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -35780,6 +36422,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-15", + "class": "zero-padded" + }, { "name": "label", "value": "SC-15" @@ -35800,7 +36447,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -35861,6 +36508,11 @@ "class": "SP800-53", "title": "Secure Name/Address Resolution Service (Authoritative Source)", "props": [ + { + "name": "label", + "value": "SC-20", + "class": "zero-padded" + }, { "name": "label", "value": "SC-20" @@ -35881,7 +36533,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -35965,6 +36617,11 @@ "class": "SP800-53", "title": "Secure Name/Address Resolution Service (Recursive or Caching Resolver)", "props": [ + { + "name": "label", + "value": "SC-21", + "class": "zero-padded" + }, { "name": "label", "value": "SC-21" @@ -35985,7 +36642,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -36022,6 +36679,11 @@ "class": "SP800-53", "title": "Architecture and Provisioning for Name/Address Resolution Service", "props": [ + { + "name": "label", + "value": "SC-22", + "class": "zero-padded" + }, { "name": "label", "value": "SC-22" @@ -36042,7 +36704,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -36108,6 +36770,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-28", + "class": "zero-padded" + }, { "name": "label", "value": "SC-28" @@ -36128,7 +36795,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -36381,6 +37048,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-28(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-28(1)" @@ -36401,7 +37073,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -36572,6 +37244,11 @@ "class": "SP800-53", "title": "Process Isolation", "props": [ + { + "name": "label", + "value": "SC-39", + "class": "zero-padded" + }, { "name": "label", "value": "SC-39" @@ -36597,7 +37274,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -36760,6 +37437,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-01", + "class": "zero-padded" + }, { "name": "label", "value": "SI-1" @@ -36785,7 +37467,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -36960,6 +37642,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-02", + "class": "zero-padded" + }, { "name": "label", "value": "SI-2" @@ -36980,7 +37667,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -37552,6 +38239,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-03", + "class": "zero-padded" + }, { "name": "label", "value": "SI-3" @@ -37577,7 +38269,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -38128,6 +38820,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4" @@ -38158,7 +38855,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -38936,6 +39633,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-05", + "class": "zero-padded" + }, { "name": "label", "value": "SI-5" @@ -38961,7 +39663,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -39047,6 +39749,11 @@ "class": "SP800-53", "title": "Information Management and Retention", "props": [ + { + "name": "label", + "value": "SI-12", + "class": "zero-padded" + }, { "name": "label", "value": "SI-12" @@ -39067,7 +39774,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -39336,6 +40043,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-01", + "class": "zero-padded" + }, { "name": "label", "value": "SR-1" @@ -39361,7 +40073,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -39569,6 +40281,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-02", + "class": "zero-padded" + }, { "name": "label", "value": "SR-2" @@ -39594,7 +40311,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -39769,6 +40486,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-2(1)" @@ -39794,7 +40516,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -39874,6 +40596,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-03", + "class": "zero-padded" + }, { "name": "label", "value": "SR-3" @@ -39904,7 +40631,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -40094,6 +40821,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-05", + "class": "zero-padded" + }, { "name": "label", "value": "SR-5" @@ -40119,7 +40851,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -40258,6 +40990,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-08", + "class": "zero-padded" + }, { "name": "label", "value": "SR-8" @@ -40283,7 +41020,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -40388,6 +41125,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-10", + "class": "zero-padded" + }, { "name": "label", "value": "SR-10" @@ -40413,7 +41155,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -40509,6 +41251,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11" @@ -40534,7 +41281,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -40617,6 +41364,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11(1)" @@ -40642,7 +41394,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -40691,6 +41443,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11(2)" @@ -40716,7 +41473,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -40783,6 +41540,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-12", + "class": "zero-padded" + }, { "name": "label", "value": "SR-12" @@ -40808,7 +41570,7 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } diff --git a/dist/content/rev5/baselines/json/FedRAMP_rev5_LI-SaaS-baseline_profile-min.json b/dist/content/rev5/baselines/json/FedRAMP_rev5_LI-SaaS-baseline_profile-min.json index 0a842049e..72285dccc 100644 --- a/dist/content/rev5/baselines/json/FedRAMP_rev5_LI-SaaS-baseline_profile-min.json +++ b/dist/content/rev5/baselines/json/FedRAMP_rev5_LI-SaaS-baseline_profile-min.json @@ -1,11 +1,11 @@ { "profile": { - "uuid": "ece2fd2d-87f7-476a-a295-6e1ec8153771", + "uuid": "dca43377-cc54-408c-8902-1c971fde0aec", "metadata": { "title": "FedRAMP Rev 5 Tailored Low Impact Software as a Service (LI-SaaS) Baseline", "published": "2023-08-31T00:00:00Z", - "last-modified": "2024-01-11T23:40:17Z", - "version": "5.1.1+fedramp-20240111-0", + "last-modified": "2023-12-18T15:22:59Z", + "version": "5.1.1+20231218-1", "oscal-version": "1.1.1", "roles": [ { @@ -1531,7 +1531,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1590,7 +1590,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1607,19 +1607,19 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "EXAMINE", "class": "fedramp" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "INTERVIEW", "class": "fedramp" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "TEST", "class": "fedramp" } @@ -1632,7 +1632,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "EXAMINE" } ], @@ -1649,7 +1649,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "INTERVIEW" } ], @@ -1666,7 +1666,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "TEST" } ], @@ -1700,7 +1700,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1727,13 +1727,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1764,7 +1764,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "FED", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1795,7 +1795,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "FED", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1829,7 +1829,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1853,7 +1853,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1884,7 +1884,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1915,7 +1915,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1942,7 +1942,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1966,7 +1966,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1990,7 +1990,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2014,7 +2014,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2038,7 +2038,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2062,7 +2062,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2086,7 +2086,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2110,7 +2110,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2137,7 +2137,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2161,7 +2161,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2195,7 +2195,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2222,7 +2222,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2246,7 +2246,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2270,7 +2270,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2294,7 +2294,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2325,7 +2325,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2349,7 +2349,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2376,7 +2376,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2400,7 +2400,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2427,13 +2427,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2464,7 +2464,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2498,7 +2498,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2525,7 +2525,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2552,7 +2552,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2579,7 +2579,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2606,13 +2606,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2643,7 +2643,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2667,7 +2667,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2694,7 +2694,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2721,7 +2721,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2748,7 +2748,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2819,7 +2819,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2846,7 +2846,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2870,7 +2870,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2901,7 +2901,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2932,7 +2932,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2956,7 +2956,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2987,7 +2987,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3018,7 +3018,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3052,7 +3052,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3076,7 +3076,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3107,7 +3107,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3131,13 +3131,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3171,7 +3171,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3204,23 +3204,12 @@ } ], "adds": [ - { - "position": "starting", - "by-id": "ia-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "Required" - } - ] - }, { "position": "ending", "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3247,7 +3236,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3274,13 +3263,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3297,19 +3286,19 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "EXAMINE", "class": "fedramp" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "INTERVIEW", "class": "fedramp" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "TEST", "class": "fedramp" } @@ -3336,7 +3325,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3360,7 +3349,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3384,7 +3373,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3411,7 +3400,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3430,23 +3419,12 @@ } ], "adds": [ - { - "position": "starting", - "by-id": "ia-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "Required" - } - ] - }, { "position": "ending", "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3470,7 +3448,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3497,13 +3475,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3537,13 +3515,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3574,7 +3552,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3598,7 +3576,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3622,7 +3600,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3646,7 +3624,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3673,7 +3651,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3697,7 +3675,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3724,7 +3702,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3748,7 +3726,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3772,7 +3750,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3803,7 +3781,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3830,13 +3808,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3867,7 +3845,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3894,13 +3872,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3931,7 +3909,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3958,13 +3936,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3998,13 +3976,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4038,13 +4016,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4075,7 +4053,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4102,13 +4080,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4142,13 +4120,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4182,13 +4160,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4222,13 +4200,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4262,13 +4240,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4302,13 +4280,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4342,13 +4320,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4406,13 +4384,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4446,13 +4424,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4483,7 +4461,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4510,7 +4488,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4534,7 +4512,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4558,7 +4536,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4585,7 +4563,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4609,7 +4587,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4633,7 +4611,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4657,7 +4635,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4681,7 +4659,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "FED", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4708,7 +4686,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4732,7 +4710,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4756,7 +4734,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4780,7 +4758,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4804,7 +4782,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4835,7 +4813,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4859,7 +4837,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4883,7 +4861,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4918,7 +4896,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4945,7 +4923,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4969,7 +4947,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4996,7 +4974,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5023,7 +5001,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5050,7 +5028,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5077,7 +5055,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5101,7 +5079,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5125,7 +5103,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5149,7 +5127,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5173,7 +5151,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5197,7 +5175,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5221,7 +5199,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5245,7 +5223,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5272,7 +5250,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5299,7 +5277,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5323,7 +5301,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5350,13 +5328,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5390,7 +5368,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5417,7 +5395,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5444,7 +5422,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5471,7 +5449,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5498,13 +5476,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5535,7 +5513,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5566,7 +5544,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5590,7 +5568,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5614,7 +5592,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5641,7 +5619,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5668,7 +5646,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5692,7 +5670,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5716,7 +5694,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5743,7 +5721,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5770,7 +5748,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5797,7 +5775,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5821,7 +5799,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5845,7 +5823,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5876,7 +5854,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5900,7 +5878,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5924,7 +5902,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5948,7 +5926,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5972,7 +5950,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5996,7 +5974,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -6020,7 +5998,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -6044,7 +6022,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -6068,7 +6046,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -6092,7 +6070,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -6116,7 +6094,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -6154,7 +6132,7 @@ }, { "uuid": "051a77c1-b61d-4995-8275-dacfe688d510", - "title": "NIST Special Publication (SP) 800-53", + "title": "NIST Special Publication (SP) 800-53 revision 5", "props": [ { "name": "version", @@ -6163,7 +6141,7 @@ ], "rlinks": [ { - "href": "https://raw.githubusercontent.com/usnistgov/oscal-content/v1.2.0/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json", + "href": "NIST_SP-800-53_rev5_catalog.json", "media-type": "application/oscal+json" } ] diff --git a/dist/content/rev5/baselines/json/FedRAMP_rev5_LI-SaaS-baseline_profile.json b/dist/content/rev5/baselines/json/FedRAMP_rev5_LI-SaaS-baseline_profile.json index 290b64a5c..1ece069b6 100644 --- a/dist/content/rev5/baselines/json/FedRAMP_rev5_LI-SaaS-baseline_profile.json +++ b/dist/content/rev5/baselines/json/FedRAMP_rev5_LI-SaaS-baseline_profile.json @@ -1,11 +1,11 @@ { "profile": { - "uuid": "ece2fd2d-87f7-476a-a295-6e1ec8153771", + "uuid": "dca43377-cc54-408c-8902-1c971fde0aec", "metadata": { "title": "FedRAMP Rev 5 Tailored Low Impact Software as a Service (LI-SaaS) Baseline", "published": "2023-08-31T00:00:00Z", - "last-modified": "2024-01-11T23:40:17Z", - "version": "5.1.1+fedramp-20240111-0", + "last-modified": "2023-12-18T15:22:59Z", + "version": "5.1.1+20231218-1", "oscal-version": "1.1.1", "roles": [ { @@ -1531,7 +1531,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1590,7 +1590,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1607,19 +1607,19 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "EXAMINE", "class": "fedramp" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "INTERVIEW", "class": "fedramp" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "TEST", "class": "fedramp" } @@ -1632,7 +1632,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "EXAMINE" } ], @@ -1649,7 +1649,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "INTERVIEW" } ], @@ -1666,7 +1666,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "TEST" } ], @@ -1700,7 +1700,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1727,13 +1727,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1764,7 +1764,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "FED", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1795,7 +1795,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "FED", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1829,7 +1829,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1853,7 +1853,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1884,7 +1884,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1915,7 +1915,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1942,7 +1942,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1966,7 +1966,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -1990,7 +1990,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2014,7 +2014,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2038,7 +2038,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2062,7 +2062,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2086,7 +2086,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2110,7 +2110,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2137,7 +2137,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2161,7 +2161,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2195,7 +2195,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2222,7 +2222,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2246,7 +2246,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2270,7 +2270,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2294,7 +2294,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2325,7 +2325,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2349,7 +2349,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2376,7 +2376,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2400,7 +2400,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2427,13 +2427,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2464,7 +2464,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2498,7 +2498,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2525,7 +2525,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2552,7 +2552,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2579,7 +2579,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2606,13 +2606,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2643,7 +2643,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2667,7 +2667,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2694,7 +2694,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2721,7 +2721,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2748,7 +2748,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2819,7 +2819,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2846,7 +2846,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2870,7 +2870,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2901,7 +2901,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2932,7 +2932,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2956,7 +2956,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -2987,7 +2987,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3018,7 +3018,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3052,7 +3052,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3076,7 +3076,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3107,7 +3107,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3131,13 +3131,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3171,7 +3171,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3204,23 +3204,12 @@ } ], "adds": [ - { - "position": "starting", - "by-id": "ia-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "Required" - } - ] - }, { "position": "ending", "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3247,7 +3236,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3274,13 +3263,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3297,19 +3286,19 @@ }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "EXAMINE", "class": "fedramp" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "INTERVIEW", "class": "fedramp" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "TEST", "class": "fedramp" } @@ -3336,7 +3325,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3360,7 +3349,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3384,7 +3373,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3411,7 +3400,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3430,23 +3419,12 @@ } ], "adds": [ - { - "position": "starting", - "by-id": "ia-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "Required" - } - ] - }, { "position": "ending", "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3470,7 +3448,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3497,13 +3475,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3537,13 +3515,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3574,7 +3552,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3598,7 +3576,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3622,7 +3600,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3646,7 +3624,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3673,7 +3651,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3697,7 +3675,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3724,7 +3702,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3748,7 +3726,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3772,7 +3750,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3803,7 +3781,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3830,13 +3808,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3867,7 +3845,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3894,13 +3872,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3931,7 +3909,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3958,13 +3936,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -3998,13 +3976,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4038,13 +4016,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4075,7 +4053,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4102,13 +4080,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4142,13 +4120,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4182,13 +4160,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4222,13 +4200,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4262,13 +4240,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4302,13 +4280,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4342,13 +4320,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4406,13 +4384,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4446,13 +4424,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4483,7 +4461,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4510,7 +4488,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4534,7 +4512,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4558,7 +4536,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4585,7 +4563,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4609,7 +4587,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4633,7 +4611,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4657,7 +4635,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4681,7 +4659,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "FED", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4708,7 +4686,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4732,7 +4710,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4756,7 +4734,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4780,7 +4758,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4804,7 +4782,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4835,7 +4813,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4859,7 +4837,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4883,7 +4861,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4918,7 +4896,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4945,7 +4923,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4969,7 +4947,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -4996,7 +4974,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5023,7 +5001,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5050,7 +5028,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5077,7 +5055,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5101,7 +5079,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5125,7 +5103,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5149,7 +5127,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5173,7 +5151,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5197,7 +5175,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5221,7 +5199,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5245,7 +5223,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5272,7 +5250,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5299,7 +5277,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5323,7 +5301,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5350,13 +5328,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5390,7 +5368,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5417,7 +5395,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5444,7 +5422,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5471,7 +5449,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5498,13 +5476,13 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" }, { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "CONDITIONAL", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5535,7 +5513,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "NSO", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5566,7 +5544,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5590,7 +5568,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5614,7 +5592,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5641,7 +5619,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5668,7 +5646,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5692,7 +5670,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5716,7 +5694,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5743,7 +5721,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5770,7 +5748,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5797,7 +5775,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ASSESS", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5821,7 +5799,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5845,7 +5823,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5876,7 +5854,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5900,7 +5878,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5924,7 +5902,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5948,7 +5926,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5972,7 +5950,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -5996,7 +5974,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -6020,7 +5998,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -6044,7 +6022,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -6068,7 +6046,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -6092,7 +6070,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -6116,7 +6094,7 @@ "props": [ { "name": "method", - "ns": "https://fedramp.gov/ns/oscal", + "ns": "http://csrc.nist.gov/ns/rmf", "value": "ATTEST", "class": "FedRAMP-Tailored-LI-SaaS" } @@ -6154,7 +6132,7 @@ }, { "uuid": "051a77c1-b61d-4995-8275-dacfe688d510", - "title": "NIST Special Publication (SP) 800-53", + "title": "NIST Special Publication (SP) 800-53 revision 5", "props": [ { "name": "version", @@ -6163,7 +6141,7 @@ ], "rlinks": [ { - "href": "https://raw.githubusercontent.com/usnistgov/oscal-content/v1.2.0/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json", + "href": "NIST_SP-800-53_rev5_catalog.json", "media-type": "application/oscal+json" } ] diff --git a/dist/content/rev5/baselines/json/FedRAMP_rev5_LOW-baseline-resolved-profile_catalog-min.json b/dist/content/rev5/baselines/json/FedRAMP_rev5_LOW-baseline-resolved-profile_catalog-min.json index a2421c274..c2aba2eef 100644 --- a/dist/content/rev5/baselines/json/FedRAMP_rev5_LOW-baseline-resolved-profile_catalog-min.json +++ b/dist/content/rev5/baselines/json/FedRAMP_rev5_LOW-baseline-resolved-profile_catalog-min.json @@ -1,11 +1,11 @@ { "catalog": { - "uuid": "1f4d8bf8-6a31-43d3-9493-851a2c35493c", + "uuid": "f297751f-5150-42ad-bbb9-670c1bf8aa85", "metadata": { "title": "FedRAMP Rev 5 Low Baseline", "published": "2023-08-31T00:00:00Z", - "last-modified": "2024-01-19T14:50:48.695772-05:00", - "version": "5.1.1+fedramp-20240111-0", + "last-modified": "2024-02-06T11:18:37.934997-05:00", + "version": "5.1.1+20231218-1", "oscal-version": "1.1.1", "links": [ { @@ -205,6 +205,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-01", + "class": "zero-padded" + }, { "name": "label", "value": "AC-1" @@ -284,12 +289,6 @@ "id": "ac-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -349,11 +348,6 @@ "id": "ac-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -365,12 +359,6 @@ "id": "ac-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -435,23 +423,6 @@ "id": "ac-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[01]", @@ -470,23 +441,6 @@ "id": "ac-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[02]", @@ -505,17 +459,6 @@ "id": "ac-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[03]", @@ -534,17 +477,6 @@ "id": "ac-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[04]", @@ -574,17 +506,6 @@ "id": "ac-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.01(a)", @@ -730,17 +651,6 @@ "id": "ac-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.01(b)", @@ -775,23 +685,6 @@ "id": "ac-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01b.", @@ -821,23 +714,6 @@ "id": "ac-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01c.01", @@ -893,23 +769,6 @@ "id": "ac-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01c.02", @@ -1141,9 +1000,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02", + "class": "zero-padded" }, { "name": "label", @@ -1299,11 +1158,6 @@ "id": "ac-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -1315,11 +1169,6 @@ "id": "ac-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -1331,11 +1180,6 @@ "id": "ac-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -1347,11 +1191,6 @@ "id": "ac-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -1398,11 +1237,6 @@ "id": "ac-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -1414,11 +1248,6 @@ "id": "ac-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -1430,11 +1259,6 @@ "id": "ac-2_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -1446,11 +1270,6 @@ "id": "ac-2_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -1497,11 +1316,6 @@ "id": "ac-2_smt.i", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "i." @@ -1548,11 +1362,6 @@ "id": "ac-2_smt.j", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "j." @@ -1564,11 +1373,6 @@ "id": "ac-2_smt.k", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "k." @@ -1580,11 +1384,6 @@ "id": "ac-2_smt.l", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "l." @@ -1625,17 +1424,6 @@ "id": "ac-2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-02a.[01]", @@ -1654,17 +1442,6 @@ "id": "ac-2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-02a.[02]", @@ -1691,23 +1468,6 @@ "id": "ac-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02b.", @@ -1726,23 +1486,6 @@ "id": "ac-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02c.", @@ -1761,17 +1504,6 @@ "id": "ac-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-02d.", @@ -1882,23 +1614,6 @@ "id": "ac-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02e.", @@ -1917,23 +1632,6 @@ "id": "ac-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02f.", @@ -2043,23 +1741,6 @@ "id": "ac-2_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02g.", @@ -2078,23 +1759,6 @@ "id": "ac-2_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02h.", @@ -2179,23 +1843,6 @@ "id": "ac-2_obj.i.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02i.01", @@ -2214,23 +1861,6 @@ "id": "ac-2_obj.i.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02i.02", @@ -2249,23 +1879,6 @@ "id": "ac-2_obj.i.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02i.03", @@ -2292,23 +1905,6 @@ "id": "ac-2_obj.j", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02j.", @@ -2338,23 +1934,6 @@ "id": "ac-2_obj.k-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02k.[01]", @@ -2373,23 +1952,6 @@ "id": "ac-2_obj.k-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02k.[02]", @@ -2416,23 +1978,6 @@ "id": "ac-2_obj.l", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02l.", @@ -2566,9 +2111,9 @@ "title": "Access Enforcement", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-03", + "class": "zero-padded" }, { "name": "label", @@ -2803,13 +2348,6 @@ { "id": "ac-3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies." }, { @@ -2821,23 +2359,6 @@ "id": "ac-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-03", @@ -2985,6 +2506,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-07", + "class": "zero-padded" + }, { "name": "label", "value": "AC-7" @@ -3043,11 +2569,6 @@ "id": "ac-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -3059,11 +2580,6 @@ "id": "ac-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -3111,23 +2627,6 @@ "id": "ac-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-07a.", @@ -3146,23 +2645,6 @@ "id": "ac-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-07b.", @@ -3288,6 +2770,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-08", + "class": "zero-padded" + }, { "name": "label", "value": "AC-8" @@ -3335,11 +2822,6 @@ "id": "ac-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -3397,11 +2879,6 @@ "id": "ac-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -3413,11 +2890,6 @@ "id": "ac-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -3533,23 +3005,6 @@ "id": "ac-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.", @@ -3562,17 +3017,6 @@ "id": "ac-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.01", @@ -3591,17 +3035,6 @@ "id": "ac-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.02", @@ -3620,17 +3053,6 @@ "id": "ac-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.03", @@ -3649,17 +3071,6 @@ "id": "ac-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.04", @@ -3686,23 +3097,6 @@ "id": "ac-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-08b.", @@ -3721,17 +3115,6 @@ "id": "ac-8_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08c.", @@ -3893,6 +3276,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-14", + "class": "zero-padded" + }, { "name": "label", "value": "AC-14" @@ -3935,11 +3323,6 @@ "id": "ac-14_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -3951,11 +3334,6 @@ "id": "ac-14_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -3985,23 +3363,6 @@ "id": "ac-14_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-14a.", @@ -4020,17 +3381,6 @@ "id": "ac-14_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-14b.", @@ -4141,6 +3491,11 @@ "class": "SP800-53", "title": "Remote Access", "props": [ + { + "name": "label", + "value": "AC-17", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17" @@ -4271,11 +3626,6 @@ "id": "ac-17_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -4287,11 +3637,6 @@ "id": "ac-17_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -4321,23 +3666,6 @@ "id": "ac-17_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-17a.", @@ -4411,23 +3739,6 @@ "id": "ac-17_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17b.", @@ -4523,6 +3834,11 @@ "class": "SP800-53", "title": "Wireless Access", "props": [ + { + "name": "label", + "value": "AC-18", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18" @@ -4613,11 +3929,6 @@ "id": "ac-18_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -4629,11 +3940,6 @@ "id": "ac-18_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -4663,23 +3969,6 @@ "id": "ac-18_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-18a.", @@ -4753,23 +4042,6 @@ "id": "ac-18_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18b.", @@ -4865,6 +4137,11 @@ "class": "SP800-53", "title": "Access Control for Mobile Devices", "props": [ + { + "name": "label", + "value": "AC-19", + "class": "zero-padded" + }, { "name": "label", "value": "AC-19" @@ -4991,11 +4268,6 @@ "id": "ac-19_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -5007,11 +4279,6 @@ "id": "ac-19_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -5041,23 +4308,6 @@ "id": "ac-19_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-19a.", @@ -5131,23 +4381,6 @@ "id": "ac-19_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-19b.", @@ -5282,6 +4515,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-20", + "class": "zero-padded" + }, { "name": "label", "value": "AC-20" @@ -5360,11 +4598,6 @@ "id": "ac-20_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -5400,11 +4633,6 @@ "id": "ac-20_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -5452,23 +4680,6 @@ "id": "ac-20_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-20a.", @@ -5524,23 +4735,6 @@ "id": "ac-20_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-20b.", @@ -5652,6 +4846,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-22", + "class": "zero-padded" + }, { "name": "label", "value": "AC-22" @@ -5702,11 +4901,6 @@ "id": "ac-22_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -5718,11 +4912,6 @@ "id": "ac-22_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -5734,11 +4923,6 @@ "id": "ac-22_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -5750,11 +4934,6 @@ "id": "ac-22_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -5784,23 +4963,6 @@ "id": "ac-22_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-22a.", @@ -5819,23 +4981,6 @@ "id": "ac-22_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-22b.", @@ -5854,23 +4999,6 @@ "id": "ac-22_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-22c.", @@ -5889,23 +5017,6 @@ "id": "ac-22_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-22d.", @@ -6140,6 +5251,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-01", + "class": "zero-padded" + }, { "name": "label", "value": "AT-1" @@ -6211,12 +5327,6 @@ "id": "at-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -6276,11 +5386,6 @@ "id": "at-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -6292,12 +5397,6 @@ "id": "at-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -6362,23 +5461,6 @@ "id": "at-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[01]", @@ -6397,23 +5479,6 @@ "id": "at-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[02]", @@ -6432,17 +5497,6 @@ "id": "at-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[03]", @@ -6461,17 +5515,6 @@ "id": "at-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[04]", @@ -6501,17 +5544,6 @@ "id": "at-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.01(a)", @@ -6657,17 +5689,6 @@ "id": "at-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.01(b)", @@ -6702,23 +5723,6 @@ "id": "at-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01b.", @@ -6748,23 +5752,6 @@ "id": "at-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01c.01", @@ -6820,23 +5807,6 @@ "id": "at-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01c.02", @@ -7038,6 +6008,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-02", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2" @@ -7161,11 +6136,6 @@ "id": "at-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -7201,11 +6171,6 @@ "id": "at-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -7217,11 +6182,6 @@ "id": "at-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -7233,11 +6193,6 @@ "id": "at-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -7289,23 +6244,6 @@ "id": "at-2_obj.a.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[01]", @@ -7324,23 +6262,6 @@ "id": "at-2_obj.a.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[02]", @@ -7359,23 +6280,6 @@ "id": "at-2_obj.a.1-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[03]", @@ -7394,23 +6298,6 @@ "id": "at-2_obj.a.1-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[04]", @@ -7437,23 +6324,6 @@ "id": "at-2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.02", @@ -7517,17 +6387,6 @@ "id": "at-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AT-02b.", @@ -7546,23 +6405,6 @@ "id": "at-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02c.", @@ -7618,23 +6460,6 @@ "id": "at-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02d.", @@ -7730,6 +6555,11 @@ "class": "SP800-53-enhancement", "title": "Insider Threat", "props": [ + { + "name": "label", + "value": "AT-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2(2)" @@ -7768,13 +6598,6 @@ { "id": "at-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide literacy training on recognizing and reporting potential indicators of insider threat." }, { @@ -7786,23 +6609,6 @@ "id": "at-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02(02)", @@ -7968,6 +6774,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-03", + "class": "zero-padded" + }, { "name": "label", "value": "AT-3" @@ -8103,11 +6914,6 @@ "id": "at-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -8143,11 +6949,6 @@ "id": "at-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -8159,11 +6960,6 @@ "id": "at-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -8204,23 +7000,6 @@ "id": "at-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-03a.01", @@ -8312,23 +7091,6 @@ "id": "at-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-03a.02", @@ -8392,17 +7154,6 @@ "id": "at-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AT-03b.", @@ -8458,23 +7209,6 @@ "id": "at-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-03c.", @@ -8586,6 +7320,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-04", + "class": "zero-padded" + }, { "name": "label", "value": "AT-4" @@ -8649,11 +7388,6 @@ "id": "at-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -8665,11 +7399,6 @@ "id": "at-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -8699,23 +7428,6 @@ "id": "at-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-04a.", @@ -8771,17 +7483,6 @@ "id": "at-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AT-04b.", @@ -8979,6 +7680,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-01", + "class": "zero-padded" + }, { "name": "label", "value": "AU-1" @@ -9042,12 +7748,6 @@ "id": "au-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -9107,11 +7807,6 @@ "id": "au-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -9123,12 +7818,6 @@ "id": "au-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -9193,23 +7882,6 @@ "id": "au-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[01]", @@ -9228,23 +7900,6 @@ "id": "au-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[02]", @@ -9263,17 +7918,6 @@ "id": "au-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[03]", @@ -9292,17 +7936,6 @@ "id": "au-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[04]", @@ -9332,17 +7965,6 @@ "id": "au-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.01(a)", @@ -9488,17 +8110,6 @@ "id": "au-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.01(b)", @@ -9533,23 +8144,6 @@ "id": "au-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01b.", @@ -9579,23 +8173,6 @@ "id": "au-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01c.01", @@ -9651,23 +8228,6 @@ "id": "au-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01c.02", @@ -9844,9 +8404,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-02", + "class": "zero-padded" }, { "name": "label", @@ -10022,11 +8582,6 @@ "id": "au-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -10038,11 +8593,6 @@ "id": "au-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -10054,11 +8604,6 @@ "id": "au-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -10070,11 +8615,6 @@ "id": "au-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -10086,11 +8626,6 @@ "id": "au-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -10149,23 +8684,6 @@ "id": "au-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02a.", @@ -10184,23 +8702,6 @@ "id": "au-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02b.", @@ -10230,23 +8731,6 @@ "id": "au-2_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02c.[01]", @@ -10265,17 +8749,6 @@ "id": "au-2_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-02c.[02]", @@ -10302,23 +8775,6 @@ "id": "au-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02d.", @@ -10337,17 +8793,6 @@ "id": "au-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-02e.", @@ -10444,9 +8889,9 @@ "title": "Content of Audit Records", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-03", + "class": "zero-padded" }, { "name": "label", @@ -10523,11 +8968,6 @@ "id": "au-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -10539,11 +8979,6 @@ "id": "au-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -10555,11 +8990,6 @@ "id": "au-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -10571,11 +9001,6 @@ "id": "au-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -10587,11 +9012,6 @@ "id": "au-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -10603,11 +9023,6 @@ "id": "au-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -10626,23 +9041,6 @@ "id": "au-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-03", @@ -10851,9 +9249,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-04", + "class": "zero-padded" }, { "name": "label", @@ -10921,13 +9319,6 @@ { "id": "au-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Allocate audit log storage capacity to accommodate {{ insert: param, au-04_odp }}." }, { @@ -10939,23 +9330,6 @@ "id": "au-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-04", @@ -11078,9 +9452,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-05", + "class": "zero-padded" }, { "name": "label", @@ -11148,11 +9522,6 @@ "id": "au-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -11164,11 +9533,6 @@ "id": "au-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -11198,23 +9562,6 @@ "id": "au-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-05a.", @@ -11233,23 +9580,6 @@ "id": "au-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-05b.", @@ -11380,9 +9710,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06", + "class": "zero-padded" }, { "name": "label", @@ -11547,11 +9877,6 @@ "id": "au-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -11563,11 +9888,6 @@ "id": "au-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -11579,11 +9899,6 @@ "id": "au-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -11631,23 +9946,6 @@ "id": "au-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06a.", @@ -11666,23 +9964,6 @@ "id": "au-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06b.", @@ -11701,23 +9982,6 @@ "id": "au-6_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06c.", @@ -11808,9 +10072,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-08", + "class": "zero-padded" }, { "name": "label", @@ -11858,11 +10122,6 @@ "id": "au-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -11874,11 +10133,6 @@ "id": "au-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -11908,23 +10162,6 @@ "id": "au-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-08a.", @@ -11943,23 +10180,6 @@ "id": "au-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-08b.", @@ -12066,6 +10286,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-09", + "class": "zero-padded" + }, { "name": "label", "value": "AU-9" @@ -12164,11 +10389,6 @@ "id": "au-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -12180,11 +10400,6 @@ "id": "au-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -12214,23 +10429,6 @@ "id": "au-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09a.", @@ -12249,23 +10447,6 @@ "id": "au-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09b.", @@ -12378,9 +10559,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-11", + "class": "zero-padded" }, { "name": "label", @@ -12447,13 +10628,6 @@ { "id": "au-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Retain audit records for {{ insert: param, au-11_odp }} to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.", "parts": [ { @@ -12507,23 +10681,6 @@ "id": "au-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-11", @@ -12615,9 +10772,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-12", + "class": "zero-padded" }, { "name": "label", @@ -12725,11 +10882,6 @@ "id": "au-12_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -12741,11 +10893,6 @@ "id": "au-12_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -12757,11 +10904,6 @@ "id": "au-12_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -12791,23 +10933,6 @@ "id": "au-12_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-12a.", @@ -12826,23 +10951,6 @@ "id": "au-12_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-12b.", @@ -12861,17 +10969,6 @@ "id": "au-12_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-12c.", @@ -13069,6 +11166,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-01", + "class": "zero-padded" + }, { "name": "label", "value": "CA-1" @@ -13156,12 +11258,6 @@ "id": "ca-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -13221,11 +11317,6 @@ "id": "ca-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -13237,12 +11328,6 @@ "id": "ca-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -13307,23 +11392,6 @@ "id": "ca-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[01]", @@ -13342,23 +11410,6 @@ "id": "ca-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[02]", @@ -13377,17 +11428,6 @@ "id": "ca-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[03]", @@ -13406,17 +11446,6 @@ "id": "ca-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[04]", @@ -13446,17 +11475,6 @@ "id": "ca-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.01(a)", @@ -13602,17 +11620,6 @@ "id": "ca-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.01(b)", @@ -13647,23 +11654,6 @@ "id": "ca-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01b.", @@ -13693,23 +11683,6 @@ "id": "ca-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01c.01", @@ -13765,23 +11738,6 @@ "id": "ca-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01c.02", @@ -13930,6 +11886,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-02", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2" @@ -14057,11 +12018,6 @@ "id": "ca-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -14073,11 +12029,6 @@ "id": "ca-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -14124,11 +12075,6 @@ "id": "ca-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -14140,11 +12086,6 @@ "id": "ca-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -14156,11 +12097,6 @@ "id": "ca-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -14172,11 +12108,6 @@ "id": "ca-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -14224,17 +12155,6 @@ "id": "ca-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-02a.", @@ -14264,23 +12184,6 @@ "id": "ca-2_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02b.01", @@ -14299,23 +12202,6 @@ "id": "ca-2_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02b.02", @@ -14334,23 +12220,6 @@ "id": "ca-2_obj.b.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02b.03", @@ -14432,23 +12301,6 @@ "id": "ca-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02c.", @@ -14467,23 +12319,6 @@ "id": "ca-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02d.", @@ -14539,17 +12374,6 @@ "id": "ca-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-02e.", @@ -14568,17 +12392,6 @@ "id": "ca-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-02f.", @@ -14674,6 +12487,11 @@ "class": "SP800-53-enhancement", "title": "Independent Assessors", "props": [ + { + "name": "label", + "value": "CA-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2(1)" @@ -14708,13 +12526,6 @@ { "id": "ca-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ independent assessors or assessment teams to conduct control assessments." }, { @@ -14726,23 +12537,6 @@ "id": "ca-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02(01)", @@ -14850,6 +12644,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-03", + "class": "zero-padded" + }, { "name": "label", "value": "CA-3" @@ -14945,11 +12744,6 @@ "id": "ca-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -14961,11 +12755,6 @@ "id": "ca-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -14977,11 +12766,6 @@ "id": "ca-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -15011,23 +12795,6 @@ "id": "ca-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-03a.", @@ -15046,17 +12813,6 @@ "id": "ca-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-03b.", @@ -15184,23 +12940,6 @@ "id": "ca-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-03c.", @@ -15290,6 +13029,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-05", + "class": "zero-padded" + }, { "name": "label", "value": "CA-5" @@ -15361,11 +13105,6 @@ "id": "ca-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -15377,11 +13116,6 @@ "id": "ca-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -15440,23 +13174,6 @@ "id": "ca-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-05a.", @@ -15475,23 +13192,6 @@ "id": "ca-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-05b.", @@ -15603,6 +13303,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-06", + "class": "zero-padded" + }, { "name": "label", "value": "CA-6" @@ -15682,11 +13387,6 @@ "id": "ca-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -15698,11 +13398,6 @@ "id": "ca-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -15714,11 +13409,6 @@ "id": "ca-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -15754,11 +13444,6 @@ "id": "ca-6_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -15770,11 +13455,6 @@ "id": "ca-6_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -15822,23 +13502,6 @@ "id": "ca-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06a.", @@ -15857,23 +13520,6 @@ "id": "ca-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06b.", @@ -15903,23 +13549,6 @@ "id": "ca-6_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06c.01", @@ -15938,23 +13567,6 @@ "id": "ca-6_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06c.02", @@ -15981,23 +13593,6 @@ "id": "ca-6_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06d.", @@ -16016,17 +13611,6 @@ "id": "ca-6_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-06e.", @@ -16200,6 +13784,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-07", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7" @@ -16472,11 +14061,6 @@ "id": "ca-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -16488,11 +14072,6 @@ "id": "ca-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -16504,11 +14083,6 @@ "id": "ca-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -16520,11 +14094,6 @@ "id": "ca-7_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -16536,11 +14105,6 @@ "id": "ca-7_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -16552,11 +14116,6 @@ "id": "ca-7_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -16568,11 +14127,6 @@ "id": "ca-7_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -16642,23 +14196,6 @@ "id": "ca-7_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07[01]", @@ -16677,23 +14214,6 @@ "id": "ca-7_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07[02]", @@ -16712,23 +14232,6 @@ "id": "ca-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07a.", @@ -16747,23 +14250,6 @@ "id": "ca-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07b.", @@ -16819,23 +14305,6 @@ "id": "ca-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07c.", @@ -16854,23 +14323,6 @@ "id": "ca-7_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07d.", @@ -16889,23 +14341,6 @@ "id": "ca-7_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07e.", @@ -16924,23 +14359,6 @@ "id": "ca-7_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07f.", @@ -16959,23 +14377,6 @@ "id": "ca-7_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07g.", @@ -17108,6 +14509,11 @@ "class": "SP800-53-enhancement", "title": "Risk Monitoring", "props": [ + { + "name": "label", + "value": "CA-07(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7(4)" @@ -17153,11 +14559,6 @@ "id": "ca-7.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -17169,11 +14570,6 @@ "id": "ca-7.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -17185,11 +14581,6 @@ "id": "ca-7.4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -17208,23 +14599,6 @@ "id": "ca-7.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)", @@ -17237,23 +14611,6 @@ "id": "ca-7.4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)(a)", @@ -17272,23 +14629,6 @@ "id": "ca-7.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)(b)", @@ -17307,23 +14647,6 @@ "id": "ca-7.4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)(c)", @@ -17446,6 +14769,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-08", + "class": "zero-padded" + }, { "name": "label", "value": "CA-8" @@ -17496,13 +14824,6 @@ { "id": "ca-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Conduct penetration testing {{ insert: param, ca-08_odp.01 }} on {{ insert: param, ca-08_odp.02 }}.", "parts": [ { @@ -17534,23 +14855,6 @@ "id": "ca-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-08", @@ -17667,6 +14971,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-09", + "class": "zero-padded" + }, { "name": "label", "value": "CA-9" @@ -17742,11 +15051,6 @@ "id": "ca-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -17758,11 +15062,6 @@ "id": "ca-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -17774,11 +15073,6 @@ "id": "ca-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -17790,11 +15084,6 @@ "id": "ca-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -17824,23 +15113,6 @@ "id": "ca-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-09a.", @@ -17859,17 +15131,6 @@ "id": "ca-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-09b.", @@ -17961,23 +15222,6 @@ "id": "ca-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-09c.", @@ -17996,23 +15240,6 @@ "id": "ca-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-09d.", @@ -18210,6 +15437,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-01", + "class": "zero-padded" + }, { "name": "label", "value": "CM-1" @@ -18281,12 +15513,6 @@ "id": "cm-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -18346,11 +15572,6 @@ "id": "cm-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -18362,12 +15583,6 @@ "id": "cm-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -18432,23 +15647,6 @@ "id": "cm-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[01]", @@ -18467,23 +15665,6 @@ "id": "cm-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[02]", @@ -18502,17 +15683,6 @@ "id": "cm-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[03]", @@ -18531,17 +15701,6 @@ "id": "cm-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[04]", @@ -18571,17 +15730,6 @@ "id": "cm-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.01(a)", @@ -18727,17 +15875,6 @@ "id": "cm-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.01(b)", @@ -18772,23 +15909,6 @@ "id": "cm-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01b.", @@ -18818,23 +15938,6 @@ "id": "cm-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01c.01", @@ -18890,23 +15993,6 @@ "id": "cm-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01c.02", @@ -19055,6 +16141,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2" @@ -19174,11 +16265,6 @@ "id": "cm-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -19190,11 +16276,6 @@ "id": "cm-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -19277,17 +16358,6 @@ "id": "cm-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-02a.", @@ -19354,23 +16424,6 @@ "id": "cm-2_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02b.01", @@ -19389,23 +16442,6 @@ "id": "cm-2_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02b.02", @@ -19424,23 +16460,6 @@ "id": "cm-2_obj.b.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02b.03", @@ -19544,6 +16563,11 @@ "class": "SP800-53", "title": "Impact Analyses", "props": [ + { + "name": "label", + "value": "CM-04", + "class": "zero-padded" + }, { "name": "label", "value": "CM-4" @@ -19626,13 +16650,6 @@ { "id": "cm-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Analyze changes to the system to determine potential security and privacy impacts prior to change implementation." }, { @@ -19644,23 +16661,6 @@ "id": "cm-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04", @@ -19786,9 +16786,9 @@ "title": "Access Restrictions for Change", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-05", + "class": "zero-padded" }, { "name": "label", @@ -19863,13 +16863,6 @@ { "id": "cm-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system." }, { @@ -19881,23 +16874,6 @@ "id": "cm-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-05", @@ -20124,9 +17100,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-06", + "class": "zero-padded" }, { "name": "label", @@ -20299,11 +17275,6 @@ "id": "cm-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -20315,11 +17286,6 @@ "id": "cm-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -20331,11 +17297,6 @@ "id": "cm-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -20347,11 +17308,6 @@ "id": "cm-6_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -20395,7 +17351,7 @@ "value": "Guidance:" } ], - "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP's Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." + "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP\u2019s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." } ] } @@ -20421,17 +17377,6 @@ "id": "cm-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-06a.", @@ -20450,23 +17395,6 @@ "id": "cm-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06b.", @@ -20485,23 +17413,6 @@ "id": "cm-6_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06c.", @@ -20557,23 +17468,6 @@ "id": "cm-6_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06d.", @@ -20767,9 +17661,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-07", + "class": "zero-padded" }, { "name": "label", @@ -20894,11 +17788,6 @@ "id": "cm-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -20910,11 +17799,6 @@ "id": "cm-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -20962,23 +17846,6 @@ "id": "cm-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07a.", @@ -20997,17 +17864,6 @@ "id": "cm-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-07b.", @@ -21220,9 +18076,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-08", + "class": "zero-padded" }, { "name": "label", @@ -21355,11 +18211,6 @@ "id": "cm-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -21428,11 +18279,6 @@ "id": "cm-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -21491,23 +18337,6 @@ "id": "cm-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.01", @@ -21526,23 +18355,6 @@ "id": "cm-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.02", @@ -21561,23 +18373,6 @@ "id": "cm-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.03", @@ -21596,23 +18391,6 @@ "id": "cm-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.04", @@ -21631,23 +18409,6 @@ "id": "cm-8_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.05", @@ -21674,23 +18435,6 @@ "id": "cm-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08b.", @@ -21786,6 +18530,11 @@ "class": "SP800-53", "title": "Software Usage Restrictions", "props": [ + { + "name": "label", + "value": "CM-10", + "class": "zero-padded" + }, { "name": "label", "value": "CM-10" @@ -21840,11 +18589,6 @@ "id": "cm-10_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -21856,11 +18600,6 @@ "id": "cm-10_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -21872,11 +18611,6 @@ "id": "cm-10_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -21906,23 +18640,6 @@ "id": "cm-10_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-10a.", @@ -21941,23 +18658,6 @@ "id": "cm-10_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-10b.", @@ -21976,23 +18676,6 @@ "id": "cm-10_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-10c.", @@ -22122,6 +18805,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-11", + "class": "zero-padded" + }, { "name": "label", "value": "CM-11" @@ -22196,11 +18884,6 @@ "id": "cm-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -22212,11 +18895,6 @@ "id": "cm-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -22228,11 +18906,6 @@ "id": "cm-11_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -22262,23 +18935,6 @@ "id": "cm-11_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-11a.", @@ -22297,23 +18953,6 @@ "id": "cm-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-11b.", @@ -22332,17 +18971,6 @@ "id": "cm-11_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-11c.", @@ -22540,6 +19168,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-01", + "class": "zero-padded" + }, { "name": "label", "value": "CP-1" @@ -22611,12 +19244,6 @@ "id": "cp-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -22676,11 +19303,6 @@ "id": "cp-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -22692,12 +19314,6 @@ "id": "cp-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -22762,23 +19378,6 @@ "id": "cp-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[01]", @@ -22797,23 +19396,6 @@ "id": "cp-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[02]", @@ -22832,17 +19414,6 @@ "id": "cp-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[03]", @@ -22861,17 +19432,6 @@ "id": "cp-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[04]", @@ -22901,17 +19461,6 @@ "id": "cp-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.01(a)", @@ -23057,17 +19606,6 @@ "id": "cp-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.01(b)", @@ -23102,23 +19640,6 @@ "id": "cp-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01b.", @@ -23148,23 +19669,6 @@ "id": "cp-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01c.01", @@ -23220,23 +19724,6 @@ "id": "cp-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01c.02", @@ -23437,6 +19924,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-02", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2" @@ -23575,11 +20067,6 @@ "id": "cp-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -23670,11 +20157,6 @@ "id": "cp-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -23686,11 +20168,6 @@ "id": "cp-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -23702,11 +20179,6 @@ "id": "cp-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -23718,11 +20190,6 @@ "id": "cp-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -23734,11 +20201,6 @@ "id": "cp-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -23750,11 +20212,6 @@ "id": "cp-2_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -23766,11 +20223,6 @@ "id": "cp-2_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -23840,17 +20292,6 @@ "id": "cp-2_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.01", @@ -23869,17 +20310,6 @@ "id": "cp-2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.02", @@ -23953,17 +20383,6 @@ "id": "cp-2_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.03", @@ -24037,17 +20456,6 @@ "id": "cp-2_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.04", @@ -24066,17 +20474,6 @@ "id": "cp-2_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.05", @@ -24095,17 +20492,6 @@ "id": "cp-2_obj.a.6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.06", @@ -24124,17 +20510,6 @@ "id": "cp-2_obj.a.7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.07", @@ -24209,23 +20584,6 @@ "id": "cp-2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02b.[01]", @@ -24244,23 +20602,6 @@ "id": "cp-2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02b.[02]", @@ -24287,23 +20628,6 @@ "id": "cp-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02c.", @@ -24322,23 +20646,6 @@ "id": "cp-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02d.", @@ -24368,23 +20675,6 @@ "id": "cp-2_obj.e-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02e.[01]", @@ -24403,23 +20693,6 @@ "id": "cp-2_obj.e-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02e.[02]", @@ -24446,23 +20719,6 @@ "id": "cp-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02f.", @@ -24518,23 +20774,6 @@ "id": "cp-2_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02g.", @@ -24590,29 +20829,6 @@ "id": "cp-2_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-02h.", @@ -24798,6 +21014,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-03", + "class": "zero-padded" + }, { "name": "label", "value": "CP-3" @@ -24873,11 +21094,6 @@ "id": "cp-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -24924,11 +21140,6 @@ "id": "cp-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -24987,23 +21198,6 @@ "id": "cp-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-03a.01", @@ -25022,23 +21216,6 @@ "id": "cp-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03a.02", @@ -25057,23 +21234,6 @@ "id": "cp-3_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03a.03", @@ -25111,23 +21271,6 @@ "id": "cp-3_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03b.[01]", @@ -25146,23 +21289,6 @@ "id": "cp-3_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03b.[02]", @@ -25310,9 +21436,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CP-04", + "class": "zero-padded" }, { "name": "label", @@ -25405,11 +21531,6 @@ "id": "cp-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -25421,11 +21542,6 @@ "id": "cp-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -25437,11 +21553,6 @@ "id": "cp-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -25511,29 +21622,6 @@ "id": "cp-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04a.[01]", @@ -25552,29 +21640,6 @@ "id": "cp-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04a.[02]", @@ -25593,29 +21658,6 @@ "id": "cp-4_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04a.[03]", @@ -25642,23 +21684,6 @@ "id": "cp-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04b.", @@ -25677,23 +21702,6 @@ "id": "cp-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04c.", @@ -25842,6 +21850,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9" @@ -25932,11 +21945,6 @@ "id": "cp-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -25948,11 +21956,6 @@ "id": "cp-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -25964,11 +21967,6 @@ "id": "cp-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -25980,11 +21978,6 @@ "id": "cp-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -26065,29 +22058,6 @@ "id": "cp-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09a.", @@ -26106,29 +22076,6 @@ "id": "cp-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09b.", @@ -26147,29 +22094,6 @@ "id": "cp-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09c.", @@ -26188,23 +22112,6 @@ "id": "cp-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09d.", @@ -26379,6 +22286,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-10", + "class": "zero-padded" + }, { "name": "label", "value": "CP-10" @@ -26444,13 +22356,6 @@ { "id": "cp-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide for the recovery and reconstitution of the system to a known state within {{ insert: param, cp-10_prm_1 }} after a disruption, compromise, or failure." }, { @@ -26462,29 +22367,6 @@ "id": "cp-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-10", @@ -26711,6 +22593,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-01", + "class": "zero-padded" + }, { "name": "label", "value": "IA-1" @@ -26806,12 +22693,6 @@ "id": "ia-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -26871,11 +22752,6 @@ "id": "ia-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -26887,12 +22763,6 @@ "id": "ia-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -26957,23 +22827,6 @@ "id": "ia-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[01]", @@ -26992,23 +22845,6 @@ "id": "ia-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[02]", @@ -27027,17 +22863,6 @@ "id": "ia-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[03]", @@ -27056,17 +22881,6 @@ "id": "ia-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[04]", @@ -27096,17 +22910,6 @@ "id": "ia-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.01(a)", @@ -27252,17 +23055,6 @@ "id": "ia-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.01(b)", @@ -27297,23 +23089,6 @@ "id": "ia-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01b.", @@ -27343,23 +23118,6 @@ "id": "ia-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01c.01", @@ -27415,23 +23173,6 @@ "id": "ia-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01c.02", @@ -27551,9 +23292,9 @@ "title": "Identification and Authentication (Organizational Users)", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02", + "class": "zero-padded" }, { "name": "label", @@ -27725,13 +23466,6 @@ { "id": "ia-2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.", "parts": [ { @@ -27807,29 +23541,6 @@ "id": "ia-2_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02[01]", @@ -27848,29 +23559,6 @@ "id": "ia-2_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02[02]", @@ -27967,9 +23655,9 @@ "title": "Multi-factor Authentication to Privileged Accounts", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(01)", + "class": "zero-padded" }, { "name": "label", @@ -28008,13 +23696,6 @@ { "id": "ia-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement multi-factor authentication for access to privileged accounts.", "parts": [ { @@ -28068,17 +23749,6 @@ "id": "ia-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(01)", @@ -28167,9 +23837,9 @@ "title": "Multi-factor Authentication to Non-privileged Accounts", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(02)", + "class": "zero-padded" }, { "name": "label", @@ -28204,13 +23874,6 @@ { "id": "ia-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement multi-factor authentication for access to non-privileged accounts.", "parts": [ { @@ -28264,17 +23927,6 @@ "id": "ia-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(02)", @@ -28375,9 +24027,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(08)", + "class": "zero-padded" }, { "name": "label", @@ -28408,13 +24060,6 @@ { "id": "ia-2.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement replay-resistant authentication mechanisms for access to {{ insert: param, ia-02.08_odp }}." }, { @@ -28426,23 +24071,6 @@ "id": "ia-2.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(08)", @@ -28531,9 +24159,9 @@ "title": "Acceptance of PIV Credentials", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(12)", + "class": "zero-padded" }, { "name": "label", @@ -28564,13 +24192,6 @@ { "id": "ia-2.12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Accept and electronically verify Personal Identity Verification-compliant credentials.", "parts": [ { @@ -28602,23 +24223,6 @@ "id": "ia-2.12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(12)", @@ -28739,9 +24343,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-04", + "class": "zero-padded" }, { "name": "label", @@ -28862,11 +24466,6 @@ "id": "ia-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -28878,11 +24477,6 @@ "id": "ia-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -28894,11 +24488,6 @@ "id": "ia-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -28910,11 +24499,6 @@ "id": "ia-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -28944,23 +24528,6 @@ "id": "ia-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04a.", @@ -28979,23 +24546,6 @@ "id": "ia-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04b.", @@ -29014,23 +24564,6 @@ "id": "ia-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04c.", @@ -29049,23 +24582,6 @@ "id": "ia-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04d.", @@ -29182,9 +24698,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-05", + "class": "zero-padded" }, { "name": "label", @@ -29326,11 +24842,6 @@ "id": "ia-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -29342,11 +24853,6 @@ "id": "ia-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -29358,11 +24864,6 @@ "id": "ia-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -29374,11 +24875,6 @@ "id": "ia-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -29390,11 +24886,6 @@ "id": "ia-5_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -29406,11 +24897,6 @@ "id": "ia-5_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -29422,11 +24908,6 @@ "id": "ia-5_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -29438,11 +24919,6 @@ "id": "ia-5_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -29454,11 +24930,6 @@ "id": "ia-5_smt.i", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "i." @@ -29517,23 +24988,6 @@ "id": "ia-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05a.", @@ -29552,23 +25006,6 @@ "id": "ia-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05b.", @@ -29587,23 +25024,6 @@ "id": "ia-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05c.", @@ -29622,23 +25042,6 @@ "id": "ia-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05d.", @@ -29657,23 +25060,6 @@ "id": "ia-5_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05e.", @@ -29692,23 +25078,6 @@ "id": "ia-5_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05f.", @@ -29727,23 +25096,6 @@ "id": "ia-5_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05g.", @@ -29773,23 +25125,6 @@ "id": "ia-5_obj.h-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05h.[01]", @@ -29808,23 +25143,6 @@ "id": "ia-5_obj.h-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05h.[02]", @@ -29851,23 +25169,6 @@ "id": "ia-5_obj.i", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05i.", @@ -29983,6 +25284,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(1)" @@ -30027,11 +25333,6 @@ "id": "ia-5.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -30043,11 +25344,6 @@ "id": "ia-5.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -30059,11 +25355,6 @@ "id": "ia-5.1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -30075,11 +25366,6 @@ "id": "ia-5.1_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -30091,11 +25377,6 @@ "id": "ia-5.1_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(e)" @@ -30107,11 +25388,6 @@ "id": "ia-5.1_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(f)" @@ -30123,11 +25399,6 @@ "id": "ia-5.1_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(g)" @@ -30139,11 +25410,6 @@ "id": "ia-5.1_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(h)" @@ -30176,7 +25442,7 @@ "value": "(h) Requirement:" } ], - "prose": "For cases where technology doesn't allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." + "prose": "For cases where technology doesn\u2019t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." }, { "id": "ia-5.1_fr_gdn.1", @@ -30213,23 +25479,6 @@ "id": "ia-5.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(a)", @@ -30248,23 +25497,6 @@ "id": "ia-5.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(b)", @@ -30283,17 +25515,6 @@ "id": "ia-5.1_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(c)", @@ -30312,17 +25533,6 @@ "id": "ia-5.1_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(d)", @@ -30341,17 +25551,6 @@ "id": "ia-5.1_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(e)", @@ -30370,17 +25569,6 @@ "id": "ia-5.1_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(f)", @@ -30399,17 +25587,6 @@ "id": "ia-5.1_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(g)", @@ -30428,23 +25605,6 @@ "id": "ia-5.1_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(h)", @@ -30542,6 +25702,11 @@ "class": "SP800-53", "title": "Authentication Feedback", "props": [ + { + "name": "label", + "value": "IA-06", + "class": "zero-padded" + }, { "name": "label", "value": "IA-6" @@ -30571,13 +25736,6 @@ { "id": "ia-6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals." }, { @@ -30589,17 +25747,6 @@ "id": "ia-6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-06", @@ -30687,6 +25834,11 @@ "class": "SP800-53", "title": "Cryptographic Module Authentication", "props": [ + { + "name": "label", + "value": "IA-07", + "class": "zero-padded" + }, { "name": "label", "value": "IA-7" @@ -30736,13 +25888,6 @@ { "id": "ia-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication." }, { @@ -30754,29 +25899,6 @@ "id": "ia-7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-07", @@ -30864,6 +25986,11 @@ "class": "SP800-53", "title": "Identification and Authentication (Non-organizational Users)", "props": [ + { + "name": "label", + "value": "IA-08", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8" @@ -30981,13 +26108,6 @@ { "id": "ia-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users." }, { @@ -30999,17 +26119,6 @@ "id": "ia-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08", @@ -31097,6 +26206,11 @@ "class": "SP800-53-enhancement", "title": "Acceptance of PIV Credentials from Other Agencies", "props": [ + { + "name": "label", + "value": "IA-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(1)" @@ -31130,13 +26244,6 @@ { "id": "ia-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Accept and electronically verify Personal Identity Verification-compliant credentials from other federal agencies." }, { @@ -31148,17 +26255,6 @@ "id": "ia-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(01)", @@ -31283,6 +26379,11 @@ "class": "SP800-53-enhancement", "title": "Acceptance of External Authenticators", "props": [ + { + "name": "label", + "value": "IA-08(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(2)" @@ -31317,11 +26418,6 @@ "id": "ia-8.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -31333,11 +26429,6 @@ "id": "ia-8.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -31367,17 +26458,6 @@ "id": "ia-8.2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(02)(a)", @@ -31396,23 +26476,6 @@ "id": "ia-8.2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(02)(b)", @@ -31556,6 +26619,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-08(04)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(4)" @@ -31585,13 +26653,6 @@ { "id": "ia-8.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Conform to the following profiles for identity management {{ insert: param, ia-08.04_odp }}." }, { @@ -31603,29 +26664,6 @@ "id": "ia-8.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(04)", @@ -31726,6 +26764,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-11", + "class": "zero-padded" + }, { "name": "label", "value": "IA-11" @@ -31780,13 +26823,6 @@ { "id": "ia-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require users to re-authenticate when {{ insert: param, ia-11_odp }}.", "parts": [ { @@ -31818,29 +26854,6 @@ "id": "ia-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-11", @@ -32030,6 +27043,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-01", + "class": "zero-padded" + }, { "name": "label", "value": "IR-1" @@ -32109,12 +27127,6 @@ "id": "ir-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -32174,11 +27186,6 @@ "id": "ir-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -32190,12 +27197,6 @@ "id": "ir-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -32260,23 +27261,6 @@ "id": "ir-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[01]", @@ -32295,23 +27279,6 @@ "id": "ir-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[02]", @@ -32330,17 +27297,6 @@ "id": "ir-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[03]", @@ -32359,17 +27315,6 @@ "id": "ir-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[04]", @@ -32399,17 +27344,6 @@ "id": "ir-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.01(a)", @@ -32555,17 +27489,6 @@ "id": "ir-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.01(b)", @@ -32600,23 +27523,6 @@ "id": "ir-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01b.", @@ -32646,23 +27552,6 @@ "id": "ir-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01c.01", @@ -32718,23 +27607,6 @@ "id": "ir-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01c.02", @@ -32906,6 +27778,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-02", + "class": "zero-padded" + }, { "name": "label", "value": "IR-2" @@ -32981,11 +27858,6 @@ "id": "ir-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -33032,11 +27904,6 @@ "id": "ir-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -33077,23 +27944,6 @@ "id": "ir-2_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02a.01", @@ -33112,23 +27962,6 @@ "id": "ir-2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02a.02", @@ -33147,23 +27980,6 @@ "id": "ir-2_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02a.03", @@ -33201,23 +28017,6 @@ "id": "ir-2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02b.[01]", @@ -33236,23 +28035,6 @@ "id": "ir-2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02b.[02]", @@ -33335,9 +28117,9 @@ "title": "Incident Handling", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-04", + "class": "zero-padded" }, { "name": "label", @@ -33493,11 +28275,6 @@ "id": "ir-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -33509,11 +28286,6 @@ "id": "ir-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -33525,11 +28297,6 @@ "id": "ir-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -33541,11 +28308,6 @@ "id": "ir-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -33615,23 +28377,6 @@ "id": "ir-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04a.[01]", @@ -33650,23 +28395,6 @@ "id": "ir-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04a.[02]", @@ -33765,23 +28493,6 @@ "id": "ir-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04b.", @@ -33811,23 +28522,6 @@ "id": "ir-4_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04c.[01]", @@ -33846,23 +28540,6 @@ "id": "ir-4_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04c.[02]", @@ -33889,23 +28566,6 @@ "id": "ir-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04d.", @@ -34074,6 +28734,11 @@ "class": "SP800-53", "title": "Incident Monitoring", "props": [ + { + "name": "label", + "value": "IR-05", + "class": "zero-padded" + }, { "name": "label", "value": "IR-5" @@ -34156,13 +28821,6 @@ { "id": "ir-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Track and document incidents." }, { @@ -34174,23 +28832,6 @@ "id": "ir-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-05", @@ -34340,6 +28981,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-06", + "class": "zero-padded" + }, { "name": "label", "value": "IR-6" @@ -34410,11 +29056,6 @@ "id": "ir-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -34426,11 +29067,6 @@ "id": "ir-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -34478,23 +29114,6 @@ "id": "ir-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-06a.", @@ -34513,23 +29132,6 @@ "id": "ir-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-06b.", @@ -34625,6 +29227,11 @@ "class": "SP800-53", "title": "Incident Response Assistance", "props": [ + { + "name": "label", + "value": "IR-07", + "class": "zero-padded" + }, { "name": "label", "value": "IR-7" @@ -34694,13 +29301,6 @@ { "id": "ir-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide an incident response support resource, integral to the organizational incident response capability, that offers advice and assistance to users of the system for the handling and reporting of incidents." }, { @@ -34723,23 +29323,6 @@ "id": "ir-7_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-07[01]", @@ -34758,23 +29341,6 @@ "id": "ir-7_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-07[02]", @@ -34954,6 +29520,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-08", + "class": "zero-padded" + }, { "name": "label", "value": "IR-8" @@ -35040,11 +29611,6 @@ "id": "ir-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -35168,11 +29734,6 @@ "id": "ir-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -35184,11 +29745,6 @@ "id": "ir-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -35200,11 +29756,6 @@ "id": "ir-8_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -35216,11 +29767,6 @@ "id": "ir-8_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -35290,17 +29836,6 @@ "id": "ir-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.01", @@ -35319,17 +29854,6 @@ "id": "ir-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.02", @@ -35348,17 +29872,6 @@ "id": "ir-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.03", @@ -35377,17 +29890,6 @@ "id": "ir-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.04", @@ -35406,17 +29908,6 @@ "id": "ir-8_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.05", @@ -35435,17 +29926,6 @@ "id": "ir-8_obj.a.6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.06", @@ -35464,17 +29944,6 @@ "id": "ir-8_obj.a.7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.07", @@ -35493,17 +29962,6 @@ "id": "ir-8_obj.a.8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.08", @@ -35522,17 +29980,6 @@ "id": "ir-8_obj.a.9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.09", @@ -35551,17 +29998,6 @@ "id": "ir-8_obj.a.10", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.10", @@ -35588,17 +30024,6 @@ "id": "ir-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-08b.", @@ -35654,23 +30079,6 @@ "id": "ir-8_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-08c.", @@ -35689,23 +30097,6 @@ "id": "ir-8_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-08d.", @@ -35761,17 +30152,6 @@ "id": "ir-8_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-08e.", @@ -36006,6 +30386,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-01", + "class": "zero-padded" + }, { "name": "label", "value": "MA-1" @@ -36073,12 +30458,6 @@ "id": "ma-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -36138,11 +30517,6 @@ "id": "ma-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -36154,12 +30528,6 @@ "id": "ma-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -36224,23 +30592,6 @@ "id": "ma-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[01]", @@ -36259,23 +30610,6 @@ "id": "ma-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[02]", @@ -36294,17 +30628,6 @@ "id": "ma-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[03]", @@ -36323,17 +30646,6 @@ "id": "ma-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[04]", @@ -36363,17 +30675,6 @@ "id": "ma-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.01(a)", @@ -36519,17 +30820,6 @@ "id": "ma-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.01(b)", @@ -36564,23 +30854,6 @@ "id": "ma-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01b.", @@ -36610,23 +30883,6 @@ "id": "ma-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01c.01", @@ -36682,23 +30938,6 @@ "id": "ma-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01c.02", @@ -36846,6 +31085,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-02", + "class": "zero-padded" + }, { "name": "label", "value": "MA-2" @@ -36932,11 +31176,6 @@ "id": "ma-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -36948,11 +31187,6 @@ "id": "ma-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -36964,11 +31198,6 @@ "id": "ma-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -36980,11 +31209,6 @@ "id": "ma-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -36996,11 +31220,6 @@ "id": "ma-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -37012,11 +31231,6 @@ "id": "ma-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -37046,29 +31260,6 @@ "id": "ma-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02a.", @@ -37142,23 +31333,6 @@ "id": "ma-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-02b.", @@ -37214,23 +31388,6 @@ "id": "ma-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-02c.", @@ -37249,23 +31406,6 @@ "id": "ma-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-02d.", @@ -37284,17 +31424,6 @@ "id": "ma-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02e.", @@ -37313,17 +31442,6 @@ "id": "ma-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02f.", @@ -37419,6 +31537,11 @@ "class": "SP800-53", "title": "Nonlocal Maintenance", "props": [ + { + "name": "label", + "value": "MA-04", + "class": "zero-padded" + }, { "name": "label", "value": "MA-4" @@ -37529,11 +31652,6 @@ "id": "ma-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -37545,11 +31663,6 @@ "id": "ma-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -37561,11 +31674,6 @@ "id": "ma-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -37577,11 +31685,6 @@ "id": "ma-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -37593,11 +31696,6 @@ "id": "ma-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -37627,23 +31725,6 @@ "id": "ma-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04a.", @@ -37710,23 +31791,6 @@ "id": "ma-4_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04b.[01]", @@ -37745,17 +31809,6 @@ "id": "ma-4_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-04b.[02]", @@ -37782,29 +31835,6 @@ "id": "ma-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04c.", @@ -37823,17 +31853,6 @@ "id": "ma-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04d.", @@ -37852,17 +31871,6 @@ "id": "ma-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04e.", @@ -37995,6 +32003,11 @@ "class": "SP800-53", "title": "Maintenance Personnel", "props": [ + { + "name": "label", + "value": "MA-05", + "class": "zero-padded" + }, { "name": "label", "value": "MA-5" @@ -38073,11 +32086,6 @@ "id": "ma-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -38089,11 +32097,6 @@ "id": "ma-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -38105,11 +32108,6 @@ "id": "ma-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -38139,17 +32137,6 @@ "id": "ma-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-05a.", @@ -38205,29 +32192,6 @@ "id": "ma-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05b.", @@ -38246,29 +32210,6 @@ "id": "ma-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05c.", @@ -38466,6 +32407,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-01", + "class": "zero-padded" + }, { "name": "label", "value": "MP-1" @@ -38533,12 +32479,6 @@ "id": "mp-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -38598,11 +32538,6 @@ "id": "mp-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -38614,12 +32549,6 @@ "id": "mp-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -38684,23 +32613,6 @@ "id": "mp-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[01]", @@ -38719,23 +32631,6 @@ "id": "mp-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[02]", @@ -38754,17 +32649,6 @@ "id": "mp-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[03]", @@ -38783,17 +32667,6 @@ "id": "mp-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[04]", @@ -38823,17 +32696,6 @@ "id": "mp-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.01(a)", @@ -38979,17 +32841,6 @@ "id": "mp-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.01(b)", @@ -39024,23 +32875,6 @@ "id": "mp-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01b.", @@ -39070,23 +32904,6 @@ "id": "mp-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01c.01", @@ -39142,23 +32959,6 @@ "id": "mp-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01c.02", @@ -39323,6 +33123,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-02", + "class": "zero-padded" + }, { "name": "label", "value": "MP-2" @@ -39416,13 +33221,6 @@ { "id": "mp-2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Restrict access to {{ insert: param, mp-2_prm_1 }} to {{ insert: param, mp-2_prm_2 }}." }, { @@ -39445,29 +33243,6 @@ "id": "mp-2_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-02[01]", @@ -39486,29 +33261,6 @@ "id": "mp-2_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-02[02]", @@ -39673,6 +33425,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-06", + "class": "zero-padded" + }, { "name": "label", "value": "MP-6" @@ -39791,11 +33548,6 @@ "id": "mp-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -39807,11 +33559,6 @@ "id": "mp-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -39841,29 +33588,6 @@ "id": "mp-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-06a.", @@ -39937,29 +33661,6 @@ "id": "mp-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-06b.", @@ -40093,6 +33794,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-07", + "class": "zero-padded" + }, { "name": "label", "value": "MP-7" @@ -40155,11 +33861,6 @@ "id": "mp-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -40171,11 +33872,6 @@ "id": "mp-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -40205,29 +33901,6 @@ "id": "mp-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-07a.", @@ -40246,29 +33919,6 @@ "id": "mp-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-07b.", @@ -40466,6 +34116,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-01", + "class": "zero-padded" + }, { "name": "label", "value": "PE-1" @@ -40533,12 +34188,6 @@ "id": "pe-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -40598,11 +34247,6 @@ "id": "pe-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -40614,12 +34258,6 @@ "id": "pe-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -40684,23 +34322,6 @@ "id": "pe-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[01]", @@ -40719,23 +34340,6 @@ "id": "pe-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[02]", @@ -40754,17 +34358,6 @@ "id": "pe-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[03]", @@ -40783,17 +34376,6 @@ "id": "pe-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[04]", @@ -40823,17 +34405,6 @@ "id": "pe-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.01(a)", @@ -40979,17 +34550,6 @@ "id": "pe-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.01(b)", @@ -41024,23 +34584,6 @@ "id": "pe-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01b.", @@ -41070,23 +34613,6 @@ "id": "pe-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01c.01", @@ -41142,23 +34668,6 @@ "id": "pe-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01c.02", @@ -41293,6 +34802,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-02", + "class": "zero-padded" + }, { "name": "label", "value": "PE-2" @@ -41395,11 +34909,6 @@ "id": "pe-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -41411,11 +34920,6 @@ "id": "pe-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -41427,11 +34931,6 @@ "id": "pe-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -41443,11 +34942,6 @@ "id": "pe-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -41477,23 +34971,6 @@ "id": "pe-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-02a.", @@ -41567,17 +35044,6 @@ "id": "pe-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-02b.", @@ -41596,17 +35062,6 @@ "id": "pe-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-02c.", @@ -41625,17 +35080,6 @@ "id": "pe-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-02d.", @@ -41849,9 +35293,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "PE-03", + "class": "zero-padded" }, { "name": "label", @@ -41995,11 +35439,6 @@ "id": "pe-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -42035,11 +35474,6 @@ "id": "pe-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -42051,11 +35485,6 @@ "id": "pe-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -42067,11 +35496,6 @@ "id": "pe-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -42083,11 +35507,6 @@ "id": "pe-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -42099,11 +35518,6 @@ "id": "pe-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -42115,11 +35529,6 @@ "id": "pe-3_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -42160,17 +35569,6 @@ "id": "pe-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03a.01", @@ -42189,23 +35587,6 @@ "id": "pe-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03a.02", @@ -42232,23 +35613,6 @@ "id": "pe-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-03b.", @@ -42267,17 +35631,6 @@ "id": "pe-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03c.", @@ -42307,17 +35660,6 @@ "id": "pe-3_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03d.[01]", @@ -42336,23 +35678,6 @@ "id": "pe-3_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03d.[02]", @@ -42390,17 +35715,6 @@ "id": "pe-3_obj.e-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03e.[01]", @@ -42419,17 +35733,6 @@ "id": "pe-3_obj.e-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03e.[02]", @@ -42448,17 +35751,6 @@ "id": "pe-3_obj.e-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03e.[03]", @@ -42485,23 +35777,6 @@ "id": "pe-3_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-03f.", @@ -42531,17 +35806,6 @@ "id": "pe-3_obj.g-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03g.[01]", @@ -42560,17 +35824,6 @@ "id": "pe-3_obj.g-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03g.[02]", @@ -42699,6 +35952,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-06", + "class": "zero-padded" + }, { "name": "label", "value": "PE-6" @@ -42766,11 +36024,6 @@ "id": "pe-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -42782,11 +36035,6 @@ "id": "pe-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -42798,11 +36046,6 @@ "id": "pe-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -42832,23 +36075,6 @@ "id": "pe-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06a.", @@ -42878,17 +36104,6 @@ "id": "pe-6_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06b.[01]", @@ -42907,17 +36122,6 @@ "id": "pe-6_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06b.[02]", @@ -42955,23 +36159,6 @@ "id": "pe-6_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-06c.[01]", @@ -42990,23 +36177,6 @@ "id": "pe-6_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-06c.[02]", @@ -43149,6 +36319,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-08", + "class": "zero-padded" + }, { "name": "label", "value": "PE-8" @@ -43196,11 +36371,6 @@ "id": "pe-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -43212,11 +36382,6 @@ "id": "pe-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -43228,11 +36393,6 @@ "id": "pe-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -43262,23 +36422,6 @@ "id": "pe-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-08a.", @@ -43297,17 +36440,6 @@ "id": "pe-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-08b.", @@ -43326,23 +36458,6 @@ "id": "pe-8_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-08c.", @@ -43438,6 +36553,11 @@ "class": "SP800-53", "title": "Emergency Lighting", "props": [ + { + "name": "label", + "value": "PE-12", + "class": "zero-padded" + }, { "name": "label", "value": "PE-12" @@ -43471,13 +36591,6 @@ { "id": "pe-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ and maintain automatic emergency lighting for the system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility." }, { @@ -43500,17 +36613,6 @@ "id": "pe-12_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[01]", @@ -43529,17 +36631,6 @@ "id": "pe-12_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[02]", @@ -43558,17 +36649,6 @@ "id": "pe-12_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[03]", @@ -43587,17 +36667,6 @@ "id": "pe-12_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[04]", @@ -43693,6 +36762,11 @@ "class": "SP800-53", "title": "Fire Protection", "props": [ + { + "name": "label", + "value": "PE-13", + "class": "zero-padded" + }, { "name": "label", "value": "PE-13" @@ -43722,13 +36796,6 @@ { "id": "pe-13_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ and maintain fire detection and suppression systems that are supported by an independent energy source." }, { @@ -43751,23 +36818,6 @@ "id": "pe-13_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[01]", @@ -43786,23 +36836,6 @@ "id": "pe-13_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[02]", @@ -43821,23 +36854,6 @@ "id": "pe-13_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[03]", @@ -43856,23 +36872,6 @@ "id": "pe-13_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[04]", @@ -43891,23 +36890,6 @@ "id": "pe-13_obj-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[05]", @@ -43926,23 +36908,6 @@ "id": "pe-13_obj-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[06]", @@ -44090,6 +37055,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-14", + "class": "zero-padded" + }, { "name": "label", "value": "PE-14" @@ -44128,11 +37098,6 @@ "id": "pe-14_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -44144,11 +37109,6 @@ "id": "pe-14_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -44196,23 +37156,6 @@ "id": "pe-14_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-14a.", @@ -44231,23 +37174,6 @@ "id": "pe-14_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-14b.", @@ -44343,6 +37269,11 @@ "class": "SP800-53", "title": "Water Damage Protection", "props": [ + { + "name": "label", + "value": "PE-15", + "class": "zero-padded" + }, { "name": "label", "value": "PE-15" @@ -44376,13 +37307,6 @@ { "id": "pe-15_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel." }, { @@ -44405,23 +37329,6 @@ "id": "pe-15_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[01]", @@ -44440,23 +37347,6 @@ "id": "pe-15_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[02]", @@ -44475,23 +37365,6 @@ "id": "pe-15_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[03]", @@ -44510,23 +37383,6 @@ "id": "pe-15_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[04]", @@ -44651,6 +37507,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-16", + "class": "zero-padded" + }, { "name": "label", "value": "PE-16" @@ -44721,11 +37582,6 @@ "id": "pe-16_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -44737,11 +37593,6 @@ "id": "pe-16_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -44782,23 +37633,6 @@ "id": "pe-16_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[01]", @@ -44817,23 +37651,6 @@ "id": "pe-16_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[02]", @@ -44852,23 +37669,6 @@ "id": "pe-16_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[03]", @@ -44887,23 +37687,6 @@ "id": "pe-16_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[04]", @@ -44930,23 +37713,6 @@ "id": "pe-16_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-16b.", @@ -45144,6 +37910,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-01", + "class": "zero-padded" + }, { "name": "label", "value": "PL-1" @@ -45215,12 +37986,6 @@ "id": "pl-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -45280,11 +38045,6 @@ "id": "pl-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -45296,12 +38056,6 @@ "id": "pl-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -45366,23 +38120,6 @@ "id": "pl-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[01]", @@ -45401,23 +38138,6 @@ "id": "pl-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[02]", @@ -45436,17 +38156,6 @@ "id": "pl-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[03]", @@ -45465,17 +38174,6 @@ "id": "pl-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[04]", @@ -45505,17 +38203,6 @@ "id": "pl-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.01(a)", @@ -45661,17 +38348,6 @@ "id": "pl-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.01(b)", @@ -45706,23 +38382,6 @@ "id": "pl-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01b.", @@ -45752,23 +38411,6 @@ "id": "pl-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01c.01", @@ -45824,23 +38466,6 @@ "id": "pl-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01c.02", @@ -45993,6 +38618,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-02", + "class": "zero-padded" + }, { "name": "label", "value": "PL-2" @@ -46196,11 +38826,6 @@ "id": "pl-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -46379,11 +39004,6 @@ "id": "pl-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -46395,11 +39015,6 @@ "id": "pl-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -46411,11 +39026,6 @@ "id": "pl-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -46427,11 +39037,6 @@ "id": "pl-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -46483,57 +39088,6 @@ "id": "pl-2_obj.a.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.01[01]", @@ -46552,57 +39106,6 @@ "id": "pl-2_obj.a.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.01[02]", @@ -46750,17 +39253,6 @@ "id": "pl-2_obj.a.4-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.04[01]", @@ -46779,17 +39271,6 @@ "id": "pl-2_obj.a.4-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.04[02]", @@ -46816,17 +39297,6 @@ "id": "pl-2_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.05", @@ -46882,17 +39352,6 @@ "id": "pl-2_obj.a.6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.06", @@ -46948,17 +39407,6 @@ "id": "pl-2_obj.a.7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.07", @@ -47014,17 +39462,6 @@ "id": "pl-2_obj.a.8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.08", @@ -47080,23 +39517,6 @@ "id": "pl-2_obj.a.9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.09", @@ -47163,17 +39583,6 @@ "id": "pl-2_obj.a.10-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.10[01]", @@ -47192,17 +39601,6 @@ "id": "pl-2_obj.a.10-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.10[02]", @@ -47229,17 +39627,6 @@ "id": "pl-2_obj.a.11", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.11", @@ -47306,17 +39693,6 @@ "id": "pl-2_obj.a.12-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.12[01]", @@ -47335,17 +39711,6 @@ "id": "pl-2_obj.a.12-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.12[02]", @@ -47383,23 +39748,6 @@ "id": "pl-2_obj.a.13-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.13[01]", @@ -47418,23 +39766,6 @@ "id": "pl-2_obj.a.13-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.13[02]", @@ -47472,23 +39803,6 @@ "id": "pl-2_obj.a.14-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.14[01]", @@ -47507,23 +39821,6 @@ "id": "pl-2_obj.a.14-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.14[02]", @@ -47561,23 +39858,6 @@ "id": "pl-2_obj.a.15-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.15[01]", @@ -47596,23 +39876,6 @@ "id": "pl-2_obj.a.15-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.15[02]", @@ -47647,23 +39910,6 @@ "id": "pl-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02b.", @@ -47719,23 +39965,6 @@ "id": "pl-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02c.", @@ -47754,23 +39983,6 @@ "id": "pl-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02d.", @@ -47844,23 +40056,6 @@ "id": "pl-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02e.", @@ -48033,6 +40228,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-04", + "class": "zero-padded" + }, { "name": "label", "value": "PL-4" @@ -48152,11 +40352,6 @@ "id": "pl-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -48168,11 +40363,6 @@ "id": "pl-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -48184,11 +40374,6 @@ "id": "pl-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -48200,11 +40385,6 @@ "id": "pl-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -48234,23 +40414,6 @@ "id": "pl-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04a.", @@ -48306,23 +40469,6 @@ "id": "pl-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04b.", @@ -48341,23 +40487,6 @@ "id": "pl-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-04c.", @@ -48376,23 +40505,6 @@ "id": "pl-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-04d.", @@ -48488,6 +40600,11 @@ "class": "SP800-53-enhancement", "title": "Social Media and External Site/Application Usage Restrictions", "props": [ + { + "name": "label", + "value": "PL-04(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PL-4(1)" @@ -48536,11 +40653,6 @@ "id": "pl-4.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -48552,11 +40664,6 @@ "id": "pl-4.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -48568,11 +40675,6 @@ "id": "pl-4.1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -48602,23 +40704,6 @@ "id": "pl-4.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04(01)(a)", @@ -48637,23 +40722,6 @@ "id": "pl-4.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04(01)(b)", @@ -48672,23 +40740,6 @@ "id": "pl-4.1_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04(01)(c)", @@ -48802,6 +40853,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-08", + "class": "zero-padded" + }, { "name": "label", "value": "PL-8" @@ -48901,11 +40957,6 @@ "id": "pl-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -48963,11 +41014,6 @@ "id": "pl-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -48979,11 +41025,6 @@ "id": "pl-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -49042,23 +41083,6 @@ "id": "pl-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.01", @@ -49077,23 +41101,6 @@ "id": "pl-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.02", @@ -49112,17 +41119,6 @@ "id": "pl-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.03", @@ -49178,17 +41174,6 @@ "id": "pl-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.04", @@ -49252,23 +41237,6 @@ "id": "pl-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-08b.", @@ -49298,23 +41266,6 @@ "id": "pl-8_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[01]", @@ -49333,23 +41284,6 @@ "id": "pl-8_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[02]", @@ -49368,23 +41302,6 @@ "id": "pl-8_obj.c-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[03]", @@ -49403,23 +41320,6 @@ "id": "pl-8_obj.c-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[04]", @@ -49438,23 +41338,6 @@ "id": "pl-8_obj.c-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[05]", @@ -49473,23 +41356,6 @@ "id": "pl-8_obj.c-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[06]", @@ -49593,6 +41459,11 @@ "class": "SP800-53", "title": "Baseline Selection", "props": [ + { + "name": "label", + "value": "PL-10", + "class": "zero-padded" + }, { "name": "label", "value": "PL-10" @@ -49678,13 +41549,6 @@ { "id": "pl-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Select a control baseline for the system.", "parts": [ { @@ -49716,17 +41580,6 @@ "id": "pl-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-10", @@ -49792,6 +41645,11 @@ "class": "SP800-53", "title": "Baseline Tailoring", "props": [ + { + "name": "label", + "value": "PL-11", + "class": "zero-padded" + }, { "name": "label", "value": "PL-11" @@ -49877,13 +41735,6 @@ { "id": "pl-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Tailor the selected control baseline by applying specified tailoring actions." }, { @@ -49895,23 +41746,6 @@ "id": "pl-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-11", @@ -50079,6 +41913,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-01", + "class": "zero-padded" + }, { "name": "label", "value": "PS-1" @@ -50142,12 +41981,6 @@ "id": "ps-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -50207,11 +42040,6 @@ "id": "ps-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -50223,12 +42051,6 @@ "id": "ps-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -50293,23 +42115,6 @@ "id": "ps-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[01]", @@ -50328,23 +42133,6 @@ "id": "ps-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[02]", @@ -50363,17 +42151,6 @@ "id": "ps-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[03]", @@ -50392,17 +42169,6 @@ "id": "ps-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[04]", @@ -50432,17 +42198,6 @@ "id": "ps-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.01(a)", @@ -50588,17 +42343,6 @@ "id": "ps-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.01(b)", @@ -50633,23 +42377,6 @@ "id": "ps-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01b.", @@ -50679,23 +42406,6 @@ "id": "ps-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01c.01", @@ -50751,23 +42461,6 @@ "id": "ps-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01c.02", @@ -50902,6 +42595,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-02", + "class": "zero-padded" + }, { "name": "label", "value": "PS-2" @@ -50980,11 +42678,6 @@ "id": "ps-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -50996,11 +42689,6 @@ "id": "ps-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -51012,11 +42700,6 @@ "id": "ps-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -51046,23 +42729,6 @@ "id": "ps-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-02a.", @@ -51081,23 +42747,6 @@ "id": "ps-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-02b.", @@ -51116,23 +42765,6 @@ "id": "ps-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-02c.", @@ -51257,6 +42889,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-03", + "class": "zero-padded" + }, { "name": "label", "value": "PS-3" @@ -51359,11 +42996,6 @@ "id": "ps-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -51375,11 +43007,6 @@ "id": "ps-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -51409,23 +43036,6 @@ "id": "ps-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03a.", @@ -51455,23 +43065,6 @@ "id": "ps-3_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03b.[01]", @@ -51490,23 +43083,6 @@ "id": "ps-3_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03b.[02]", @@ -51635,6 +43211,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-04", + "class": "zero-padded" + }, { "name": "label", "value": "PS-4" @@ -51690,11 +43271,6 @@ "id": "ps-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -51706,11 +43282,6 @@ "id": "ps-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -51722,11 +43293,6 @@ "id": "ps-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -51738,11 +43304,6 @@ "id": "ps-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -51754,11 +43315,6 @@ "id": "ps-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -51788,17 +43344,6 @@ "id": "ps-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04a.", @@ -51817,17 +43362,6 @@ "id": "ps-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04b.", @@ -51846,23 +43380,6 @@ "id": "ps-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04c.", @@ -51881,23 +43398,6 @@ "id": "ps-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-04d.", @@ -51916,23 +43416,6 @@ "id": "ps-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04e.", @@ -52076,6 +43559,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-05", + "class": "zero-padded" + }, { "name": "label", "value": "PS-5" @@ -52130,11 +43618,6 @@ "id": "ps-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -52146,11 +43629,6 @@ "id": "ps-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -52162,11 +43640,6 @@ "id": "ps-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -52178,11 +43651,6 @@ "id": "ps-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -52212,23 +43680,6 @@ "id": "ps-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-05a.", @@ -52247,23 +43698,6 @@ "id": "ps-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-05b.", @@ -52282,17 +43716,6 @@ "id": "ps-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-05c.", @@ -52311,23 +43734,6 @@ "id": "ps-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-05d.", @@ -52453,6 +43859,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-06", + "class": "zero-padded" + }, { "name": "label", "value": "PS-6" @@ -52528,11 +43939,6 @@ "id": "ps-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -52544,11 +43950,6 @@ "id": "ps-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -52560,11 +43961,6 @@ "id": "ps-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -52618,17 +44014,6 @@ "id": "ps-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-06a.", @@ -52647,23 +44032,6 @@ "id": "ps-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-06b.", @@ -52693,23 +44061,6 @@ "id": "ps-6_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-06c.01", @@ -52728,23 +44079,6 @@ "id": "ps-6_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-06c.02", @@ -52878,6 +44212,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-07", + "class": "zero-padded" + }, { "name": "label", "value": "PS-7" @@ -52969,11 +44308,6 @@ "id": "ps-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -52985,11 +44319,6 @@ "id": "ps-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -53001,11 +44330,6 @@ "id": "ps-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -53017,11 +44341,6 @@ "id": "ps-7_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -53033,11 +44352,6 @@ "id": "ps-7_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -53067,23 +44381,6 @@ "id": "ps-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-07a.", @@ -53102,23 +44399,6 @@ "id": "ps-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-07b.", @@ -53137,17 +44417,6 @@ "id": "ps-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-07c.", @@ -53166,23 +44435,6 @@ "id": "ps-7_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-07d.", @@ -53201,23 +44453,6 @@ "id": "ps-7_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-07e.", @@ -53338,6 +44573,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-08", + "class": "zero-padded" + }, { "name": "label", "value": "PS-8" @@ -53384,11 +44624,6 @@ "id": "ps-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -53400,11 +44635,6 @@ "id": "ps-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -53434,23 +44664,6 @@ "id": "ps-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-08a.", @@ -53469,23 +44682,6 @@ "id": "ps-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-08b.", @@ -53581,6 +44777,11 @@ "class": "SP800-53", "title": "Position Descriptions", "props": [ + { + "name": "label", + "value": "PS-09", + "class": "zero-padded" + }, { "name": "label", "value": "PS-9" @@ -53610,13 +44811,6 @@ { "id": "ps-9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Incorporate security and privacy roles and responsibilities into organizational position descriptions." }, { @@ -53628,17 +44822,6 @@ "id": "ps-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-09", @@ -53865,6 +45048,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-01", + "class": "zero-padded" + }, { "name": "label", "value": "RA-1" @@ -53932,12 +45120,6 @@ "id": "ra-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -53997,11 +45179,6 @@ "id": "ra-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -54013,12 +45190,6 @@ "id": "ra-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -54083,23 +45254,6 @@ "id": "ra-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[01]", @@ -54118,23 +45272,6 @@ "id": "ra-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[02]", @@ -54153,17 +45290,6 @@ "id": "ra-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[03]", @@ -54182,17 +45308,6 @@ "id": "ra-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[04]", @@ -54222,17 +45337,6 @@ "id": "ra-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.01(a)", @@ -54378,17 +45482,6 @@ "id": "ra-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.01(b)", @@ -54423,23 +45516,6 @@ "id": "ra-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01b.", @@ -54469,23 +45545,6 @@ "id": "ra-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01c.01", @@ -54541,23 +45600,6 @@ "id": "ra-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01c.02", @@ -54676,6 +45718,11 @@ "class": "SP800-53", "title": "Security Categorization", "props": [ + { + "name": "label", + "value": "RA-02", + "class": "zero-padded" + }, { "name": "label", "value": "RA-2" @@ -54802,11 +45849,6 @@ "id": "ra-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -54818,11 +45860,6 @@ "id": "ra-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -54834,11 +45871,6 @@ "id": "ra-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -54868,17 +45900,6 @@ "id": "ra-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-02a.", @@ -54897,17 +45918,6 @@ "id": "ra-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-02b.", @@ -54926,23 +45936,6 @@ "id": "ra-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-02c.", @@ -55101,6 +46094,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-03", + "class": "zero-padded" + }, { "name": "label", "value": "RA-3" @@ -55268,11 +46266,6 @@ "id": "ra-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -55319,11 +46312,6 @@ "id": "ra-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -55335,11 +46323,6 @@ "id": "ra-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -55351,11 +46334,6 @@ "id": "ra-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -55367,11 +46345,6 @@ "id": "ra-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -55383,11 +46356,6 @@ "id": "ra-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -55457,23 +46425,6 @@ "id": "ra-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03a.01", @@ -55492,23 +46443,6 @@ "id": "ra-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03a.02", @@ -55527,23 +46461,6 @@ "id": "ra-3_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03a.03", @@ -55570,23 +46487,6 @@ "id": "ra-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03b.", @@ -55605,17 +46505,6 @@ "id": "ra-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-03c.", @@ -55634,23 +46523,6 @@ "id": "ra-3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03d.", @@ -55669,23 +46541,6 @@ "id": "ra-3_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03e.", @@ -55704,23 +46559,6 @@ "id": "ra-3_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03f.", @@ -55836,6 +46674,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-03(01)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-3(1)" @@ -55895,11 +46738,6 @@ "id": "ra-3.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -55911,11 +46749,6 @@ "id": "ra-3.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -55945,23 +46778,6 @@ "id": "ra-3.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03(01)(a)", @@ -55980,23 +46796,6 @@ "id": "ra-3.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03(01)(b)", @@ -56147,9 +46946,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "RA-05", + "class": "zero-padded" }, { "name": "label", @@ -56290,11 +47089,6 @@ "id": "ra-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -56306,11 +47100,6 @@ "id": "ra-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -56357,11 +47146,6 @@ "id": "ra-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -56373,11 +47157,6 @@ "id": "ra-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -56389,11 +47168,6 @@ "id": "ra-5_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -56405,11 +47179,6 @@ "id": "ra-5_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -56475,7 +47244,7 @@ "value": "Guidance:" } ], - "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a \\\"warning\\\" as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on \\\"Tracking of Compliance Scans\\\" in FAQs." + "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a \u201cwarning\u201d as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on \u201cTracking of Compliance Scans\u201d in FAQs." } ] } @@ -56501,23 +47270,6 @@ "id": "ra-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05a.", @@ -56573,23 +47325,6 @@ "id": "ra-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.", @@ -56602,23 +47337,6 @@ "id": "ra-5_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.01", @@ -56637,23 +47355,6 @@ "id": "ra-5_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.02", @@ -56672,23 +47373,6 @@ "id": "ra-5_obj.b.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.03", @@ -56715,23 +47399,6 @@ "id": "ra-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05c.", @@ -56750,23 +47417,6 @@ "id": "ra-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05d.", @@ -56785,23 +47435,6 @@ "id": "ra-5_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05e.", @@ -56820,23 +47453,6 @@ "id": "ra-5_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05f.", @@ -56960,9 +47576,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "RA-05(02)", + "class": "zero-padded" }, { "name": "label", @@ -57002,13 +47618,6 @@ { "id": "ra-5.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Update the system vulnerabilities to be scanned {{ insert: param, ra-05.02_odp.01 }}." }, { @@ -57020,23 +47629,6 @@ "id": "ra-5.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(02)", @@ -57124,6 +47716,11 @@ "class": "SP800-53-enhancement", "title": "Public Disclosure Program", "props": [ + { + "name": "label", + "value": "RA-05(11)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5(11)" @@ -57158,13 +47755,6 @@ { "id": "ra-5.11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish a public reporting channel for receiving reports of vulnerabilities in organizational systems and system components." }, { @@ -57176,23 +47766,6 @@ "id": "ra-5.11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(11)", @@ -57282,6 +47855,11 @@ "class": "SP800-53", "title": "Risk Response", "props": [ + { + "name": "label", + "value": "RA-07", + "class": "zero-padded" + }, { "name": "label", "value": "RA-7" @@ -57364,13 +47942,6 @@ { "id": "ra-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Respond to findings from security and privacy assessments, monitoring, and audits in accordance with organizational risk tolerance." }, { @@ -57382,23 +47953,6 @@ "id": "ra-7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-07", @@ -57661,6 +48215,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-01", + "class": "zero-padded" + }, { "name": "label", "value": "SA-1" @@ -57736,12 +48295,6 @@ "id": "sa-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -57801,11 +48354,6 @@ "id": "sa-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -57817,12 +48365,6 @@ "id": "sa-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -57887,23 +48429,6 @@ "id": "sa-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[01]", @@ -57922,23 +48447,6 @@ "id": "sa-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[02]", @@ -57957,17 +48465,6 @@ "id": "sa-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[03]", @@ -57986,17 +48483,6 @@ "id": "sa-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[04]", @@ -58026,17 +48512,6 @@ "id": "sa-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.01(a)", @@ -58182,17 +48657,6 @@ "id": "sa-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.01(b)", @@ -58227,23 +48691,6 @@ "id": "sa-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01b.", @@ -58273,23 +48720,6 @@ "id": "sa-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01c.01", @@ -58345,23 +48775,6 @@ "id": "sa-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01c.02", @@ -58480,6 +48893,11 @@ "class": "SP800-53", "title": "Allocation of Resources", "props": [ + { + "name": "label", + "value": "SA-02", + "class": "zero-padded" + }, { "name": "label", "value": "SA-2" @@ -58551,11 +48969,6 @@ "id": "sa-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -58567,11 +48980,6 @@ "id": "sa-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -58583,11 +48991,6 @@ "id": "sa-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -58628,23 +49031,6 @@ "id": "sa-2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02a.[01]", @@ -58663,23 +49049,6 @@ "id": "sa-2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02a.[02]", @@ -58717,23 +49086,6 @@ "id": "sa-2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02b.[01]", @@ -58752,23 +49104,6 @@ "id": "sa-2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02b.[02]", @@ -58806,23 +49141,6 @@ "id": "sa-2_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02c.[01]", @@ -58841,23 +49159,6 @@ "id": "sa-2_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02c.[02]", @@ -58972,6 +49273,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-03", + "class": "zero-padded" + }, { "name": "label", "value": "SA-3" @@ -59087,11 +49393,6 @@ "id": "sa-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -59103,11 +49404,6 @@ "id": "sa-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -59119,11 +49415,6 @@ "id": "sa-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -59135,11 +49426,6 @@ "id": "sa-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -59180,23 +49466,6 @@ "id": "sa-3_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03a.[01]", @@ -59215,23 +49484,6 @@ "id": "sa-3_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03a.[02]", @@ -59269,23 +49521,6 @@ "id": "sa-3_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03b.[01]", @@ -59304,23 +49539,6 @@ "id": "sa-3_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03b.[02]", @@ -59358,23 +49576,6 @@ "id": "sa-3_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03c.[01]", @@ -59393,23 +49594,6 @@ "id": "sa-3_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03c.[02]", @@ -59447,23 +49631,6 @@ "id": "sa-3_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03d.[01]", @@ -59482,23 +49649,6 @@ "id": "sa-3_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03d.[02]", @@ -59623,6 +49773,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-04", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4" @@ -59799,11 +49954,6 @@ "id": "sa-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -59815,11 +49965,6 @@ "id": "sa-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -59831,11 +49976,6 @@ "id": "sa-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -59847,11 +49987,6 @@ "id": "sa-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -59863,11 +49998,6 @@ "id": "sa-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -59879,11 +50009,6 @@ "id": "sa-4_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -59895,11 +50020,6 @@ "id": "sa-4_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -59911,11 +50031,6 @@ "id": "sa-4_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -59927,11 +50042,6 @@ "id": "sa-4_smt.i", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "i." @@ -60001,57 +50111,6 @@ "id": "sa-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04a.[01]", @@ -60070,57 +50129,6 @@ "id": "sa-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04a.[02]", @@ -60147,23 +50155,6 @@ "id": "sa-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04b.", @@ -60292,23 +50283,6 @@ "id": "sa-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04e.", @@ -60364,23 +50338,6 @@ "id": "sa-4_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04f.", @@ -60436,23 +50393,6 @@ "id": "sa-4_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04g.", @@ -60471,23 +50411,6 @@ "id": "sa-4_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04h.", @@ -60561,23 +50484,6 @@ "id": "sa-4_obj.i", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04i.", @@ -60673,6 +50579,11 @@ "class": "SP800-53-enhancement", "title": "Use of Approved PIV Products", "props": [ + { + "name": "label", + "value": "SA-04(10)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(10)" @@ -60719,13 +50630,6 @@ { "id": "sa-4.10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ only information technology products on the FIPS 201-approved products list for Personal Identity Verification (PIV) capability implemented within organizational systems." }, { @@ -60737,23 +50641,6 @@ "id": "sa-4.10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(10)", @@ -60868,6 +50755,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-05", + "class": "zero-padded" + }, { "name": "label", "value": "SA-5" @@ -60983,11 +50875,6 @@ "id": "sa-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -61034,11 +50921,6 @@ "id": "sa-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -61085,11 +50967,6 @@ "id": "sa-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -61101,11 +50978,6 @@ "id": "sa-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -61146,23 +51018,6 @@ "id": "sa-5_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.01", @@ -61247,23 +51102,6 @@ "id": "sa-5_obj.a.2-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[01]", @@ -61282,23 +51120,6 @@ "id": "sa-5_obj.a.2-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[02]", @@ -61317,23 +51138,6 @@ "id": "sa-5_obj.a.2-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[03]", @@ -61352,23 +51156,6 @@ "id": "sa-5_obj.a.2-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[04]", @@ -61395,23 +51182,6 @@ "id": "sa-5_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.03", @@ -61497,23 +51267,6 @@ "id": "sa-5_obj.b.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[01]", @@ -61532,23 +51285,6 @@ "id": "sa-5_obj.b.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[02]", @@ -61567,23 +51303,6 @@ "id": "sa-5_obj.b.1-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[03]", @@ -61602,23 +51321,6 @@ "id": "sa-5_obj.b.1-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[04]", @@ -61656,23 +51358,6 @@ "id": "sa-5_obj.b.2-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.02[01]", @@ -61691,23 +51376,6 @@ "id": "sa-5_obj.b.2-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.02[02]", @@ -61745,23 +51413,6 @@ "id": "sa-5_obj.b.3-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.03[01]", @@ -61780,23 +51431,6 @@ "id": "sa-5_obj.b.3-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.03[02]", @@ -61842,23 +51476,6 @@ "id": "sa-5_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-05c.[01]", @@ -61877,23 +51494,6 @@ "id": "sa-5_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-05c.[02]", @@ -61920,23 +51520,6 @@ "id": "sa-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-05d.", @@ -62056,6 +51639,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-08", + "class": "zero-padded" + }, { "name": "label", "value": "SA-8" @@ -62198,13 +51786,6 @@ { "id": "sa-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Apply the following systems security and privacy engineering principles in the specification, design, development, implementation, and modification of the system and system components: {{ insert: param, sa-8_prm_1 }}." }, { @@ -62227,23 +51808,6 @@ "id": "sa-8_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[01]", @@ -62262,23 +51826,6 @@ "id": "sa-8_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[02]", @@ -62297,23 +51844,6 @@ "id": "sa-8_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[03]", @@ -62332,23 +51862,6 @@ "id": "sa-8_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[04]", @@ -62367,23 +51880,6 @@ "id": "sa-8_obj-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[05]", @@ -62402,23 +51898,6 @@ "id": "sa-8_obj-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[06]", @@ -62437,23 +51916,6 @@ "id": "sa-8_obj-7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[07]", @@ -62472,23 +51934,6 @@ "id": "sa-8_obj-8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[08]", @@ -62507,23 +51952,6 @@ "id": "sa-8_obj-9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[09]", @@ -62542,23 +51970,6 @@ "id": "sa-8_obj-10", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[10]", @@ -62685,9 +52096,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SA-09", + "class": "zero-padded" }, { "name": "label", @@ -62792,11 +52203,6 @@ "id": "sa-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -62808,11 +52214,6 @@ "id": "sa-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -62824,11 +52225,6 @@ "id": "sa-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -62869,23 +52265,6 @@ "id": "sa-9_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09a.[01]", @@ -62904,23 +52283,6 @@ "id": "sa-9_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09a.[02]", @@ -62939,17 +52301,6 @@ "id": "sa-9_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-09a.[03]", @@ -62987,17 +52338,6 @@ "id": "sa-9_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-09b.[01]", @@ -63016,17 +52356,6 @@ "id": "sa-9_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-09b.[02]", @@ -63053,23 +52382,6 @@ "id": "sa-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-09c.", @@ -63186,6 +52498,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-22", + "class": "zero-padded" + }, { "name": "label", "value": "SA-22" @@ -63229,11 +52546,6 @@ "id": "sa-22_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -63245,11 +52557,6 @@ "id": "sa-22_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -63279,23 +52586,6 @@ "id": "sa-22_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-22a.", @@ -63314,23 +52604,6 @@ "id": "sa-22_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-22b.", @@ -63528,6 +52801,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-01", + "class": "zero-padded" + }, { "name": "label", "value": "SC-1" @@ -63591,12 +52869,6 @@ "id": "sc-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -63656,11 +52928,6 @@ "id": "sc-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -63672,12 +52939,6 @@ "id": "sc-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -63742,23 +53003,6 @@ "id": "sc-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[01]", @@ -63777,23 +53021,6 @@ "id": "sc-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[02]", @@ -63812,17 +53039,6 @@ "id": "sc-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[03]", @@ -63841,17 +53057,6 @@ "id": "sc-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[04]", @@ -63881,17 +53086,6 @@ "id": "sc-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.01(a)", @@ -64037,17 +53231,6 @@ "id": "sc-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.01(b)", @@ -64082,23 +53265,6 @@ "id": "sc-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01b.", @@ -64128,23 +53294,6 @@ "id": "sc-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01c.01", @@ -64200,23 +53349,6 @@ "id": "sc-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01c.02", @@ -64374,6 +53506,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-05", + "class": "zero-padded" + }, { "name": "label", "value": "SC-5" @@ -64428,11 +53565,6 @@ "id": "sc-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -64444,11 +53576,6 @@ "id": "sc-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -64478,23 +53605,6 @@ "id": "sc-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-05a.", @@ -64513,17 +53623,6 @@ "id": "sc-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-05b.", @@ -64631,9 +53730,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07", + "class": "zero-padded" }, { "name": "label", @@ -64789,11 +53888,6 @@ "id": "sc-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -64805,11 +53899,6 @@ "id": "sc-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -64821,11 +53910,6 @@ "id": "sc-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -64884,23 +53968,6 @@ "id": "sc-7_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[01]", @@ -64919,23 +53986,6 @@ "id": "sc-7_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[02]", @@ -64954,23 +54004,6 @@ "id": "sc-7_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[03]", @@ -64989,23 +54022,6 @@ "id": "sc-7_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[04]", @@ -65032,29 +54048,6 @@ "id": "sc-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07b.", @@ -65073,29 +54066,6 @@ "id": "sc-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07c.", @@ -65204,9 +54174,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-08", + "class": "zero-padded" }, { "name": "label", @@ -65325,13 +54295,6 @@ { "id": "sc-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the {{ insert: param, sc-08_odp }} of transmitted information.", "parts": [ { @@ -65348,7 +54311,7 @@ "value": "Guidance:" } ], - "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n \n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work - e.g. log collection, scanning, etc.\n\n\n \n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters \n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information] " + "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n \n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work \u2013 e.g. log collection, scanning, etc.\n\n\n \n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters \n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information] " }, { "id": "sc-8_fr_gdn.2", @@ -65359,7 +54322,7 @@ "value": "Guidance:" } ], - "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n \n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n \n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS's Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS' recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n \n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n \n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n \n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf " + "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n \n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n \n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS\u2019s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS\u2019 recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n \n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n \n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n \n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf " } ] } @@ -65374,29 +54337,6 @@ "id": "sc-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-08", @@ -65496,6 +54436,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-8(1)" @@ -65533,13 +54478,6 @@ { "id": "sc-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to {{ insert: param, sc-08.01_odp }} during transmission.", "parts": [ { @@ -65604,29 +54542,6 @@ "id": "sc-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-08(01)", @@ -65733,9 +54648,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-12", + "class": "zero-padded" }, { "name": "label", @@ -65850,10 +54765,6 @@ "href": "#sc-11", "rel": "related" }, - { - "href": "#sc-12", - "rel": "related" - }, { "href": "#sc-13", "rel": "related" @@ -65887,13 +54798,6 @@ { "id": "sc-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: {{ insert: param, sc-12_odp }}.", "parts": [ { @@ -65947,29 +54851,6 @@ "id": "sc-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-12", @@ -66120,9 +55001,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-13", + "class": "zero-padded" }, { "name": "label", @@ -66274,11 +55155,6 @@ "id": "sc-13_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -66290,11 +55166,6 @@ "id": "sc-13_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -66386,23 +55257,6 @@ "id": "sc-13_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-13a.", @@ -66421,29 +55275,6 @@ "id": "sc-13_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-13b.", @@ -66555,6 +55386,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-15", + "class": "zero-padded" + }, { "name": "label", "value": "SC-15" @@ -66593,11 +55429,6 @@ "id": "sc-15_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -66609,11 +55440,6 @@ "id": "sc-15_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -66661,23 +55487,6 @@ "id": "sc-15_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-15a.", @@ -66696,29 +55505,6 @@ "id": "sc-15_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-15b.", @@ -66814,6 +55600,11 @@ "class": "SP800-53", "title": "Secure Name/Address Resolution Service (Authoritative Source)", "props": [ + { + "name": "label", + "value": "SC-20", + "class": "zero-padded" + }, { "name": "label", "value": "SC-20" @@ -66880,11 +55671,6 @@ "id": "sc-20_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -66896,11 +55682,6 @@ "id": "sc-20_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -66981,29 +55762,6 @@ "id": "sc-20_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-20a.", @@ -67070,29 +55828,6 @@ "id": "sc-20_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-20b.[01]", @@ -67111,29 +55846,6 @@ "id": "sc-20_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-20b.[02]", @@ -67238,9 +55950,9 @@ "title": "Secure Name/Address Resolution Service (Recursive or Caching Resolver)", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-21", + "class": "zero-padded" }, { "name": "label", @@ -67279,13 +55991,6 @@ { "id": "sc-21_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Request and perform data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources.", "parts": [ { @@ -67350,29 +56055,6 @@ "id": "sc-21_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-21", @@ -67533,6 +56215,11 @@ "class": "SP800-53", "title": "Architecture and Provisioning for Name/Address Resolution Service", "props": [ + { + "name": "label", + "value": "SC-22", + "class": "zero-padded" + }, { "name": "label", "value": "SC-22" @@ -67578,13 +56265,6 @@ { "id": "sc-22_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Ensure the systems that collectively provide name/address resolution service for an organization are fault-tolerant and implement internal and external role separation." }, { @@ -67596,29 +56276,6 @@ "id": "sc-22_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-22", @@ -67783,9 +56440,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-28", + "class": "zero-padded" }, { "name": "label", @@ -67924,13 +56581,6 @@ { "id": "sc-28_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the {{ insert: param, sc-28_odp.01 }} of the following information at rest: {{ insert: param, sc-28_odp.02 }}.", "parts": [ { @@ -67984,29 +56634,6 @@ "id": "sc-28_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-28", @@ -68119,6 +56746,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-28(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-28(1)" @@ -68160,13 +56792,6 @@ { "id": "sc-28.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of the following information at rest on {{ insert: param, sc-28.01_odp.02 }}: {{ insert: param, sc-28.01_odp.01 }}.", "parts": [ { @@ -68198,29 +56823,6 @@ "id": "sc-28.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-28(01)", @@ -68347,6 +56949,11 @@ "class": "SP800-53", "title": "Process Isolation", "props": [ + { + "name": "label", + "value": "SC-39", + "class": "zero-padded" + }, { "name": "label", "value": "SC-39" @@ -68413,13 +57020,6 @@ { "id": "sc-39_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain a separate execution domain for each executing system process." }, { @@ -68431,29 +57031,6 @@ "id": "sc-39_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-39", @@ -68643,6 +57220,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-01", + "class": "zero-padded" + }, { "name": "label", "value": "SI-1" @@ -68706,12 +57288,6 @@ "id": "si-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -68771,11 +57347,6 @@ "id": "si-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -68787,12 +57358,6 @@ "id": "si-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -68857,23 +57422,6 @@ "id": "si-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[01]", @@ -68892,23 +57440,6 @@ "id": "si-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[02]", @@ -68927,17 +57458,6 @@ "id": "si-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[03]", @@ -68956,17 +57476,6 @@ "id": "si-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[04]", @@ -68996,17 +57505,6 @@ "id": "si-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.01(a)", @@ -69152,17 +57650,6 @@ "id": "si-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.01(b)", @@ -69197,23 +57684,6 @@ "id": "si-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01b.", @@ -69243,23 +57713,6 @@ "id": "si-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01c.01", @@ -69315,23 +57768,6 @@ "id": "si-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01c.02", @@ -69466,6 +57902,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-02", + "class": "zero-padded" + }, { "name": "label", "value": "SI-2" @@ -69584,11 +58025,6 @@ "id": "si-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -69600,11 +58036,6 @@ "id": "si-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -69616,11 +58047,6 @@ "id": "si-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -69632,11 +58058,6 @@ "id": "si-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -69666,29 +58087,6 @@ "id": "si-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-02a.", @@ -69762,23 +58160,6 @@ "id": "si-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02b.", @@ -69870,23 +58251,6 @@ "id": "si-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02c.", @@ -69942,23 +58306,6 @@ "id": "si-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02d.", @@ -70140,9 +58487,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-03", + "class": "zero-padded" }, { "name": "label", @@ -70267,11 +58614,6 @@ "id": "si-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -70283,11 +58625,6 @@ "id": "si-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -70299,11 +58636,6 @@ "id": "si-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -70339,11 +58671,6 @@ "id": "si-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -70373,23 +58700,6 @@ "id": "si-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-03a.", @@ -70445,23 +58755,6 @@ "id": "si-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-03b.", @@ -70502,23 +58795,6 @@ "id": "si-3_obj.c.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.01[01]", @@ -70537,23 +58813,6 @@ "id": "si-3_obj.c.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.01[02]", @@ -70591,23 +58850,6 @@ "id": "si-3_obj.c.2-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.02[01]", @@ -70626,23 +58868,6 @@ "id": "si-3_obj.c.2-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.02[02]", @@ -70677,23 +58902,6 @@ "id": "si-3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03d.", @@ -70846,6 +59054,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4" @@ -71070,11 +59283,6 @@ "id": "si-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -71110,11 +59318,6 @@ "id": "si-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -71126,11 +59329,6 @@ "id": "si-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -71166,11 +59364,6 @@ "id": "si-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -71182,11 +59375,6 @@ "id": "si-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -71198,11 +59386,6 @@ "id": "si-4_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -71214,11 +59397,6 @@ "id": "si-4_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -71277,29 +59455,6 @@ "id": "si-4_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04a.01", @@ -71318,29 +59473,6 @@ "id": "si-4_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04a.02", @@ -71422,23 +59554,6 @@ "id": "si-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04b.", @@ -71468,29 +59583,6 @@ "id": "si-4_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04c.01", @@ -71509,29 +59601,6 @@ "id": "si-4_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04c.02", @@ -71558,23 +59627,6 @@ "id": "si-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04d.", @@ -71630,23 +59682,6 @@ "id": "si-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04e.", @@ -71665,23 +59700,6 @@ "id": "si-4_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04f.", @@ -71700,29 +59718,6 @@ "id": "si-4_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04g.", @@ -71877,6 +59872,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-05", + "class": "zero-padded" + }, { "name": "label", "value": "SI-5" @@ -71928,11 +59928,6 @@ "id": "si-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -71944,11 +59939,6 @@ "id": "si-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -71960,11 +59950,6 @@ "id": "si-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -71976,11 +59961,6 @@ "id": "si-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -72022,29 +60002,6 @@ "id": "si-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05a.", @@ -72063,23 +60020,6 @@ "id": "si-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05b.", @@ -72098,29 +60038,6 @@ "id": "si-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05c.", @@ -72139,23 +60056,6 @@ "id": "si-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05d.", @@ -72251,6 +60151,11 @@ "class": "SP800-53", "title": "Information Management and Retention", "props": [ + { + "name": "label", + "value": "SI-12", + "class": "zero-padded" + }, { "name": "label", "value": "SI-12" @@ -72408,13 +60313,6 @@ { "id": "si-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Manage and retain information within the system and information output from the system in accordance with applicable laws, executive orders, directives, regulations, policies, standards, guidelines and operational requirements." }, { @@ -72426,23 +60324,6 @@ "id": "si-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-12", @@ -72710,6 +60591,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-01", + "class": "zero-padded" + }, { "name": "label", "value": "SR-1" @@ -72797,12 +60683,6 @@ "id": "sr-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -72862,11 +60742,6 @@ "id": "sr-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -72878,12 +60753,6 @@ "id": "sr-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -72948,23 +60817,6 @@ "id": "sr-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[01]", @@ -72983,23 +60835,6 @@ "id": "sr-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[02]", @@ -73018,17 +60853,6 @@ "id": "sr-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[03]", @@ -73047,17 +60871,6 @@ "id": "sr-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[04]", @@ -73087,17 +60900,6 @@ "id": "sr-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.01(a)", @@ -73243,17 +61045,6 @@ "id": "sr-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.01(b)", @@ -73288,23 +61079,6 @@ "id": "sr-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01b.", @@ -73334,23 +61108,6 @@ "id": "sr-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01c.01", @@ -73406,23 +61163,6 @@ "id": "sr-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01c.02", @@ -73566,6 +61306,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-02", + "class": "zero-padded" + }, { "name": "label", "value": "SR-2" @@ -73697,11 +61442,6 @@ "id": "sr-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -73713,11 +61453,6 @@ "id": "sr-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -73729,11 +61464,6 @@ "id": "sr-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -73774,23 +61504,6 @@ "id": "sr-2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[01]", @@ -73809,17 +61522,6 @@ "id": "sr-2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[02]", @@ -73838,17 +61540,6 @@ "id": "sr-2_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[03]", @@ -73867,17 +61558,6 @@ "id": "sr-2_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[04]", @@ -73896,17 +61576,6 @@ "id": "sr-2_obj.a-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[05]", @@ -73925,17 +61594,6 @@ "id": "sr-2_obj.a-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[06]", @@ -73954,17 +61612,6 @@ "id": "sr-2_obj.a-7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[07]", @@ -73983,17 +61630,6 @@ "id": "sr-2_obj.a-8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[08]", @@ -74012,17 +61648,6 @@ "id": "sr-2_obj.a-9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[09]", @@ -74049,23 +61674,6 @@ "id": "sr-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-02b.", @@ -74084,23 +61692,6 @@ "id": "sr-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-02c.", @@ -74253,6 +61844,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-2(1)" @@ -74287,13 +61883,6 @@ { "id": "sr-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish a supply chain risk management team consisting of {{ insert: param, sr-02.01_odp.01 }} to lead and support the following SCRM activities: {{ insert: param, sr-02.01_odp.02 }}." }, { @@ -74305,23 +61894,6 @@ "id": "sr-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-02(01)", @@ -74438,6 +62010,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-03", + "class": "zero-padded" + }, { "name": "label", "value": "SR-3" @@ -74598,11 +62175,6 @@ "id": "sr-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -74614,11 +62186,6 @@ "id": "sr-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -74630,11 +62197,6 @@ "id": "sr-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -74693,23 +62255,6 @@ "id": "sr-3_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-03a.[01]", @@ -74728,23 +62273,6 @@ "id": "sr-3_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-03a.[02]", @@ -74771,23 +62299,6 @@ "id": "sr-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-03b.", @@ -74806,23 +62317,6 @@ "id": "sr-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-03c.", @@ -74929,6 +62423,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-05", + "class": "zero-padded" + }, { "name": "label", "value": "SR-5" @@ -75047,13 +62546,6 @@ { "id": "sr-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ the following acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks: {{ insert: param, sr-05_odp }}." }, { @@ -75065,29 +62557,6 @@ "id": "sr-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-05", @@ -75256,6 +62725,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-08", + "class": "zero-padded" + }, { "name": "label", "value": "SR-8" @@ -75326,13 +62800,6 @@ { "id": "sr-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the {{ insert: param, sr-08_odp.01 }}.", "parts": [ { @@ -75364,23 +62831,6 @@ "id": "sr-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-08", @@ -75508,6 +62958,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-10", + "class": "zero-padded" + }, { "name": "label", "value": "SR-10" @@ -75578,13 +63033,6 @@ { "id": "sr-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Inspect the following systems or system components {{ insert: param, sr-10_odp.02 }} to detect tampering: {{ insert: param, sr-10_odp.01 }}." }, { @@ -75596,23 +63044,6 @@ "id": "sr-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-10", @@ -75731,6 +63162,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11" @@ -75790,11 +63226,6 @@ "id": "sr-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -75806,11 +63237,6 @@ "id": "sr-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -75869,23 +63295,6 @@ "id": "sr-11_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[01]", @@ -75904,23 +63313,6 @@ "id": "sr-11_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[02]", @@ -75939,23 +63331,6 @@ "id": "sr-11_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[03]", @@ -75974,23 +63349,6 @@ "id": "sr-11_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[04]", @@ -76017,23 +63375,6 @@ "id": "sr-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11b.", @@ -76140,6 +63481,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11(1)" @@ -76178,13 +63524,6 @@ { "id": "sr-11.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Train {{ insert: param, sr-11.01_odp }} to detect counterfeit system components (including hardware, software, and firmware)." }, { @@ -76196,23 +63535,6 @@ "id": "sr-11.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11(01)", @@ -76316,6 +63638,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11(2)" @@ -76366,13 +63693,6 @@ { "id": "sr-11.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain configuration control over the following system components awaiting service or repair and serviced or repaired components awaiting return to service: {{ insert: param, sr-11.02_odp }}." }, { @@ -76384,23 +63704,6 @@ "id": "sr-11.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11(02)", @@ -76547,6 +63850,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-12", + "class": "zero-padded" + }, { "name": "label", "value": "SR-12" @@ -76581,13 +63889,6 @@ { "id": "sr-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Dispose of {{ insert: param, sr-12_odp.01 }} using the following techniques and methods: {{ insert: param, sr-12_odp.02 }}." }, { @@ -76599,23 +63900,6 @@ "id": "sr-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-12", diff --git a/dist/content/rev5/baselines/json/FedRAMP_rev5_LOW-baseline-resolved-profile_catalog.json b/dist/content/rev5/baselines/json/FedRAMP_rev5_LOW-baseline-resolved-profile_catalog.json index de86b9dba..e221fd877 100644 --- a/dist/content/rev5/baselines/json/FedRAMP_rev5_LOW-baseline-resolved-profile_catalog.json +++ b/dist/content/rev5/baselines/json/FedRAMP_rev5_LOW-baseline-resolved-profile_catalog.json @@ -1,11 +1,11 @@ { "catalog": { - "uuid": "1f4d8bf8-6a31-43d3-9493-851a2c35493c", + "uuid": "f297751f-5150-42ad-bbb9-670c1bf8aa85", "metadata": { "title": "FedRAMP Rev 5 Low Baseline", "published": "2023-08-31T00:00:00Z", - "last-modified": "2024-01-19T14:50:48.695772-05:00", - "version": "5.1.1+fedramp-20240111-0", + "last-modified": "2024-02-06T11:18:37.934997-05:00", + "version": "5.1.1+20231218-1", "oscal-version": "1.1.1", "links": [ { @@ -205,6 +205,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-01", + "class": "zero-padded" + }, { "name": "label", "value": "AC-1" @@ -284,12 +289,6 @@ "id": "ac-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -349,11 +348,6 @@ "id": "ac-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -365,12 +359,6 @@ "id": "ac-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -435,23 +423,6 @@ "id": "ac-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[01]", @@ -470,23 +441,6 @@ "id": "ac-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[02]", @@ -505,17 +459,6 @@ "id": "ac-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[03]", @@ -534,17 +477,6 @@ "id": "ac-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[04]", @@ -574,17 +506,6 @@ "id": "ac-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.01(a)", @@ -730,17 +651,6 @@ "id": "ac-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.01(b)", @@ -775,23 +685,6 @@ "id": "ac-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01b.", @@ -821,23 +714,6 @@ "id": "ac-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01c.01", @@ -893,23 +769,6 @@ "id": "ac-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01c.02", @@ -1141,9 +1000,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02", + "class": "zero-padded" }, { "name": "label", @@ -1299,11 +1158,6 @@ "id": "ac-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -1315,11 +1169,6 @@ "id": "ac-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -1331,11 +1180,6 @@ "id": "ac-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -1347,11 +1191,6 @@ "id": "ac-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -1398,11 +1237,6 @@ "id": "ac-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -1414,11 +1248,6 @@ "id": "ac-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -1430,11 +1259,6 @@ "id": "ac-2_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -1446,11 +1270,6 @@ "id": "ac-2_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -1497,11 +1316,6 @@ "id": "ac-2_smt.i", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "i." @@ -1548,11 +1362,6 @@ "id": "ac-2_smt.j", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "j." @@ -1564,11 +1373,6 @@ "id": "ac-2_smt.k", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "k." @@ -1580,11 +1384,6 @@ "id": "ac-2_smt.l", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "l." @@ -1625,17 +1424,6 @@ "id": "ac-2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-02a.[01]", @@ -1654,17 +1442,6 @@ "id": "ac-2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-02a.[02]", @@ -1691,23 +1468,6 @@ "id": "ac-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02b.", @@ -1726,23 +1486,6 @@ "id": "ac-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02c.", @@ -1761,17 +1504,6 @@ "id": "ac-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-02d.", @@ -1882,23 +1614,6 @@ "id": "ac-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02e.", @@ -1917,23 +1632,6 @@ "id": "ac-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02f.", @@ -2043,23 +1741,6 @@ "id": "ac-2_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02g.", @@ -2078,23 +1759,6 @@ "id": "ac-2_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02h.", @@ -2179,23 +1843,6 @@ "id": "ac-2_obj.i.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02i.01", @@ -2214,23 +1861,6 @@ "id": "ac-2_obj.i.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02i.02", @@ -2249,23 +1879,6 @@ "id": "ac-2_obj.i.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02i.03", @@ -2292,23 +1905,6 @@ "id": "ac-2_obj.j", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02j.", @@ -2338,23 +1934,6 @@ "id": "ac-2_obj.k-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02k.[01]", @@ -2373,23 +1952,6 @@ "id": "ac-2_obj.k-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02k.[02]", @@ -2416,23 +1978,6 @@ "id": "ac-2_obj.l", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02l.", @@ -2566,9 +2111,9 @@ "title": "Access Enforcement", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-03", + "class": "zero-padded" }, { "name": "label", @@ -2803,13 +2348,6 @@ { "id": "ac-3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies." }, { @@ -2821,23 +2359,6 @@ "id": "ac-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-03", @@ -2985,6 +2506,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-07", + "class": "zero-padded" + }, { "name": "label", "value": "AC-7" @@ -3043,11 +2569,6 @@ "id": "ac-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -3059,11 +2580,6 @@ "id": "ac-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -3111,23 +2627,6 @@ "id": "ac-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-07a.", @@ -3146,23 +2645,6 @@ "id": "ac-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-07b.", @@ -3288,6 +2770,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-08", + "class": "zero-padded" + }, { "name": "label", "value": "AC-8" @@ -3335,11 +2822,6 @@ "id": "ac-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -3397,11 +2879,6 @@ "id": "ac-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -3413,11 +2890,6 @@ "id": "ac-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -3533,23 +3005,6 @@ "id": "ac-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.", @@ -3562,17 +3017,6 @@ "id": "ac-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.01", @@ -3591,17 +3035,6 @@ "id": "ac-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.02", @@ -3620,17 +3053,6 @@ "id": "ac-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.03", @@ -3649,17 +3071,6 @@ "id": "ac-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.04", @@ -3686,23 +3097,6 @@ "id": "ac-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-08b.", @@ -3721,17 +3115,6 @@ "id": "ac-8_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08c.", @@ -3893,6 +3276,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-14", + "class": "zero-padded" + }, { "name": "label", "value": "AC-14" @@ -3935,11 +3323,6 @@ "id": "ac-14_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -3951,11 +3334,6 @@ "id": "ac-14_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -3985,23 +3363,6 @@ "id": "ac-14_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-14a.", @@ -4020,17 +3381,6 @@ "id": "ac-14_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-14b.", @@ -4141,6 +3491,11 @@ "class": "SP800-53", "title": "Remote Access", "props": [ + { + "name": "label", + "value": "AC-17", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17" @@ -4271,11 +3626,6 @@ "id": "ac-17_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -4287,11 +3637,6 @@ "id": "ac-17_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -4321,23 +3666,6 @@ "id": "ac-17_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-17a.", @@ -4411,23 +3739,6 @@ "id": "ac-17_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17b.", @@ -4523,6 +3834,11 @@ "class": "SP800-53", "title": "Wireless Access", "props": [ + { + "name": "label", + "value": "AC-18", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18" @@ -4613,11 +3929,6 @@ "id": "ac-18_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -4629,11 +3940,6 @@ "id": "ac-18_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -4663,23 +3969,6 @@ "id": "ac-18_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-18a.", @@ -4753,23 +4042,6 @@ "id": "ac-18_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18b.", @@ -4865,6 +4137,11 @@ "class": "SP800-53", "title": "Access Control for Mobile Devices", "props": [ + { + "name": "label", + "value": "AC-19", + "class": "zero-padded" + }, { "name": "label", "value": "AC-19" @@ -4991,11 +4268,6 @@ "id": "ac-19_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -5007,11 +4279,6 @@ "id": "ac-19_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -5041,23 +4308,6 @@ "id": "ac-19_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-19a.", @@ -5131,23 +4381,6 @@ "id": "ac-19_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-19b.", @@ -5282,6 +4515,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-20", + "class": "zero-padded" + }, { "name": "label", "value": "AC-20" @@ -5360,11 +4598,6 @@ "id": "ac-20_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -5400,11 +4633,6 @@ "id": "ac-20_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -5452,23 +4680,6 @@ "id": "ac-20_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-20a.", @@ -5524,23 +4735,6 @@ "id": "ac-20_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-20b.", @@ -5652,6 +4846,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-22", + "class": "zero-padded" + }, { "name": "label", "value": "AC-22" @@ -5702,11 +4901,6 @@ "id": "ac-22_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -5718,11 +4912,6 @@ "id": "ac-22_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -5734,11 +4923,6 @@ "id": "ac-22_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -5750,11 +4934,6 @@ "id": "ac-22_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -5784,23 +4963,6 @@ "id": "ac-22_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-22a.", @@ -5819,23 +4981,6 @@ "id": "ac-22_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-22b.", @@ -5854,23 +4999,6 @@ "id": "ac-22_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-22c.", @@ -5889,23 +5017,6 @@ "id": "ac-22_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-22d.", @@ -6140,6 +5251,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-01", + "class": "zero-padded" + }, { "name": "label", "value": "AT-1" @@ -6211,12 +5327,6 @@ "id": "at-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -6276,11 +5386,6 @@ "id": "at-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -6292,12 +5397,6 @@ "id": "at-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -6362,23 +5461,6 @@ "id": "at-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[01]", @@ -6397,23 +5479,6 @@ "id": "at-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[02]", @@ -6432,17 +5497,6 @@ "id": "at-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[03]", @@ -6461,17 +5515,6 @@ "id": "at-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[04]", @@ -6501,17 +5544,6 @@ "id": "at-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.01(a)", @@ -6657,17 +5689,6 @@ "id": "at-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.01(b)", @@ -6702,23 +5723,6 @@ "id": "at-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01b.", @@ -6748,23 +5752,6 @@ "id": "at-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01c.01", @@ -6820,23 +5807,6 @@ "id": "at-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01c.02", @@ -7038,6 +6008,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-02", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2" @@ -7161,11 +6136,6 @@ "id": "at-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -7201,11 +6171,6 @@ "id": "at-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -7217,11 +6182,6 @@ "id": "at-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -7233,11 +6193,6 @@ "id": "at-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -7289,23 +6244,6 @@ "id": "at-2_obj.a.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[01]", @@ -7324,23 +6262,6 @@ "id": "at-2_obj.a.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[02]", @@ -7359,23 +6280,6 @@ "id": "at-2_obj.a.1-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[03]", @@ -7394,23 +6298,6 @@ "id": "at-2_obj.a.1-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[04]", @@ -7437,23 +6324,6 @@ "id": "at-2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.02", @@ -7517,17 +6387,6 @@ "id": "at-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AT-02b.", @@ -7546,23 +6405,6 @@ "id": "at-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02c.", @@ -7618,23 +6460,6 @@ "id": "at-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02d.", @@ -7730,6 +6555,11 @@ "class": "SP800-53-enhancement", "title": "Insider Threat", "props": [ + { + "name": "label", + "value": "AT-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2(2)" @@ -7768,13 +6598,6 @@ { "id": "at-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide literacy training on recognizing and reporting potential indicators of insider threat." }, { @@ -7786,23 +6609,6 @@ "id": "at-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02(02)", @@ -7968,6 +6774,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-03", + "class": "zero-padded" + }, { "name": "label", "value": "AT-3" @@ -8103,11 +6914,6 @@ "id": "at-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -8143,11 +6949,6 @@ "id": "at-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -8159,11 +6960,6 @@ "id": "at-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -8204,23 +7000,6 @@ "id": "at-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-03a.01", @@ -8312,23 +7091,6 @@ "id": "at-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-03a.02", @@ -8392,17 +7154,6 @@ "id": "at-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AT-03b.", @@ -8458,23 +7209,6 @@ "id": "at-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-03c.", @@ -8586,6 +7320,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-04", + "class": "zero-padded" + }, { "name": "label", "value": "AT-4" @@ -8649,11 +7388,6 @@ "id": "at-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -8665,11 +7399,6 @@ "id": "at-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -8699,23 +7428,6 @@ "id": "at-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-04a.", @@ -8771,17 +7483,6 @@ "id": "at-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AT-04b.", @@ -8979,6 +7680,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-01", + "class": "zero-padded" + }, { "name": "label", "value": "AU-1" @@ -9042,12 +7748,6 @@ "id": "au-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -9107,11 +7807,6 @@ "id": "au-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -9123,12 +7818,6 @@ "id": "au-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -9193,23 +7882,6 @@ "id": "au-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[01]", @@ -9228,23 +7900,6 @@ "id": "au-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[02]", @@ -9263,17 +7918,6 @@ "id": "au-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[03]", @@ -9292,17 +7936,6 @@ "id": "au-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[04]", @@ -9332,17 +7965,6 @@ "id": "au-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.01(a)", @@ -9488,17 +8110,6 @@ "id": "au-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.01(b)", @@ -9533,23 +8144,6 @@ "id": "au-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01b.", @@ -9579,23 +8173,6 @@ "id": "au-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01c.01", @@ -9651,23 +8228,6 @@ "id": "au-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01c.02", @@ -9844,9 +8404,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-02", + "class": "zero-padded" }, { "name": "label", @@ -10022,11 +8582,6 @@ "id": "au-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -10038,11 +8593,6 @@ "id": "au-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -10054,11 +8604,6 @@ "id": "au-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -10070,11 +8615,6 @@ "id": "au-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -10086,11 +8626,6 @@ "id": "au-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -10149,23 +8684,6 @@ "id": "au-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02a.", @@ -10184,23 +8702,6 @@ "id": "au-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02b.", @@ -10230,23 +8731,6 @@ "id": "au-2_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02c.[01]", @@ -10265,17 +8749,6 @@ "id": "au-2_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-02c.[02]", @@ -10302,23 +8775,6 @@ "id": "au-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02d.", @@ -10337,17 +8793,6 @@ "id": "au-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-02e.", @@ -10444,9 +8889,9 @@ "title": "Content of Audit Records", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-03", + "class": "zero-padded" }, { "name": "label", @@ -10523,11 +8968,6 @@ "id": "au-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -10539,11 +8979,6 @@ "id": "au-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -10555,11 +8990,6 @@ "id": "au-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -10571,11 +9001,6 @@ "id": "au-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -10587,11 +9012,6 @@ "id": "au-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -10603,11 +9023,6 @@ "id": "au-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -10626,23 +9041,6 @@ "id": "au-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-03", @@ -10851,9 +9249,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-04", + "class": "zero-padded" }, { "name": "label", @@ -10921,13 +9319,6 @@ { "id": "au-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Allocate audit log storage capacity to accommodate {{ insert: param, au-04_odp }}." }, { @@ -10939,23 +9330,6 @@ "id": "au-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-04", @@ -11078,9 +9452,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-05", + "class": "zero-padded" }, { "name": "label", @@ -11148,11 +9522,6 @@ "id": "au-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -11164,11 +9533,6 @@ "id": "au-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -11198,23 +9562,6 @@ "id": "au-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-05a.", @@ -11233,23 +9580,6 @@ "id": "au-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-05b.", @@ -11380,9 +9710,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06", + "class": "zero-padded" }, { "name": "label", @@ -11547,11 +9877,6 @@ "id": "au-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -11563,11 +9888,6 @@ "id": "au-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -11579,11 +9899,6 @@ "id": "au-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -11631,23 +9946,6 @@ "id": "au-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06a.", @@ -11666,23 +9964,6 @@ "id": "au-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06b.", @@ -11701,23 +9982,6 @@ "id": "au-6_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06c.", @@ -11808,9 +10072,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-08", + "class": "zero-padded" }, { "name": "label", @@ -11858,11 +10122,6 @@ "id": "au-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -11874,11 +10133,6 @@ "id": "au-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -11908,23 +10162,6 @@ "id": "au-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-08a.", @@ -11943,23 +10180,6 @@ "id": "au-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-08b.", @@ -12066,6 +10286,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-09", + "class": "zero-padded" + }, { "name": "label", "value": "AU-9" @@ -12164,11 +10389,6 @@ "id": "au-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -12180,11 +10400,6 @@ "id": "au-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -12214,23 +10429,6 @@ "id": "au-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09a.", @@ -12249,23 +10447,6 @@ "id": "au-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09b.", @@ -12378,9 +10559,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-11", + "class": "zero-padded" }, { "name": "label", @@ -12447,13 +10628,6 @@ { "id": "au-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Retain audit records for {{ insert: param, au-11_odp }} to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.", "parts": [ { @@ -12507,23 +10681,6 @@ "id": "au-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-11", @@ -12615,9 +10772,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-12", + "class": "zero-padded" }, { "name": "label", @@ -12725,11 +10882,6 @@ "id": "au-12_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -12741,11 +10893,6 @@ "id": "au-12_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -12757,11 +10904,6 @@ "id": "au-12_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -12791,23 +10933,6 @@ "id": "au-12_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-12a.", @@ -12826,23 +10951,6 @@ "id": "au-12_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-12b.", @@ -12861,17 +10969,6 @@ "id": "au-12_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-12c.", @@ -13069,6 +11166,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-01", + "class": "zero-padded" + }, { "name": "label", "value": "CA-1" @@ -13156,12 +11258,6 @@ "id": "ca-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -13221,11 +11317,6 @@ "id": "ca-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -13237,12 +11328,6 @@ "id": "ca-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -13307,23 +11392,6 @@ "id": "ca-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[01]", @@ -13342,23 +11410,6 @@ "id": "ca-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[02]", @@ -13377,17 +11428,6 @@ "id": "ca-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[03]", @@ -13406,17 +11446,6 @@ "id": "ca-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[04]", @@ -13446,17 +11475,6 @@ "id": "ca-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.01(a)", @@ -13602,17 +11620,6 @@ "id": "ca-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.01(b)", @@ -13647,23 +11654,6 @@ "id": "ca-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01b.", @@ -13693,23 +11683,6 @@ "id": "ca-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01c.01", @@ -13765,23 +11738,6 @@ "id": "ca-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01c.02", @@ -13930,6 +11886,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-02", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2" @@ -14057,11 +12018,6 @@ "id": "ca-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -14073,11 +12029,6 @@ "id": "ca-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -14124,11 +12075,6 @@ "id": "ca-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -14140,11 +12086,6 @@ "id": "ca-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -14156,11 +12097,6 @@ "id": "ca-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -14172,11 +12108,6 @@ "id": "ca-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -14224,17 +12155,6 @@ "id": "ca-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-02a.", @@ -14264,23 +12184,6 @@ "id": "ca-2_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02b.01", @@ -14299,23 +12202,6 @@ "id": "ca-2_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02b.02", @@ -14334,23 +12220,6 @@ "id": "ca-2_obj.b.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02b.03", @@ -14432,23 +12301,6 @@ "id": "ca-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02c.", @@ -14467,23 +12319,6 @@ "id": "ca-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02d.", @@ -14539,17 +12374,6 @@ "id": "ca-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-02e.", @@ -14568,17 +12392,6 @@ "id": "ca-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-02f.", @@ -14674,6 +12487,11 @@ "class": "SP800-53-enhancement", "title": "Independent Assessors", "props": [ + { + "name": "label", + "value": "CA-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2(1)" @@ -14708,13 +12526,6 @@ { "id": "ca-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ independent assessors or assessment teams to conduct control assessments." }, { @@ -14726,23 +12537,6 @@ "id": "ca-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02(01)", @@ -14850,6 +12644,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-03", + "class": "zero-padded" + }, { "name": "label", "value": "CA-3" @@ -14945,11 +12744,6 @@ "id": "ca-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -14961,11 +12755,6 @@ "id": "ca-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -14977,11 +12766,6 @@ "id": "ca-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -15011,23 +12795,6 @@ "id": "ca-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-03a.", @@ -15046,17 +12813,6 @@ "id": "ca-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-03b.", @@ -15184,23 +12940,6 @@ "id": "ca-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-03c.", @@ -15290,6 +13029,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-05", + "class": "zero-padded" + }, { "name": "label", "value": "CA-5" @@ -15361,11 +13105,6 @@ "id": "ca-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -15377,11 +13116,6 @@ "id": "ca-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -15440,23 +13174,6 @@ "id": "ca-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-05a.", @@ -15475,23 +13192,6 @@ "id": "ca-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-05b.", @@ -15603,6 +13303,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-06", + "class": "zero-padded" + }, { "name": "label", "value": "CA-6" @@ -15682,11 +13387,6 @@ "id": "ca-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -15698,11 +13398,6 @@ "id": "ca-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -15714,11 +13409,6 @@ "id": "ca-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -15754,11 +13444,6 @@ "id": "ca-6_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -15770,11 +13455,6 @@ "id": "ca-6_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -15822,23 +13502,6 @@ "id": "ca-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06a.", @@ -15857,23 +13520,6 @@ "id": "ca-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06b.", @@ -15903,23 +13549,6 @@ "id": "ca-6_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06c.01", @@ -15938,23 +13567,6 @@ "id": "ca-6_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06c.02", @@ -15981,23 +13593,6 @@ "id": "ca-6_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06d.", @@ -16016,17 +13611,6 @@ "id": "ca-6_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-06e.", @@ -16200,6 +13784,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-07", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7" @@ -16472,11 +14061,6 @@ "id": "ca-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -16488,11 +14072,6 @@ "id": "ca-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -16504,11 +14083,6 @@ "id": "ca-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -16520,11 +14094,6 @@ "id": "ca-7_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -16536,11 +14105,6 @@ "id": "ca-7_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -16552,11 +14116,6 @@ "id": "ca-7_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -16568,11 +14127,6 @@ "id": "ca-7_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -16642,23 +14196,6 @@ "id": "ca-7_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07[01]", @@ -16677,23 +14214,6 @@ "id": "ca-7_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07[02]", @@ -16712,23 +14232,6 @@ "id": "ca-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07a.", @@ -16747,23 +14250,6 @@ "id": "ca-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07b.", @@ -16819,23 +14305,6 @@ "id": "ca-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07c.", @@ -16854,23 +14323,6 @@ "id": "ca-7_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07d.", @@ -16889,23 +14341,6 @@ "id": "ca-7_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07e.", @@ -16924,23 +14359,6 @@ "id": "ca-7_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07f.", @@ -16959,23 +14377,6 @@ "id": "ca-7_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07g.", @@ -17108,6 +14509,11 @@ "class": "SP800-53-enhancement", "title": "Risk Monitoring", "props": [ + { + "name": "label", + "value": "CA-07(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7(4)" @@ -17153,11 +14559,6 @@ "id": "ca-7.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -17169,11 +14570,6 @@ "id": "ca-7.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -17185,11 +14581,6 @@ "id": "ca-7.4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -17208,23 +14599,6 @@ "id": "ca-7.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)", @@ -17237,23 +14611,6 @@ "id": "ca-7.4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)(a)", @@ -17272,23 +14629,6 @@ "id": "ca-7.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)(b)", @@ -17307,23 +14647,6 @@ "id": "ca-7.4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)(c)", @@ -17446,6 +14769,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-08", + "class": "zero-padded" + }, { "name": "label", "value": "CA-8" @@ -17496,13 +14824,6 @@ { "id": "ca-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Conduct penetration testing {{ insert: param, ca-08_odp.01 }} on {{ insert: param, ca-08_odp.02 }}.", "parts": [ { @@ -17534,23 +14855,6 @@ "id": "ca-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-08", @@ -17667,6 +14971,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-09", + "class": "zero-padded" + }, { "name": "label", "value": "CA-9" @@ -17742,11 +15051,6 @@ "id": "ca-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -17758,11 +15062,6 @@ "id": "ca-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -17774,11 +15073,6 @@ "id": "ca-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -17790,11 +15084,6 @@ "id": "ca-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -17824,23 +15113,6 @@ "id": "ca-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-09a.", @@ -17859,17 +15131,6 @@ "id": "ca-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-09b.", @@ -17961,23 +15222,6 @@ "id": "ca-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-09c.", @@ -17996,23 +15240,6 @@ "id": "ca-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-09d.", @@ -18210,6 +15437,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-01", + "class": "zero-padded" + }, { "name": "label", "value": "CM-1" @@ -18281,12 +15513,6 @@ "id": "cm-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -18346,11 +15572,6 @@ "id": "cm-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -18362,12 +15583,6 @@ "id": "cm-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -18432,23 +15647,6 @@ "id": "cm-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[01]", @@ -18467,23 +15665,6 @@ "id": "cm-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[02]", @@ -18502,17 +15683,6 @@ "id": "cm-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[03]", @@ -18531,17 +15701,6 @@ "id": "cm-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[04]", @@ -18571,17 +15730,6 @@ "id": "cm-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.01(a)", @@ -18727,17 +15875,6 @@ "id": "cm-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.01(b)", @@ -18772,23 +15909,6 @@ "id": "cm-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01b.", @@ -18818,23 +15938,6 @@ "id": "cm-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01c.01", @@ -18890,23 +15993,6 @@ "id": "cm-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01c.02", @@ -19055,6 +16141,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2" @@ -19174,11 +16265,6 @@ "id": "cm-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -19190,11 +16276,6 @@ "id": "cm-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -19277,17 +16358,6 @@ "id": "cm-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-02a.", @@ -19354,23 +16424,6 @@ "id": "cm-2_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02b.01", @@ -19389,23 +16442,6 @@ "id": "cm-2_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02b.02", @@ -19424,23 +16460,6 @@ "id": "cm-2_obj.b.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02b.03", @@ -19544,6 +16563,11 @@ "class": "SP800-53", "title": "Impact Analyses", "props": [ + { + "name": "label", + "value": "CM-04", + "class": "zero-padded" + }, { "name": "label", "value": "CM-4" @@ -19626,13 +16650,6 @@ { "id": "cm-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Analyze changes to the system to determine potential security and privacy impacts prior to change implementation." }, { @@ -19644,23 +16661,6 @@ "id": "cm-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04", @@ -19786,9 +16786,9 @@ "title": "Access Restrictions for Change", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-05", + "class": "zero-padded" }, { "name": "label", @@ -19863,13 +16863,6 @@ { "id": "cm-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system." }, { @@ -19881,23 +16874,6 @@ "id": "cm-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-05", @@ -20124,9 +17100,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-06", + "class": "zero-padded" }, { "name": "label", @@ -20299,11 +17275,6 @@ "id": "cm-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -20315,11 +17286,6 @@ "id": "cm-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -20331,11 +17297,6 @@ "id": "cm-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -20347,11 +17308,6 @@ "id": "cm-6_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -20395,7 +17351,7 @@ "value": "Guidance:" } ], - "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP's Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." + "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP’s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." } ] } @@ -20421,17 +17377,6 @@ "id": "cm-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-06a.", @@ -20450,23 +17395,6 @@ "id": "cm-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06b.", @@ -20485,23 +17413,6 @@ "id": "cm-6_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06c.", @@ -20557,23 +17468,6 @@ "id": "cm-6_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06d.", @@ -20767,9 +17661,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-07", + "class": "zero-padded" }, { "name": "label", @@ -20894,11 +17788,6 @@ "id": "cm-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -20910,11 +17799,6 @@ "id": "cm-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -20962,23 +17846,6 @@ "id": "cm-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07a.", @@ -20997,17 +17864,6 @@ "id": "cm-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-07b.", @@ -21220,9 +18076,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-08", + "class": "zero-padded" }, { "name": "label", @@ -21355,11 +18211,6 @@ "id": "cm-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -21428,11 +18279,6 @@ "id": "cm-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -21491,23 +18337,6 @@ "id": "cm-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.01", @@ -21526,23 +18355,6 @@ "id": "cm-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.02", @@ -21561,23 +18373,6 @@ "id": "cm-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.03", @@ -21596,23 +18391,6 @@ "id": "cm-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.04", @@ -21631,23 +18409,6 @@ "id": "cm-8_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.05", @@ -21674,23 +18435,6 @@ "id": "cm-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08b.", @@ -21786,6 +18530,11 @@ "class": "SP800-53", "title": "Software Usage Restrictions", "props": [ + { + "name": "label", + "value": "CM-10", + "class": "zero-padded" + }, { "name": "label", "value": "CM-10" @@ -21840,11 +18589,6 @@ "id": "cm-10_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -21856,11 +18600,6 @@ "id": "cm-10_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -21872,11 +18611,6 @@ "id": "cm-10_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -21906,23 +18640,6 @@ "id": "cm-10_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-10a.", @@ -21941,23 +18658,6 @@ "id": "cm-10_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-10b.", @@ -21976,23 +18676,6 @@ "id": "cm-10_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-10c.", @@ -22122,6 +18805,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-11", + "class": "zero-padded" + }, { "name": "label", "value": "CM-11" @@ -22196,11 +18884,6 @@ "id": "cm-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -22212,11 +18895,6 @@ "id": "cm-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -22228,11 +18906,6 @@ "id": "cm-11_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -22262,23 +18935,6 @@ "id": "cm-11_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-11a.", @@ -22297,23 +18953,6 @@ "id": "cm-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-11b.", @@ -22332,17 +18971,6 @@ "id": "cm-11_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-11c.", @@ -22540,6 +19168,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-01", + "class": "zero-padded" + }, { "name": "label", "value": "CP-1" @@ -22611,12 +19244,6 @@ "id": "cp-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -22676,11 +19303,6 @@ "id": "cp-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -22692,12 +19314,6 @@ "id": "cp-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -22762,23 +19378,6 @@ "id": "cp-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[01]", @@ -22797,23 +19396,6 @@ "id": "cp-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[02]", @@ -22832,17 +19414,6 @@ "id": "cp-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[03]", @@ -22861,17 +19432,6 @@ "id": "cp-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[04]", @@ -22901,17 +19461,6 @@ "id": "cp-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.01(a)", @@ -23057,17 +19606,6 @@ "id": "cp-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.01(b)", @@ -23102,23 +19640,6 @@ "id": "cp-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01b.", @@ -23148,23 +19669,6 @@ "id": "cp-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01c.01", @@ -23220,23 +19724,6 @@ "id": "cp-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01c.02", @@ -23437,6 +19924,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-02", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2" @@ -23575,11 +20067,6 @@ "id": "cp-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -23670,11 +20157,6 @@ "id": "cp-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -23686,11 +20168,6 @@ "id": "cp-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -23702,11 +20179,6 @@ "id": "cp-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -23718,11 +20190,6 @@ "id": "cp-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -23734,11 +20201,6 @@ "id": "cp-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -23750,11 +20212,6 @@ "id": "cp-2_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -23766,11 +20223,6 @@ "id": "cp-2_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -23840,17 +20292,6 @@ "id": "cp-2_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.01", @@ -23869,17 +20310,6 @@ "id": "cp-2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.02", @@ -23953,17 +20383,6 @@ "id": "cp-2_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.03", @@ -24037,17 +20456,6 @@ "id": "cp-2_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.04", @@ -24066,17 +20474,6 @@ "id": "cp-2_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.05", @@ -24095,17 +20492,6 @@ "id": "cp-2_obj.a.6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.06", @@ -24124,17 +20510,6 @@ "id": "cp-2_obj.a.7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.07", @@ -24209,23 +20584,6 @@ "id": "cp-2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02b.[01]", @@ -24244,23 +20602,6 @@ "id": "cp-2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02b.[02]", @@ -24287,23 +20628,6 @@ "id": "cp-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02c.", @@ -24322,23 +20646,6 @@ "id": "cp-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02d.", @@ -24368,23 +20675,6 @@ "id": "cp-2_obj.e-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02e.[01]", @@ -24403,23 +20693,6 @@ "id": "cp-2_obj.e-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02e.[02]", @@ -24446,23 +20719,6 @@ "id": "cp-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02f.", @@ -24518,23 +20774,6 @@ "id": "cp-2_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02g.", @@ -24590,29 +20829,6 @@ "id": "cp-2_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-02h.", @@ -24798,6 +21014,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-03", + "class": "zero-padded" + }, { "name": "label", "value": "CP-3" @@ -24873,11 +21094,6 @@ "id": "cp-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -24924,11 +21140,6 @@ "id": "cp-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -24987,23 +21198,6 @@ "id": "cp-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-03a.01", @@ -25022,23 +21216,6 @@ "id": "cp-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03a.02", @@ -25057,23 +21234,6 @@ "id": "cp-3_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03a.03", @@ -25111,23 +21271,6 @@ "id": "cp-3_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03b.[01]", @@ -25146,23 +21289,6 @@ "id": "cp-3_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03b.[02]", @@ -25310,9 +21436,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CP-04", + "class": "zero-padded" }, { "name": "label", @@ -25405,11 +21531,6 @@ "id": "cp-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -25421,11 +21542,6 @@ "id": "cp-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -25437,11 +21553,6 @@ "id": "cp-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -25511,29 +21622,6 @@ "id": "cp-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04a.[01]", @@ -25552,29 +21640,6 @@ "id": "cp-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04a.[02]", @@ -25593,29 +21658,6 @@ "id": "cp-4_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04a.[03]", @@ -25642,23 +21684,6 @@ "id": "cp-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04b.", @@ -25677,23 +21702,6 @@ "id": "cp-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04c.", @@ -25842,6 +21850,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9" @@ -25932,11 +21945,6 @@ "id": "cp-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -25948,11 +21956,6 @@ "id": "cp-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -25964,11 +21967,6 @@ "id": "cp-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -25980,11 +21978,6 @@ "id": "cp-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -26065,29 +22058,6 @@ "id": "cp-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09a.", @@ -26106,29 +22076,6 @@ "id": "cp-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09b.", @@ -26147,29 +22094,6 @@ "id": "cp-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09c.", @@ -26188,23 +22112,6 @@ "id": "cp-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09d.", @@ -26379,6 +22286,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-10", + "class": "zero-padded" + }, { "name": "label", "value": "CP-10" @@ -26444,13 +22356,6 @@ { "id": "cp-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide for the recovery and reconstitution of the system to a known state within {{ insert: param, cp-10_prm_1 }} after a disruption, compromise, or failure." }, { @@ -26462,29 +22367,6 @@ "id": "cp-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-10", @@ -26711,6 +22593,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-01", + "class": "zero-padded" + }, { "name": "label", "value": "IA-1" @@ -26806,12 +22693,6 @@ "id": "ia-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -26871,11 +22752,6 @@ "id": "ia-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -26887,12 +22763,6 @@ "id": "ia-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -26957,23 +22827,6 @@ "id": "ia-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[01]", @@ -26992,23 +22845,6 @@ "id": "ia-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[02]", @@ -27027,17 +22863,6 @@ "id": "ia-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[03]", @@ -27056,17 +22881,6 @@ "id": "ia-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[04]", @@ -27096,17 +22910,6 @@ "id": "ia-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.01(a)", @@ -27252,17 +23055,6 @@ "id": "ia-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.01(b)", @@ -27297,23 +23089,6 @@ "id": "ia-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01b.", @@ -27343,23 +23118,6 @@ "id": "ia-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01c.01", @@ -27415,23 +23173,6 @@ "id": "ia-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01c.02", @@ -27551,9 +23292,9 @@ "title": "Identification and Authentication (Organizational Users)", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02", + "class": "zero-padded" }, { "name": "label", @@ -27725,13 +23466,6 @@ { "id": "ia-2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.", "parts": [ { @@ -27807,29 +23541,6 @@ "id": "ia-2_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02[01]", @@ -27848,29 +23559,6 @@ "id": "ia-2_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02[02]", @@ -27967,9 +23655,9 @@ "title": "Multi-factor Authentication to Privileged Accounts", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(01)", + "class": "zero-padded" }, { "name": "label", @@ -28008,13 +23696,6 @@ { "id": "ia-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement multi-factor authentication for access to privileged accounts.", "parts": [ { @@ -28068,17 +23749,6 @@ "id": "ia-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(01)", @@ -28167,9 +23837,9 @@ "title": "Multi-factor Authentication to Non-privileged Accounts", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(02)", + "class": "zero-padded" }, { "name": "label", @@ -28204,13 +23874,6 @@ { "id": "ia-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement multi-factor authentication for access to non-privileged accounts.", "parts": [ { @@ -28264,17 +23927,6 @@ "id": "ia-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(02)", @@ -28375,9 +24027,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(08)", + "class": "zero-padded" }, { "name": "label", @@ -28408,13 +24060,6 @@ { "id": "ia-2.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement replay-resistant authentication mechanisms for access to {{ insert: param, ia-02.08_odp }}." }, { @@ -28426,23 +24071,6 @@ "id": "ia-2.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(08)", @@ -28531,9 +24159,9 @@ "title": "Acceptance of PIV Credentials", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(12)", + "class": "zero-padded" }, { "name": "label", @@ -28564,13 +24192,6 @@ { "id": "ia-2.12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Accept and electronically verify Personal Identity Verification-compliant credentials.", "parts": [ { @@ -28602,23 +24223,6 @@ "id": "ia-2.12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(12)", @@ -28739,9 +24343,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-04", + "class": "zero-padded" }, { "name": "label", @@ -28862,11 +24466,6 @@ "id": "ia-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -28878,11 +24477,6 @@ "id": "ia-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -28894,11 +24488,6 @@ "id": "ia-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -28910,11 +24499,6 @@ "id": "ia-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -28944,23 +24528,6 @@ "id": "ia-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04a.", @@ -28979,23 +24546,6 @@ "id": "ia-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04b.", @@ -29014,23 +24564,6 @@ "id": "ia-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04c.", @@ -29049,23 +24582,6 @@ "id": "ia-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04d.", @@ -29182,9 +24698,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-05", + "class": "zero-padded" }, { "name": "label", @@ -29326,11 +24842,6 @@ "id": "ia-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -29342,11 +24853,6 @@ "id": "ia-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -29358,11 +24864,6 @@ "id": "ia-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -29374,11 +24875,6 @@ "id": "ia-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -29390,11 +24886,6 @@ "id": "ia-5_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -29406,11 +24897,6 @@ "id": "ia-5_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -29422,11 +24908,6 @@ "id": "ia-5_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -29438,11 +24919,6 @@ "id": "ia-5_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -29454,11 +24930,6 @@ "id": "ia-5_smt.i", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "i." @@ -29517,23 +24988,6 @@ "id": "ia-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05a.", @@ -29552,23 +25006,6 @@ "id": "ia-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05b.", @@ -29587,23 +25024,6 @@ "id": "ia-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05c.", @@ -29622,23 +25042,6 @@ "id": "ia-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05d.", @@ -29657,23 +25060,6 @@ "id": "ia-5_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05e.", @@ -29692,23 +25078,6 @@ "id": "ia-5_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05f.", @@ -29727,23 +25096,6 @@ "id": "ia-5_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05g.", @@ -29773,23 +25125,6 @@ "id": "ia-5_obj.h-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05h.[01]", @@ -29808,23 +25143,6 @@ "id": "ia-5_obj.h-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05h.[02]", @@ -29851,23 +25169,6 @@ "id": "ia-5_obj.i", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05i.", @@ -29983,6 +25284,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(1)" @@ -30027,11 +25333,6 @@ "id": "ia-5.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -30043,11 +25344,6 @@ "id": "ia-5.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -30059,11 +25355,6 @@ "id": "ia-5.1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -30075,11 +25366,6 @@ "id": "ia-5.1_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -30091,11 +25377,6 @@ "id": "ia-5.1_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(e)" @@ -30107,11 +25388,6 @@ "id": "ia-5.1_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(f)" @@ -30123,11 +25399,6 @@ "id": "ia-5.1_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(g)" @@ -30139,11 +25410,6 @@ "id": "ia-5.1_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(h)" @@ -30176,7 +25442,7 @@ "value": "(h) Requirement:" } ], - "prose": "For cases where technology doesn't allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." + "prose": "For cases where technology doesn’t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." }, { "id": "ia-5.1_fr_gdn.1", @@ -30213,23 +25479,6 @@ "id": "ia-5.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(a)", @@ -30248,23 +25497,6 @@ "id": "ia-5.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(b)", @@ -30283,17 +25515,6 @@ "id": "ia-5.1_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(c)", @@ -30312,17 +25533,6 @@ "id": "ia-5.1_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(d)", @@ -30341,17 +25551,6 @@ "id": "ia-5.1_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(e)", @@ -30370,17 +25569,6 @@ "id": "ia-5.1_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(f)", @@ -30399,17 +25587,6 @@ "id": "ia-5.1_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(g)", @@ -30428,23 +25605,6 @@ "id": "ia-5.1_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(h)", @@ -30542,6 +25702,11 @@ "class": "SP800-53", "title": "Authentication Feedback", "props": [ + { + "name": "label", + "value": "IA-06", + "class": "zero-padded" + }, { "name": "label", "value": "IA-6" @@ -30571,13 +25736,6 @@ { "id": "ia-6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals." }, { @@ -30589,17 +25747,6 @@ "id": "ia-6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-06", @@ -30687,6 +25834,11 @@ "class": "SP800-53", "title": "Cryptographic Module Authentication", "props": [ + { + "name": "label", + "value": "IA-07", + "class": "zero-padded" + }, { "name": "label", "value": "IA-7" @@ -30736,13 +25888,6 @@ { "id": "ia-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication." }, { @@ -30754,29 +25899,6 @@ "id": "ia-7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-07", @@ -30864,6 +25986,11 @@ "class": "SP800-53", "title": "Identification and Authentication (Non-organizational Users)", "props": [ + { + "name": "label", + "value": "IA-08", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8" @@ -30981,13 +26108,6 @@ { "id": "ia-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users." }, { @@ -30999,17 +26119,6 @@ "id": "ia-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08", @@ -31097,6 +26206,11 @@ "class": "SP800-53-enhancement", "title": "Acceptance of PIV Credentials from Other Agencies", "props": [ + { + "name": "label", + "value": "IA-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(1)" @@ -31130,13 +26244,6 @@ { "id": "ia-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Accept and electronically verify Personal Identity Verification-compliant credentials from other federal agencies." }, { @@ -31148,17 +26255,6 @@ "id": "ia-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(01)", @@ -31283,6 +26379,11 @@ "class": "SP800-53-enhancement", "title": "Acceptance of External Authenticators", "props": [ + { + "name": "label", + "value": "IA-08(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(2)" @@ -31317,11 +26418,6 @@ "id": "ia-8.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -31333,11 +26429,6 @@ "id": "ia-8.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -31367,17 +26458,6 @@ "id": "ia-8.2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(02)(a)", @@ -31396,23 +26476,6 @@ "id": "ia-8.2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(02)(b)", @@ -31556,6 +26619,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-08(04)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(4)" @@ -31585,13 +26653,6 @@ { "id": "ia-8.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Conform to the following profiles for identity management {{ insert: param, ia-08.04_odp }}." }, { @@ -31603,29 +26664,6 @@ "id": "ia-8.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(04)", @@ -31726,6 +26764,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-11", + "class": "zero-padded" + }, { "name": "label", "value": "IA-11" @@ -31780,13 +26823,6 @@ { "id": "ia-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require users to re-authenticate when {{ insert: param, ia-11_odp }}.", "parts": [ { @@ -31818,29 +26854,6 @@ "id": "ia-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-11", @@ -32030,6 +27043,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-01", + "class": "zero-padded" + }, { "name": "label", "value": "IR-1" @@ -32109,12 +27127,6 @@ "id": "ir-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -32174,11 +27186,6 @@ "id": "ir-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -32190,12 +27197,6 @@ "id": "ir-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -32260,23 +27261,6 @@ "id": "ir-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[01]", @@ -32295,23 +27279,6 @@ "id": "ir-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[02]", @@ -32330,17 +27297,6 @@ "id": "ir-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[03]", @@ -32359,17 +27315,6 @@ "id": "ir-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[04]", @@ -32399,17 +27344,6 @@ "id": "ir-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.01(a)", @@ -32555,17 +27489,6 @@ "id": "ir-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.01(b)", @@ -32600,23 +27523,6 @@ "id": "ir-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01b.", @@ -32646,23 +27552,6 @@ "id": "ir-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01c.01", @@ -32718,23 +27607,6 @@ "id": "ir-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01c.02", @@ -32906,6 +27778,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-02", + "class": "zero-padded" + }, { "name": "label", "value": "IR-2" @@ -32981,11 +27858,6 @@ "id": "ir-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -33032,11 +27904,6 @@ "id": "ir-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -33077,23 +27944,6 @@ "id": "ir-2_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02a.01", @@ -33112,23 +27962,6 @@ "id": "ir-2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02a.02", @@ -33147,23 +27980,6 @@ "id": "ir-2_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02a.03", @@ -33201,23 +28017,6 @@ "id": "ir-2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02b.[01]", @@ -33236,23 +28035,6 @@ "id": "ir-2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02b.[02]", @@ -33335,9 +28117,9 @@ "title": "Incident Handling", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-04", + "class": "zero-padded" }, { "name": "label", @@ -33493,11 +28275,6 @@ "id": "ir-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -33509,11 +28286,6 @@ "id": "ir-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -33525,11 +28297,6 @@ "id": "ir-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -33541,11 +28308,6 @@ "id": "ir-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -33615,23 +28377,6 @@ "id": "ir-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04a.[01]", @@ -33650,23 +28395,6 @@ "id": "ir-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04a.[02]", @@ -33765,23 +28493,6 @@ "id": "ir-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04b.", @@ -33811,23 +28522,6 @@ "id": "ir-4_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04c.[01]", @@ -33846,23 +28540,6 @@ "id": "ir-4_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04c.[02]", @@ -33889,23 +28566,6 @@ "id": "ir-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04d.", @@ -34074,6 +28734,11 @@ "class": "SP800-53", "title": "Incident Monitoring", "props": [ + { + "name": "label", + "value": "IR-05", + "class": "zero-padded" + }, { "name": "label", "value": "IR-5" @@ -34156,13 +28821,6 @@ { "id": "ir-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Track and document incidents." }, { @@ -34174,23 +28832,6 @@ "id": "ir-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-05", @@ -34340,6 +28981,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-06", + "class": "zero-padded" + }, { "name": "label", "value": "IR-6" @@ -34410,11 +29056,6 @@ "id": "ir-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -34426,11 +29067,6 @@ "id": "ir-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -34478,23 +29114,6 @@ "id": "ir-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-06a.", @@ -34513,23 +29132,6 @@ "id": "ir-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-06b.", @@ -34625,6 +29227,11 @@ "class": "SP800-53", "title": "Incident Response Assistance", "props": [ + { + "name": "label", + "value": "IR-07", + "class": "zero-padded" + }, { "name": "label", "value": "IR-7" @@ -34694,13 +29301,6 @@ { "id": "ir-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide an incident response support resource, integral to the organizational incident response capability, that offers advice and assistance to users of the system for the handling and reporting of incidents." }, { @@ -34723,23 +29323,6 @@ "id": "ir-7_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-07[01]", @@ -34758,23 +29341,6 @@ "id": "ir-7_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-07[02]", @@ -34954,6 +29520,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-08", + "class": "zero-padded" + }, { "name": "label", "value": "IR-8" @@ -35040,11 +29611,6 @@ "id": "ir-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -35168,11 +29734,6 @@ "id": "ir-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -35184,11 +29745,6 @@ "id": "ir-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -35200,11 +29756,6 @@ "id": "ir-8_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -35216,11 +29767,6 @@ "id": "ir-8_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -35290,17 +29836,6 @@ "id": "ir-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.01", @@ -35319,17 +29854,6 @@ "id": "ir-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.02", @@ -35348,17 +29872,6 @@ "id": "ir-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.03", @@ -35377,17 +29890,6 @@ "id": "ir-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.04", @@ -35406,17 +29908,6 @@ "id": "ir-8_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.05", @@ -35435,17 +29926,6 @@ "id": "ir-8_obj.a.6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.06", @@ -35464,17 +29944,6 @@ "id": "ir-8_obj.a.7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.07", @@ -35493,17 +29962,6 @@ "id": "ir-8_obj.a.8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.08", @@ -35522,17 +29980,6 @@ "id": "ir-8_obj.a.9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.09", @@ -35551,17 +29998,6 @@ "id": "ir-8_obj.a.10", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.10", @@ -35588,17 +30024,6 @@ "id": "ir-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-08b.", @@ -35654,23 +30079,6 @@ "id": "ir-8_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-08c.", @@ -35689,23 +30097,6 @@ "id": "ir-8_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-08d.", @@ -35761,17 +30152,6 @@ "id": "ir-8_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-08e.", @@ -36006,6 +30386,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-01", + "class": "zero-padded" + }, { "name": "label", "value": "MA-1" @@ -36073,12 +30458,6 @@ "id": "ma-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -36138,11 +30517,6 @@ "id": "ma-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -36154,12 +30528,6 @@ "id": "ma-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -36224,23 +30592,6 @@ "id": "ma-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[01]", @@ -36259,23 +30610,6 @@ "id": "ma-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[02]", @@ -36294,17 +30628,6 @@ "id": "ma-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[03]", @@ -36323,17 +30646,6 @@ "id": "ma-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[04]", @@ -36363,17 +30675,6 @@ "id": "ma-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.01(a)", @@ -36519,17 +30820,6 @@ "id": "ma-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.01(b)", @@ -36564,23 +30854,6 @@ "id": "ma-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01b.", @@ -36610,23 +30883,6 @@ "id": "ma-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01c.01", @@ -36682,23 +30938,6 @@ "id": "ma-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01c.02", @@ -36846,6 +31085,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-02", + "class": "zero-padded" + }, { "name": "label", "value": "MA-2" @@ -36932,11 +31176,6 @@ "id": "ma-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -36948,11 +31187,6 @@ "id": "ma-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -36964,11 +31198,6 @@ "id": "ma-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -36980,11 +31209,6 @@ "id": "ma-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -36996,11 +31220,6 @@ "id": "ma-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -37012,11 +31231,6 @@ "id": "ma-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -37046,29 +31260,6 @@ "id": "ma-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02a.", @@ -37142,23 +31333,6 @@ "id": "ma-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-02b.", @@ -37214,23 +31388,6 @@ "id": "ma-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-02c.", @@ -37249,23 +31406,6 @@ "id": "ma-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-02d.", @@ -37284,17 +31424,6 @@ "id": "ma-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02e.", @@ -37313,17 +31442,6 @@ "id": "ma-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02f.", @@ -37419,6 +31537,11 @@ "class": "SP800-53", "title": "Nonlocal Maintenance", "props": [ + { + "name": "label", + "value": "MA-04", + "class": "zero-padded" + }, { "name": "label", "value": "MA-4" @@ -37529,11 +31652,6 @@ "id": "ma-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -37545,11 +31663,6 @@ "id": "ma-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -37561,11 +31674,6 @@ "id": "ma-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -37577,11 +31685,6 @@ "id": "ma-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -37593,11 +31696,6 @@ "id": "ma-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -37627,23 +31725,6 @@ "id": "ma-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04a.", @@ -37710,23 +31791,6 @@ "id": "ma-4_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04b.[01]", @@ -37745,17 +31809,6 @@ "id": "ma-4_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-04b.[02]", @@ -37782,29 +31835,6 @@ "id": "ma-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04c.", @@ -37823,17 +31853,6 @@ "id": "ma-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04d.", @@ -37852,17 +31871,6 @@ "id": "ma-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04e.", @@ -37995,6 +32003,11 @@ "class": "SP800-53", "title": "Maintenance Personnel", "props": [ + { + "name": "label", + "value": "MA-05", + "class": "zero-padded" + }, { "name": "label", "value": "MA-5" @@ -38073,11 +32086,6 @@ "id": "ma-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -38089,11 +32097,6 @@ "id": "ma-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -38105,11 +32108,6 @@ "id": "ma-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -38139,17 +32137,6 @@ "id": "ma-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-05a.", @@ -38205,29 +32192,6 @@ "id": "ma-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05b.", @@ -38246,29 +32210,6 @@ "id": "ma-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05c.", @@ -38466,6 +32407,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-01", + "class": "zero-padded" + }, { "name": "label", "value": "MP-1" @@ -38533,12 +32479,6 @@ "id": "mp-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -38598,11 +32538,6 @@ "id": "mp-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -38614,12 +32549,6 @@ "id": "mp-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -38684,23 +32613,6 @@ "id": "mp-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[01]", @@ -38719,23 +32631,6 @@ "id": "mp-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[02]", @@ -38754,17 +32649,6 @@ "id": "mp-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[03]", @@ -38783,17 +32667,6 @@ "id": "mp-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[04]", @@ -38823,17 +32696,6 @@ "id": "mp-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.01(a)", @@ -38979,17 +32841,6 @@ "id": "mp-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.01(b)", @@ -39024,23 +32875,6 @@ "id": "mp-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01b.", @@ -39070,23 +32904,6 @@ "id": "mp-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01c.01", @@ -39142,23 +32959,6 @@ "id": "mp-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01c.02", @@ -39323,6 +33123,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-02", + "class": "zero-padded" + }, { "name": "label", "value": "MP-2" @@ -39416,13 +33221,6 @@ { "id": "mp-2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Restrict access to {{ insert: param, mp-2_prm_1 }} to {{ insert: param, mp-2_prm_2 }}." }, { @@ -39445,29 +33243,6 @@ "id": "mp-2_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-02[01]", @@ -39486,29 +33261,6 @@ "id": "mp-2_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-02[02]", @@ -39673,6 +33425,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-06", + "class": "zero-padded" + }, { "name": "label", "value": "MP-6" @@ -39791,11 +33548,6 @@ "id": "mp-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -39807,11 +33559,6 @@ "id": "mp-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -39841,29 +33588,6 @@ "id": "mp-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-06a.", @@ -39937,29 +33661,6 @@ "id": "mp-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-06b.", @@ -40093,6 +33794,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-07", + "class": "zero-padded" + }, { "name": "label", "value": "MP-7" @@ -40155,11 +33861,6 @@ "id": "mp-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -40171,11 +33872,6 @@ "id": "mp-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -40205,29 +33901,6 @@ "id": "mp-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-07a.", @@ -40246,29 +33919,6 @@ "id": "mp-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-07b.", @@ -40466,6 +34116,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-01", + "class": "zero-padded" + }, { "name": "label", "value": "PE-1" @@ -40533,12 +34188,6 @@ "id": "pe-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -40598,11 +34247,6 @@ "id": "pe-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -40614,12 +34258,6 @@ "id": "pe-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -40684,23 +34322,6 @@ "id": "pe-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[01]", @@ -40719,23 +34340,6 @@ "id": "pe-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[02]", @@ -40754,17 +34358,6 @@ "id": "pe-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[03]", @@ -40783,17 +34376,6 @@ "id": "pe-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[04]", @@ -40823,17 +34405,6 @@ "id": "pe-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.01(a)", @@ -40979,17 +34550,6 @@ "id": "pe-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.01(b)", @@ -41024,23 +34584,6 @@ "id": "pe-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01b.", @@ -41070,23 +34613,6 @@ "id": "pe-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01c.01", @@ -41142,23 +34668,6 @@ "id": "pe-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01c.02", @@ -41293,6 +34802,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-02", + "class": "zero-padded" + }, { "name": "label", "value": "PE-2" @@ -41395,11 +34909,6 @@ "id": "pe-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -41411,11 +34920,6 @@ "id": "pe-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -41427,11 +34931,6 @@ "id": "pe-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -41443,11 +34942,6 @@ "id": "pe-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -41477,23 +34971,6 @@ "id": "pe-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-02a.", @@ -41567,17 +35044,6 @@ "id": "pe-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-02b.", @@ -41596,17 +35062,6 @@ "id": "pe-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-02c.", @@ -41625,17 +35080,6 @@ "id": "pe-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-02d.", @@ -41849,9 +35293,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "PE-03", + "class": "zero-padded" }, { "name": "label", @@ -41995,11 +35439,6 @@ "id": "pe-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -42035,11 +35474,6 @@ "id": "pe-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -42051,11 +35485,6 @@ "id": "pe-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -42067,11 +35496,6 @@ "id": "pe-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -42083,11 +35507,6 @@ "id": "pe-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -42099,11 +35518,6 @@ "id": "pe-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -42115,11 +35529,6 @@ "id": "pe-3_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -42160,17 +35569,6 @@ "id": "pe-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03a.01", @@ -42189,23 +35587,6 @@ "id": "pe-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03a.02", @@ -42232,23 +35613,6 @@ "id": "pe-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-03b.", @@ -42267,17 +35631,6 @@ "id": "pe-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03c.", @@ -42307,17 +35660,6 @@ "id": "pe-3_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03d.[01]", @@ -42336,23 +35678,6 @@ "id": "pe-3_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03d.[02]", @@ -42390,17 +35715,6 @@ "id": "pe-3_obj.e-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03e.[01]", @@ -42419,17 +35733,6 @@ "id": "pe-3_obj.e-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03e.[02]", @@ -42448,17 +35751,6 @@ "id": "pe-3_obj.e-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03e.[03]", @@ -42485,23 +35777,6 @@ "id": "pe-3_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-03f.", @@ -42531,17 +35806,6 @@ "id": "pe-3_obj.g-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03g.[01]", @@ -42560,17 +35824,6 @@ "id": "pe-3_obj.g-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03g.[02]", @@ -42699,6 +35952,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-06", + "class": "zero-padded" + }, { "name": "label", "value": "PE-6" @@ -42766,11 +36024,6 @@ "id": "pe-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -42782,11 +36035,6 @@ "id": "pe-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -42798,11 +36046,6 @@ "id": "pe-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -42832,23 +36075,6 @@ "id": "pe-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06a.", @@ -42878,17 +36104,6 @@ "id": "pe-6_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06b.[01]", @@ -42907,17 +36122,6 @@ "id": "pe-6_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06b.[02]", @@ -42955,23 +36159,6 @@ "id": "pe-6_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-06c.[01]", @@ -42990,23 +36177,6 @@ "id": "pe-6_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-06c.[02]", @@ -43149,6 +36319,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-08", + "class": "zero-padded" + }, { "name": "label", "value": "PE-8" @@ -43196,11 +36371,6 @@ "id": "pe-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -43212,11 +36382,6 @@ "id": "pe-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -43228,11 +36393,6 @@ "id": "pe-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -43262,23 +36422,6 @@ "id": "pe-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-08a.", @@ -43297,17 +36440,6 @@ "id": "pe-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-08b.", @@ -43326,23 +36458,6 @@ "id": "pe-8_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-08c.", @@ -43438,6 +36553,11 @@ "class": "SP800-53", "title": "Emergency Lighting", "props": [ + { + "name": "label", + "value": "PE-12", + "class": "zero-padded" + }, { "name": "label", "value": "PE-12" @@ -43471,13 +36591,6 @@ { "id": "pe-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ and maintain automatic emergency lighting for the system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility." }, { @@ -43500,17 +36613,6 @@ "id": "pe-12_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[01]", @@ -43529,17 +36631,6 @@ "id": "pe-12_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[02]", @@ -43558,17 +36649,6 @@ "id": "pe-12_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[03]", @@ -43587,17 +36667,6 @@ "id": "pe-12_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[04]", @@ -43693,6 +36762,11 @@ "class": "SP800-53", "title": "Fire Protection", "props": [ + { + "name": "label", + "value": "PE-13", + "class": "zero-padded" + }, { "name": "label", "value": "PE-13" @@ -43722,13 +36796,6 @@ { "id": "pe-13_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ and maintain fire detection and suppression systems that are supported by an independent energy source." }, { @@ -43751,23 +36818,6 @@ "id": "pe-13_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[01]", @@ -43786,23 +36836,6 @@ "id": "pe-13_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[02]", @@ -43821,23 +36854,6 @@ "id": "pe-13_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[03]", @@ -43856,23 +36872,6 @@ "id": "pe-13_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[04]", @@ -43891,23 +36890,6 @@ "id": "pe-13_obj-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[05]", @@ -43926,23 +36908,6 @@ "id": "pe-13_obj-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[06]", @@ -44090,6 +37055,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-14", + "class": "zero-padded" + }, { "name": "label", "value": "PE-14" @@ -44128,11 +37098,6 @@ "id": "pe-14_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -44144,11 +37109,6 @@ "id": "pe-14_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -44196,23 +37156,6 @@ "id": "pe-14_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-14a.", @@ -44231,23 +37174,6 @@ "id": "pe-14_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-14b.", @@ -44343,6 +37269,11 @@ "class": "SP800-53", "title": "Water Damage Protection", "props": [ + { + "name": "label", + "value": "PE-15", + "class": "zero-padded" + }, { "name": "label", "value": "PE-15" @@ -44376,13 +37307,6 @@ { "id": "pe-15_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel." }, { @@ -44405,23 +37329,6 @@ "id": "pe-15_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[01]", @@ -44440,23 +37347,6 @@ "id": "pe-15_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[02]", @@ -44475,23 +37365,6 @@ "id": "pe-15_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[03]", @@ -44510,23 +37383,6 @@ "id": "pe-15_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[04]", @@ -44651,6 +37507,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-16", + "class": "zero-padded" + }, { "name": "label", "value": "PE-16" @@ -44721,11 +37582,6 @@ "id": "pe-16_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -44737,11 +37593,6 @@ "id": "pe-16_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -44782,23 +37633,6 @@ "id": "pe-16_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[01]", @@ -44817,23 +37651,6 @@ "id": "pe-16_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[02]", @@ -44852,23 +37669,6 @@ "id": "pe-16_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[03]", @@ -44887,23 +37687,6 @@ "id": "pe-16_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[04]", @@ -44930,23 +37713,6 @@ "id": "pe-16_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-16b.", @@ -45144,6 +37910,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-01", + "class": "zero-padded" + }, { "name": "label", "value": "PL-1" @@ -45215,12 +37986,6 @@ "id": "pl-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -45280,11 +38045,6 @@ "id": "pl-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -45296,12 +38056,6 @@ "id": "pl-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -45366,23 +38120,6 @@ "id": "pl-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[01]", @@ -45401,23 +38138,6 @@ "id": "pl-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[02]", @@ -45436,17 +38156,6 @@ "id": "pl-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[03]", @@ -45465,17 +38174,6 @@ "id": "pl-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[04]", @@ -45505,17 +38203,6 @@ "id": "pl-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.01(a)", @@ -45661,17 +38348,6 @@ "id": "pl-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.01(b)", @@ -45706,23 +38382,6 @@ "id": "pl-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01b.", @@ -45752,23 +38411,6 @@ "id": "pl-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01c.01", @@ -45824,23 +38466,6 @@ "id": "pl-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01c.02", @@ -45993,6 +38618,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-02", + "class": "zero-padded" + }, { "name": "label", "value": "PL-2" @@ -46196,11 +38826,6 @@ "id": "pl-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -46379,11 +39004,6 @@ "id": "pl-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -46395,11 +39015,6 @@ "id": "pl-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -46411,11 +39026,6 @@ "id": "pl-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -46427,11 +39037,6 @@ "id": "pl-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -46483,57 +39088,6 @@ "id": "pl-2_obj.a.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.01[01]", @@ -46552,57 +39106,6 @@ "id": "pl-2_obj.a.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.01[02]", @@ -46750,17 +39253,6 @@ "id": "pl-2_obj.a.4-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.04[01]", @@ -46779,17 +39271,6 @@ "id": "pl-2_obj.a.4-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.04[02]", @@ -46816,17 +39297,6 @@ "id": "pl-2_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.05", @@ -46882,17 +39352,6 @@ "id": "pl-2_obj.a.6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.06", @@ -46948,17 +39407,6 @@ "id": "pl-2_obj.a.7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.07", @@ -47014,17 +39462,6 @@ "id": "pl-2_obj.a.8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.08", @@ -47080,23 +39517,6 @@ "id": "pl-2_obj.a.9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.09", @@ -47163,17 +39583,6 @@ "id": "pl-2_obj.a.10-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.10[01]", @@ -47192,17 +39601,6 @@ "id": "pl-2_obj.a.10-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.10[02]", @@ -47229,17 +39627,6 @@ "id": "pl-2_obj.a.11", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.11", @@ -47306,17 +39693,6 @@ "id": "pl-2_obj.a.12-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.12[01]", @@ -47335,17 +39711,6 @@ "id": "pl-2_obj.a.12-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.12[02]", @@ -47383,23 +39748,6 @@ "id": "pl-2_obj.a.13-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.13[01]", @@ -47418,23 +39766,6 @@ "id": "pl-2_obj.a.13-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.13[02]", @@ -47472,23 +39803,6 @@ "id": "pl-2_obj.a.14-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.14[01]", @@ -47507,23 +39821,6 @@ "id": "pl-2_obj.a.14-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.14[02]", @@ -47561,23 +39858,6 @@ "id": "pl-2_obj.a.15-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.15[01]", @@ -47596,23 +39876,6 @@ "id": "pl-2_obj.a.15-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.15[02]", @@ -47647,23 +39910,6 @@ "id": "pl-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02b.", @@ -47719,23 +39965,6 @@ "id": "pl-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02c.", @@ -47754,23 +39983,6 @@ "id": "pl-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02d.", @@ -47844,23 +40056,6 @@ "id": "pl-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02e.", @@ -48033,6 +40228,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-04", + "class": "zero-padded" + }, { "name": "label", "value": "PL-4" @@ -48152,11 +40352,6 @@ "id": "pl-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -48168,11 +40363,6 @@ "id": "pl-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -48184,11 +40374,6 @@ "id": "pl-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -48200,11 +40385,6 @@ "id": "pl-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -48234,23 +40414,6 @@ "id": "pl-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04a.", @@ -48306,23 +40469,6 @@ "id": "pl-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04b.", @@ -48341,23 +40487,6 @@ "id": "pl-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-04c.", @@ -48376,23 +40505,6 @@ "id": "pl-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-04d.", @@ -48488,6 +40600,11 @@ "class": "SP800-53-enhancement", "title": "Social Media and External Site/Application Usage Restrictions", "props": [ + { + "name": "label", + "value": "PL-04(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PL-4(1)" @@ -48536,11 +40653,6 @@ "id": "pl-4.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -48552,11 +40664,6 @@ "id": "pl-4.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -48568,11 +40675,6 @@ "id": "pl-4.1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -48602,23 +40704,6 @@ "id": "pl-4.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04(01)(a)", @@ -48637,23 +40722,6 @@ "id": "pl-4.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04(01)(b)", @@ -48672,23 +40740,6 @@ "id": "pl-4.1_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04(01)(c)", @@ -48802,6 +40853,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-08", + "class": "zero-padded" + }, { "name": "label", "value": "PL-8" @@ -48901,11 +40957,6 @@ "id": "pl-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -48963,11 +41014,6 @@ "id": "pl-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -48979,11 +41025,6 @@ "id": "pl-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -49042,23 +41083,6 @@ "id": "pl-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.01", @@ -49077,23 +41101,6 @@ "id": "pl-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.02", @@ -49112,17 +41119,6 @@ "id": "pl-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.03", @@ -49178,17 +41174,6 @@ "id": "pl-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.04", @@ -49252,23 +41237,6 @@ "id": "pl-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-08b.", @@ -49298,23 +41266,6 @@ "id": "pl-8_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[01]", @@ -49333,23 +41284,6 @@ "id": "pl-8_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[02]", @@ -49368,23 +41302,6 @@ "id": "pl-8_obj.c-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[03]", @@ -49403,23 +41320,6 @@ "id": "pl-8_obj.c-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[04]", @@ -49438,23 +41338,6 @@ "id": "pl-8_obj.c-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[05]", @@ -49473,23 +41356,6 @@ "id": "pl-8_obj.c-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[06]", @@ -49593,6 +41459,11 @@ "class": "SP800-53", "title": "Baseline Selection", "props": [ + { + "name": "label", + "value": "PL-10", + "class": "zero-padded" + }, { "name": "label", "value": "PL-10" @@ -49678,13 +41549,6 @@ { "id": "pl-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Select a control baseline for the system.", "parts": [ { @@ -49716,17 +41580,6 @@ "id": "pl-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-10", @@ -49792,6 +41645,11 @@ "class": "SP800-53", "title": "Baseline Tailoring", "props": [ + { + "name": "label", + "value": "PL-11", + "class": "zero-padded" + }, { "name": "label", "value": "PL-11" @@ -49877,13 +41735,6 @@ { "id": "pl-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Tailor the selected control baseline by applying specified tailoring actions." }, { @@ -49895,23 +41746,6 @@ "id": "pl-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-11", @@ -50079,6 +41913,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-01", + "class": "zero-padded" + }, { "name": "label", "value": "PS-1" @@ -50142,12 +41981,6 @@ "id": "ps-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -50207,11 +42040,6 @@ "id": "ps-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -50223,12 +42051,6 @@ "id": "ps-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -50293,23 +42115,6 @@ "id": "ps-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[01]", @@ -50328,23 +42133,6 @@ "id": "ps-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[02]", @@ -50363,17 +42151,6 @@ "id": "ps-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[03]", @@ -50392,17 +42169,6 @@ "id": "ps-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[04]", @@ -50432,17 +42198,6 @@ "id": "ps-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.01(a)", @@ -50588,17 +42343,6 @@ "id": "ps-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.01(b)", @@ -50633,23 +42377,6 @@ "id": "ps-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01b.", @@ -50679,23 +42406,6 @@ "id": "ps-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01c.01", @@ -50751,23 +42461,6 @@ "id": "ps-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01c.02", @@ -50902,6 +42595,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-02", + "class": "zero-padded" + }, { "name": "label", "value": "PS-2" @@ -50980,11 +42678,6 @@ "id": "ps-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -50996,11 +42689,6 @@ "id": "ps-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -51012,11 +42700,6 @@ "id": "ps-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -51046,23 +42729,6 @@ "id": "ps-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-02a.", @@ -51081,23 +42747,6 @@ "id": "ps-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-02b.", @@ -51116,23 +42765,6 @@ "id": "ps-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-02c.", @@ -51257,6 +42889,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-03", + "class": "zero-padded" + }, { "name": "label", "value": "PS-3" @@ -51359,11 +42996,6 @@ "id": "ps-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -51375,11 +43007,6 @@ "id": "ps-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -51409,23 +43036,6 @@ "id": "ps-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03a.", @@ -51455,23 +43065,6 @@ "id": "ps-3_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03b.[01]", @@ -51490,23 +43083,6 @@ "id": "ps-3_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03b.[02]", @@ -51635,6 +43211,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-04", + "class": "zero-padded" + }, { "name": "label", "value": "PS-4" @@ -51690,11 +43271,6 @@ "id": "ps-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -51706,11 +43282,6 @@ "id": "ps-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -51722,11 +43293,6 @@ "id": "ps-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -51738,11 +43304,6 @@ "id": "ps-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -51754,11 +43315,6 @@ "id": "ps-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -51788,17 +43344,6 @@ "id": "ps-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04a.", @@ -51817,17 +43362,6 @@ "id": "ps-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04b.", @@ -51846,23 +43380,6 @@ "id": "ps-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04c.", @@ -51881,23 +43398,6 @@ "id": "ps-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-04d.", @@ -51916,23 +43416,6 @@ "id": "ps-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04e.", @@ -52076,6 +43559,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-05", + "class": "zero-padded" + }, { "name": "label", "value": "PS-5" @@ -52130,11 +43618,6 @@ "id": "ps-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -52146,11 +43629,6 @@ "id": "ps-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -52162,11 +43640,6 @@ "id": "ps-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -52178,11 +43651,6 @@ "id": "ps-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -52212,23 +43680,6 @@ "id": "ps-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-05a.", @@ -52247,23 +43698,6 @@ "id": "ps-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-05b.", @@ -52282,17 +43716,6 @@ "id": "ps-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-05c.", @@ -52311,23 +43734,6 @@ "id": "ps-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-05d.", @@ -52453,6 +43859,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-06", + "class": "zero-padded" + }, { "name": "label", "value": "PS-6" @@ -52528,11 +43939,6 @@ "id": "ps-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -52544,11 +43950,6 @@ "id": "ps-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -52560,11 +43961,6 @@ "id": "ps-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -52618,17 +44014,6 @@ "id": "ps-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-06a.", @@ -52647,23 +44032,6 @@ "id": "ps-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-06b.", @@ -52693,23 +44061,6 @@ "id": "ps-6_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-06c.01", @@ -52728,23 +44079,6 @@ "id": "ps-6_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-06c.02", @@ -52878,6 +44212,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-07", + "class": "zero-padded" + }, { "name": "label", "value": "PS-7" @@ -52969,11 +44308,6 @@ "id": "ps-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -52985,11 +44319,6 @@ "id": "ps-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -53001,11 +44330,6 @@ "id": "ps-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -53017,11 +44341,6 @@ "id": "ps-7_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -53033,11 +44352,6 @@ "id": "ps-7_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -53067,23 +44381,6 @@ "id": "ps-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-07a.", @@ -53102,23 +44399,6 @@ "id": "ps-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-07b.", @@ -53137,17 +44417,6 @@ "id": "ps-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-07c.", @@ -53166,23 +44435,6 @@ "id": "ps-7_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-07d.", @@ -53201,23 +44453,6 @@ "id": "ps-7_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-07e.", @@ -53338,6 +44573,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-08", + "class": "zero-padded" + }, { "name": "label", "value": "PS-8" @@ -53384,11 +44624,6 @@ "id": "ps-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -53400,11 +44635,6 @@ "id": "ps-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -53434,23 +44664,6 @@ "id": "ps-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-08a.", @@ -53469,23 +44682,6 @@ "id": "ps-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-08b.", @@ -53581,6 +44777,11 @@ "class": "SP800-53", "title": "Position Descriptions", "props": [ + { + "name": "label", + "value": "PS-09", + "class": "zero-padded" + }, { "name": "label", "value": "PS-9" @@ -53610,13 +44811,6 @@ { "id": "ps-9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Incorporate security and privacy roles and responsibilities into organizational position descriptions." }, { @@ -53628,17 +44822,6 @@ "id": "ps-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-09", @@ -53865,6 +45048,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-01", + "class": "zero-padded" + }, { "name": "label", "value": "RA-1" @@ -53932,12 +45120,6 @@ "id": "ra-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -53997,11 +45179,6 @@ "id": "ra-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -54013,12 +45190,6 @@ "id": "ra-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -54083,23 +45254,6 @@ "id": "ra-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[01]", @@ -54118,23 +45272,6 @@ "id": "ra-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[02]", @@ -54153,17 +45290,6 @@ "id": "ra-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[03]", @@ -54182,17 +45308,6 @@ "id": "ra-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[04]", @@ -54222,17 +45337,6 @@ "id": "ra-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.01(a)", @@ -54378,17 +45482,6 @@ "id": "ra-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.01(b)", @@ -54423,23 +45516,6 @@ "id": "ra-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01b.", @@ -54469,23 +45545,6 @@ "id": "ra-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01c.01", @@ -54541,23 +45600,6 @@ "id": "ra-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01c.02", @@ -54676,6 +45718,11 @@ "class": "SP800-53", "title": "Security Categorization", "props": [ + { + "name": "label", + "value": "RA-02", + "class": "zero-padded" + }, { "name": "label", "value": "RA-2" @@ -54802,11 +45849,6 @@ "id": "ra-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -54818,11 +45860,6 @@ "id": "ra-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -54834,11 +45871,6 @@ "id": "ra-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -54868,17 +45900,6 @@ "id": "ra-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-02a.", @@ -54897,17 +45918,6 @@ "id": "ra-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-02b.", @@ -54926,23 +45936,6 @@ "id": "ra-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-02c.", @@ -55101,6 +46094,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-03", + "class": "zero-padded" + }, { "name": "label", "value": "RA-3" @@ -55268,11 +46266,6 @@ "id": "ra-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -55319,11 +46312,6 @@ "id": "ra-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -55335,11 +46323,6 @@ "id": "ra-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -55351,11 +46334,6 @@ "id": "ra-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -55367,11 +46345,6 @@ "id": "ra-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -55383,11 +46356,6 @@ "id": "ra-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -55457,23 +46425,6 @@ "id": "ra-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03a.01", @@ -55492,23 +46443,6 @@ "id": "ra-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03a.02", @@ -55527,23 +46461,6 @@ "id": "ra-3_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03a.03", @@ -55570,23 +46487,6 @@ "id": "ra-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03b.", @@ -55605,17 +46505,6 @@ "id": "ra-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-03c.", @@ -55634,23 +46523,6 @@ "id": "ra-3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03d.", @@ -55669,23 +46541,6 @@ "id": "ra-3_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03e.", @@ -55704,23 +46559,6 @@ "id": "ra-3_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03f.", @@ -55836,6 +46674,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-03(01)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-3(1)" @@ -55895,11 +46738,6 @@ "id": "ra-3.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -55911,11 +46749,6 @@ "id": "ra-3.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -55945,23 +46778,6 @@ "id": "ra-3.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03(01)(a)", @@ -55980,23 +46796,6 @@ "id": "ra-3.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03(01)(b)", @@ -56147,9 +46946,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "RA-05", + "class": "zero-padded" }, { "name": "label", @@ -56290,11 +47089,6 @@ "id": "ra-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -56306,11 +47100,6 @@ "id": "ra-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -56357,11 +47146,6 @@ "id": "ra-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -56373,11 +47157,6 @@ "id": "ra-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -56389,11 +47168,6 @@ "id": "ra-5_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -56405,11 +47179,6 @@ "id": "ra-5_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -56475,7 +47244,7 @@ "value": "Guidance:" } ], - "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a \\\"warning\\\" as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on \\\"Tracking of Compliance Scans\\\" in FAQs." + "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a “warning” as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on “Tracking of Compliance Scans” in FAQs." } ] } @@ -56501,23 +47270,6 @@ "id": "ra-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05a.", @@ -56573,23 +47325,6 @@ "id": "ra-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.", @@ -56602,23 +47337,6 @@ "id": "ra-5_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.01", @@ -56637,23 +47355,6 @@ "id": "ra-5_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.02", @@ -56672,23 +47373,6 @@ "id": "ra-5_obj.b.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.03", @@ -56715,23 +47399,6 @@ "id": "ra-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05c.", @@ -56750,23 +47417,6 @@ "id": "ra-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05d.", @@ -56785,23 +47435,6 @@ "id": "ra-5_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05e.", @@ -56820,23 +47453,6 @@ "id": "ra-5_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05f.", @@ -56960,9 +47576,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "RA-05(02)", + "class": "zero-padded" }, { "name": "label", @@ -57002,13 +47618,6 @@ { "id": "ra-5.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Update the system vulnerabilities to be scanned {{ insert: param, ra-05.02_odp.01 }}." }, { @@ -57020,23 +47629,6 @@ "id": "ra-5.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(02)", @@ -57124,6 +47716,11 @@ "class": "SP800-53-enhancement", "title": "Public Disclosure Program", "props": [ + { + "name": "label", + "value": "RA-05(11)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5(11)" @@ -57158,13 +47755,6 @@ { "id": "ra-5.11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish a public reporting channel for receiving reports of vulnerabilities in organizational systems and system components." }, { @@ -57176,23 +47766,6 @@ "id": "ra-5.11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(11)", @@ -57282,6 +47855,11 @@ "class": "SP800-53", "title": "Risk Response", "props": [ + { + "name": "label", + "value": "RA-07", + "class": "zero-padded" + }, { "name": "label", "value": "RA-7" @@ -57364,13 +47942,6 @@ { "id": "ra-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Respond to findings from security and privacy assessments, monitoring, and audits in accordance with organizational risk tolerance." }, { @@ -57382,23 +47953,6 @@ "id": "ra-7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-07", @@ -57661,6 +48215,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-01", + "class": "zero-padded" + }, { "name": "label", "value": "SA-1" @@ -57736,12 +48295,6 @@ "id": "sa-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -57801,11 +48354,6 @@ "id": "sa-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -57817,12 +48365,6 @@ "id": "sa-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -57887,23 +48429,6 @@ "id": "sa-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[01]", @@ -57922,23 +48447,6 @@ "id": "sa-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[02]", @@ -57957,17 +48465,6 @@ "id": "sa-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[03]", @@ -57986,17 +48483,6 @@ "id": "sa-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[04]", @@ -58026,17 +48512,6 @@ "id": "sa-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.01(a)", @@ -58182,17 +48657,6 @@ "id": "sa-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.01(b)", @@ -58227,23 +48691,6 @@ "id": "sa-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01b.", @@ -58273,23 +48720,6 @@ "id": "sa-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01c.01", @@ -58345,23 +48775,6 @@ "id": "sa-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01c.02", @@ -58480,6 +48893,11 @@ "class": "SP800-53", "title": "Allocation of Resources", "props": [ + { + "name": "label", + "value": "SA-02", + "class": "zero-padded" + }, { "name": "label", "value": "SA-2" @@ -58551,11 +48969,6 @@ "id": "sa-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -58567,11 +48980,6 @@ "id": "sa-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -58583,11 +48991,6 @@ "id": "sa-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -58628,23 +49031,6 @@ "id": "sa-2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02a.[01]", @@ -58663,23 +49049,6 @@ "id": "sa-2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02a.[02]", @@ -58717,23 +49086,6 @@ "id": "sa-2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02b.[01]", @@ -58752,23 +49104,6 @@ "id": "sa-2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02b.[02]", @@ -58806,23 +49141,6 @@ "id": "sa-2_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02c.[01]", @@ -58841,23 +49159,6 @@ "id": "sa-2_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02c.[02]", @@ -58972,6 +49273,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-03", + "class": "zero-padded" + }, { "name": "label", "value": "SA-3" @@ -59087,11 +49393,6 @@ "id": "sa-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -59103,11 +49404,6 @@ "id": "sa-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -59119,11 +49415,6 @@ "id": "sa-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -59135,11 +49426,6 @@ "id": "sa-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -59180,23 +49466,6 @@ "id": "sa-3_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03a.[01]", @@ -59215,23 +49484,6 @@ "id": "sa-3_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03a.[02]", @@ -59269,23 +49521,6 @@ "id": "sa-3_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03b.[01]", @@ -59304,23 +49539,6 @@ "id": "sa-3_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03b.[02]", @@ -59358,23 +49576,6 @@ "id": "sa-3_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03c.[01]", @@ -59393,23 +49594,6 @@ "id": "sa-3_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03c.[02]", @@ -59447,23 +49631,6 @@ "id": "sa-3_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03d.[01]", @@ -59482,23 +49649,6 @@ "id": "sa-3_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03d.[02]", @@ -59623,6 +49773,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-04", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4" @@ -59799,11 +49954,6 @@ "id": "sa-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -59815,11 +49965,6 @@ "id": "sa-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -59831,11 +49976,6 @@ "id": "sa-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -59847,11 +49987,6 @@ "id": "sa-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -59863,11 +49998,6 @@ "id": "sa-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -59879,11 +50009,6 @@ "id": "sa-4_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -59895,11 +50020,6 @@ "id": "sa-4_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -59911,11 +50031,6 @@ "id": "sa-4_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -59927,11 +50042,6 @@ "id": "sa-4_smt.i", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "i." @@ -60001,57 +50111,6 @@ "id": "sa-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04a.[01]", @@ -60070,57 +50129,6 @@ "id": "sa-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04a.[02]", @@ -60147,23 +50155,6 @@ "id": "sa-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04b.", @@ -60292,23 +50283,6 @@ "id": "sa-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04e.", @@ -60364,23 +50338,6 @@ "id": "sa-4_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04f.", @@ -60436,23 +50393,6 @@ "id": "sa-4_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04g.", @@ -60471,23 +50411,6 @@ "id": "sa-4_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04h.", @@ -60561,23 +50484,6 @@ "id": "sa-4_obj.i", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04i.", @@ -60673,6 +50579,11 @@ "class": "SP800-53-enhancement", "title": "Use of Approved PIV Products", "props": [ + { + "name": "label", + "value": "SA-04(10)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(10)" @@ -60719,13 +50630,6 @@ { "id": "sa-4.10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ only information technology products on the FIPS 201-approved products list for Personal Identity Verification (PIV) capability implemented within organizational systems." }, { @@ -60737,23 +50641,6 @@ "id": "sa-4.10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(10)", @@ -60868,6 +50755,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-05", + "class": "zero-padded" + }, { "name": "label", "value": "SA-5" @@ -60983,11 +50875,6 @@ "id": "sa-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -61034,11 +50921,6 @@ "id": "sa-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -61085,11 +50967,6 @@ "id": "sa-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -61101,11 +50978,6 @@ "id": "sa-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -61146,23 +51018,6 @@ "id": "sa-5_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.01", @@ -61247,23 +51102,6 @@ "id": "sa-5_obj.a.2-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[01]", @@ -61282,23 +51120,6 @@ "id": "sa-5_obj.a.2-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[02]", @@ -61317,23 +51138,6 @@ "id": "sa-5_obj.a.2-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[03]", @@ -61352,23 +51156,6 @@ "id": "sa-5_obj.a.2-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[04]", @@ -61395,23 +51182,6 @@ "id": "sa-5_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.03", @@ -61497,23 +51267,6 @@ "id": "sa-5_obj.b.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[01]", @@ -61532,23 +51285,6 @@ "id": "sa-5_obj.b.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[02]", @@ -61567,23 +51303,6 @@ "id": "sa-5_obj.b.1-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[03]", @@ -61602,23 +51321,6 @@ "id": "sa-5_obj.b.1-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[04]", @@ -61656,23 +51358,6 @@ "id": "sa-5_obj.b.2-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.02[01]", @@ -61691,23 +51376,6 @@ "id": "sa-5_obj.b.2-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.02[02]", @@ -61745,23 +51413,6 @@ "id": "sa-5_obj.b.3-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.03[01]", @@ -61780,23 +51431,6 @@ "id": "sa-5_obj.b.3-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.03[02]", @@ -61842,23 +51476,6 @@ "id": "sa-5_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-05c.[01]", @@ -61877,23 +51494,6 @@ "id": "sa-5_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-05c.[02]", @@ -61920,23 +51520,6 @@ "id": "sa-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-05d.", @@ -62056,6 +51639,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-08", + "class": "zero-padded" + }, { "name": "label", "value": "SA-8" @@ -62198,13 +51786,6 @@ { "id": "sa-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Apply the following systems security and privacy engineering principles in the specification, design, development, implementation, and modification of the system and system components: {{ insert: param, sa-8_prm_1 }}." }, { @@ -62227,23 +51808,6 @@ "id": "sa-8_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[01]", @@ -62262,23 +51826,6 @@ "id": "sa-8_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[02]", @@ -62297,23 +51844,6 @@ "id": "sa-8_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[03]", @@ -62332,23 +51862,6 @@ "id": "sa-8_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[04]", @@ -62367,23 +51880,6 @@ "id": "sa-8_obj-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[05]", @@ -62402,23 +51898,6 @@ "id": "sa-8_obj-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[06]", @@ -62437,23 +51916,6 @@ "id": "sa-8_obj-7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[07]", @@ -62472,23 +51934,6 @@ "id": "sa-8_obj-8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[08]", @@ -62507,23 +51952,6 @@ "id": "sa-8_obj-9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[09]", @@ -62542,23 +51970,6 @@ "id": "sa-8_obj-10", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[10]", @@ -62685,9 +52096,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SA-09", + "class": "zero-padded" }, { "name": "label", @@ -62792,11 +52203,6 @@ "id": "sa-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -62808,11 +52214,6 @@ "id": "sa-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -62824,11 +52225,6 @@ "id": "sa-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -62869,23 +52265,6 @@ "id": "sa-9_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09a.[01]", @@ -62904,23 +52283,6 @@ "id": "sa-9_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09a.[02]", @@ -62939,17 +52301,6 @@ "id": "sa-9_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-09a.[03]", @@ -62987,17 +52338,6 @@ "id": "sa-9_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-09b.[01]", @@ -63016,17 +52356,6 @@ "id": "sa-9_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-09b.[02]", @@ -63053,23 +52382,6 @@ "id": "sa-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-09c.", @@ -63186,6 +52498,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-22", + "class": "zero-padded" + }, { "name": "label", "value": "SA-22" @@ -63229,11 +52546,6 @@ "id": "sa-22_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -63245,11 +52557,6 @@ "id": "sa-22_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -63279,23 +52586,6 @@ "id": "sa-22_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-22a.", @@ -63314,23 +52604,6 @@ "id": "sa-22_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-22b.", @@ -63528,6 +52801,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-01", + "class": "zero-padded" + }, { "name": "label", "value": "SC-1" @@ -63591,12 +52869,6 @@ "id": "sc-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -63656,11 +52928,6 @@ "id": "sc-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -63672,12 +52939,6 @@ "id": "sc-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -63742,23 +53003,6 @@ "id": "sc-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[01]", @@ -63777,23 +53021,6 @@ "id": "sc-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[02]", @@ -63812,17 +53039,6 @@ "id": "sc-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[03]", @@ -63841,17 +53057,6 @@ "id": "sc-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[04]", @@ -63881,17 +53086,6 @@ "id": "sc-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.01(a)", @@ -64037,17 +53231,6 @@ "id": "sc-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.01(b)", @@ -64082,23 +53265,6 @@ "id": "sc-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01b.", @@ -64128,23 +53294,6 @@ "id": "sc-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01c.01", @@ -64200,23 +53349,6 @@ "id": "sc-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01c.02", @@ -64374,6 +53506,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-05", + "class": "zero-padded" + }, { "name": "label", "value": "SC-5" @@ -64428,11 +53565,6 @@ "id": "sc-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -64444,11 +53576,6 @@ "id": "sc-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -64478,23 +53605,6 @@ "id": "sc-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-05a.", @@ -64513,17 +53623,6 @@ "id": "sc-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-05b.", @@ -64631,9 +53730,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07", + "class": "zero-padded" }, { "name": "label", @@ -64789,11 +53888,6 @@ "id": "sc-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -64805,11 +53899,6 @@ "id": "sc-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -64821,11 +53910,6 @@ "id": "sc-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -64884,23 +53968,6 @@ "id": "sc-7_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[01]", @@ -64919,23 +53986,6 @@ "id": "sc-7_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[02]", @@ -64954,23 +54004,6 @@ "id": "sc-7_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[03]", @@ -64989,23 +54022,6 @@ "id": "sc-7_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[04]", @@ -65032,29 +54048,6 @@ "id": "sc-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07b.", @@ -65073,29 +54066,6 @@ "id": "sc-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07c.", @@ -65204,9 +54174,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-08", + "class": "zero-padded" }, { "name": "label", @@ -65325,13 +54295,6 @@ { "id": "sc-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the {{ insert: param, sc-08_odp }} of transmitted information.", "parts": [ { @@ -65348,7 +54311,7 @@ "value": "Guidance:" } ], - "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n \n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work - e.g. log collection, scanning, etc.\n\n\n \n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters \n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information] " + "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n \n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work – e.g. log collection, scanning, etc.\n\n\n \n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters \n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information] " }, { "id": "sc-8_fr_gdn.2", @@ -65359,7 +54322,7 @@ "value": "Guidance:" } ], - "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n \n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n \n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS's Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS' recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n \n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n \n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n \n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf " + "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n \n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n \n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS’s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS’ recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n \n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n \n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n \n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf " } ] } @@ -65374,29 +54337,6 @@ "id": "sc-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-08", @@ -65496,6 +54436,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-8(1)" @@ -65533,13 +54478,6 @@ { "id": "sc-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to {{ insert: param, sc-08.01_odp }} during transmission.", "parts": [ { @@ -65604,29 +54542,6 @@ "id": "sc-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-08(01)", @@ -65733,9 +54648,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-12", + "class": "zero-padded" }, { "name": "label", @@ -65850,10 +54765,6 @@ "href": "#sc-11", "rel": "related" }, - { - "href": "#sc-12", - "rel": "related" - }, { "href": "#sc-13", "rel": "related" @@ -65887,13 +54798,6 @@ { "id": "sc-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: {{ insert: param, sc-12_odp }}.", "parts": [ { @@ -65947,29 +54851,6 @@ "id": "sc-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-12", @@ -66120,9 +55001,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-13", + "class": "zero-padded" }, { "name": "label", @@ -66274,11 +55155,6 @@ "id": "sc-13_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -66290,11 +55166,6 @@ "id": "sc-13_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -66386,23 +55257,6 @@ "id": "sc-13_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-13a.", @@ -66421,29 +55275,6 @@ "id": "sc-13_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-13b.", @@ -66555,6 +55386,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-15", + "class": "zero-padded" + }, { "name": "label", "value": "SC-15" @@ -66593,11 +55429,6 @@ "id": "sc-15_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -66609,11 +55440,6 @@ "id": "sc-15_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -66661,23 +55487,6 @@ "id": "sc-15_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-15a.", @@ -66696,29 +55505,6 @@ "id": "sc-15_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-15b.", @@ -66814,6 +55600,11 @@ "class": "SP800-53", "title": "Secure Name/Address Resolution Service (Authoritative Source)", "props": [ + { + "name": "label", + "value": "SC-20", + "class": "zero-padded" + }, { "name": "label", "value": "SC-20" @@ -66880,11 +55671,6 @@ "id": "sc-20_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -66896,11 +55682,6 @@ "id": "sc-20_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -66981,29 +55762,6 @@ "id": "sc-20_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-20a.", @@ -67070,29 +55828,6 @@ "id": "sc-20_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-20b.[01]", @@ -67111,29 +55846,6 @@ "id": "sc-20_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-20b.[02]", @@ -67238,9 +55950,9 @@ "title": "Secure Name/Address Resolution Service (Recursive or Caching Resolver)", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-21", + "class": "zero-padded" }, { "name": "label", @@ -67279,13 +55991,6 @@ { "id": "sc-21_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Request and perform data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources.", "parts": [ { @@ -67350,29 +56055,6 @@ "id": "sc-21_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-21", @@ -67533,6 +56215,11 @@ "class": "SP800-53", "title": "Architecture and Provisioning for Name/Address Resolution Service", "props": [ + { + "name": "label", + "value": "SC-22", + "class": "zero-padded" + }, { "name": "label", "value": "SC-22" @@ -67578,13 +56265,6 @@ { "id": "sc-22_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Ensure the systems that collectively provide name/address resolution service for an organization are fault-tolerant and implement internal and external role separation." }, { @@ -67596,29 +56276,6 @@ "id": "sc-22_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-22", @@ -67783,9 +56440,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-28", + "class": "zero-padded" }, { "name": "label", @@ -67924,13 +56581,6 @@ { "id": "sc-28_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the {{ insert: param, sc-28_odp.01 }} of the following information at rest: {{ insert: param, sc-28_odp.02 }}.", "parts": [ { @@ -67984,29 +56634,6 @@ "id": "sc-28_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-28", @@ -68119,6 +56746,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-28(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-28(1)" @@ -68160,13 +56792,6 @@ { "id": "sc-28.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of the following information at rest on {{ insert: param, sc-28.01_odp.02 }}: {{ insert: param, sc-28.01_odp.01 }}.", "parts": [ { @@ -68198,29 +56823,6 @@ "id": "sc-28.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-28(01)", @@ -68347,6 +56949,11 @@ "class": "SP800-53", "title": "Process Isolation", "props": [ + { + "name": "label", + "value": "SC-39", + "class": "zero-padded" + }, { "name": "label", "value": "SC-39" @@ -68413,13 +57020,6 @@ { "id": "sc-39_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain a separate execution domain for each executing system process." }, { @@ -68431,29 +57031,6 @@ "id": "sc-39_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-39", @@ -68643,6 +57220,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-01", + "class": "zero-padded" + }, { "name": "label", "value": "SI-1" @@ -68706,12 +57288,6 @@ "id": "si-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -68771,11 +57347,6 @@ "id": "si-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -68787,12 +57358,6 @@ "id": "si-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -68857,23 +57422,6 @@ "id": "si-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[01]", @@ -68892,23 +57440,6 @@ "id": "si-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[02]", @@ -68927,17 +57458,6 @@ "id": "si-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[03]", @@ -68956,17 +57476,6 @@ "id": "si-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[04]", @@ -68996,17 +57505,6 @@ "id": "si-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.01(a)", @@ -69152,17 +57650,6 @@ "id": "si-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.01(b)", @@ -69197,23 +57684,6 @@ "id": "si-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01b.", @@ -69243,23 +57713,6 @@ "id": "si-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01c.01", @@ -69315,23 +57768,6 @@ "id": "si-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01c.02", @@ -69466,6 +57902,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-02", + "class": "zero-padded" + }, { "name": "label", "value": "SI-2" @@ -69584,11 +58025,6 @@ "id": "si-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -69600,11 +58036,6 @@ "id": "si-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -69616,11 +58047,6 @@ "id": "si-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -69632,11 +58058,6 @@ "id": "si-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -69666,29 +58087,6 @@ "id": "si-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-02a.", @@ -69762,23 +58160,6 @@ "id": "si-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02b.", @@ -69870,23 +58251,6 @@ "id": "si-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02c.", @@ -69942,23 +58306,6 @@ "id": "si-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02d.", @@ -70140,9 +58487,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-03", + "class": "zero-padded" }, { "name": "label", @@ -70267,11 +58614,6 @@ "id": "si-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -70283,11 +58625,6 @@ "id": "si-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -70299,11 +58636,6 @@ "id": "si-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -70339,11 +58671,6 @@ "id": "si-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -70373,23 +58700,6 @@ "id": "si-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-03a.", @@ -70445,23 +58755,6 @@ "id": "si-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-03b.", @@ -70502,23 +58795,6 @@ "id": "si-3_obj.c.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.01[01]", @@ -70537,23 +58813,6 @@ "id": "si-3_obj.c.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.01[02]", @@ -70591,23 +58850,6 @@ "id": "si-3_obj.c.2-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.02[01]", @@ -70626,23 +58868,6 @@ "id": "si-3_obj.c.2-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.02[02]", @@ -70677,23 +58902,6 @@ "id": "si-3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03d.", @@ -70846,6 +59054,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4" @@ -71070,11 +59283,6 @@ "id": "si-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -71110,11 +59318,6 @@ "id": "si-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -71126,11 +59329,6 @@ "id": "si-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -71166,11 +59364,6 @@ "id": "si-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -71182,11 +59375,6 @@ "id": "si-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -71198,11 +59386,6 @@ "id": "si-4_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -71214,11 +59397,6 @@ "id": "si-4_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -71277,29 +59455,6 @@ "id": "si-4_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04a.01", @@ -71318,29 +59473,6 @@ "id": "si-4_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04a.02", @@ -71422,23 +59554,6 @@ "id": "si-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04b.", @@ -71468,29 +59583,6 @@ "id": "si-4_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04c.01", @@ -71509,29 +59601,6 @@ "id": "si-4_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04c.02", @@ -71558,23 +59627,6 @@ "id": "si-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04d.", @@ -71630,23 +59682,6 @@ "id": "si-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04e.", @@ -71665,23 +59700,6 @@ "id": "si-4_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04f.", @@ -71700,29 +59718,6 @@ "id": "si-4_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04g.", @@ -71877,6 +59872,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-05", + "class": "zero-padded" + }, { "name": "label", "value": "SI-5" @@ -71928,11 +59928,6 @@ "id": "si-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -71944,11 +59939,6 @@ "id": "si-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -71960,11 +59950,6 @@ "id": "si-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -71976,11 +59961,6 @@ "id": "si-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -72022,29 +60002,6 @@ "id": "si-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05a.", @@ -72063,23 +60020,6 @@ "id": "si-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05b.", @@ -72098,29 +60038,6 @@ "id": "si-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05c.", @@ -72139,23 +60056,6 @@ "id": "si-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05d.", @@ -72251,6 +60151,11 @@ "class": "SP800-53", "title": "Information Management and Retention", "props": [ + { + "name": "label", + "value": "SI-12", + "class": "zero-padded" + }, { "name": "label", "value": "SI-12" @@ -72408,13 +60313,6 @@ { "id": "si-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Manage and retain information within the system and information output from the system in accordance with applicable laws, executive orders, directives, regulations, policies, standards, guidelines and operational requirements." }, { @@ -72426,23 +60324,6 @@ "id": "si-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-12", @@ -72710,6 +60591,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-01", + "class": "zero-padded" + }, { "name": "label", "value": "SR-1" @@ -72797,12 +60683,6 @@ "id": "sr-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -72862,11 +60742,6 @@ "id": "sr-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -72878,12 +60753,6 @@ "id": "sr-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -72948,23 +60817,6 @@ "id": "sr-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[01]", @@ -72983,23 +60835,6 @@ "id": "sr-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[02]", @@ -73018,17 +60853,6 @@ "id": "sr-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[03]", @@ -73047,17 +60871,6 @@ "id": "sr-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[04]", @@ -73087,17 +60900,6 @@ "id": "sr-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.01(a)", @@ -73243,17 +61045,6 @@ "id": "sr-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.01(b)", @@ -73288,23 +61079,6 @@ "id": "sr-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01b.", @@ -73334,23 +61108,6 @@ "id": "sr-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01c.01", @@ -73406,23 +61163,6 @@ "id": "sr-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01c.02", @@ -73566,6 +61306,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-02", + "class": "zero-padded" + }, { "name": "label", "value": "SR-2" @@ -73697,11 +61442,6 @@ "id": "sr-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -73713,11 +61453,6 @@ "id": "sr-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -73729,11 +61464,6 @@ "id": "sr-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -73774,23 +61504,6 @@ "id": "sr-2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[01]", @@ -73809,17 +61522,6 @@ "id": "sr-2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[02]", @@ -73838,17 +61540,6 @@ "id": "sr-2_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[03]", @@ -73867,17 +61558,6 @@ "id": "sr-2_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[04]", @@ -73896,17 +61576,6 @@ "id": "sr-2_obj.a-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[05]", @@ -73925,17 +61594,6 @@ "id": "sr-2_obj.a-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[06]", @@ -73954,17 +61612,6 @@ "id": "sr-2_obj.a-7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[07]", @@ -73983,17 +61630,6 @@ "id": "sr-2_obj.a-8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[08]", @@ -74012,17 +61648,6 @@ "id": "sr-2_obj.a-9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[09]", @@ -74049,23 +61674,6 @@ "id": "sr-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-02b.", @@ -74084,23 +61692,6 @@ "id": "sr-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-02c.", @@ -74253,6 +61844,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-2(1)" @@ -74287,13 +61883,6 @@ { "id": "sr-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish a supply chain risk management team consisting of {{ insert: param, sr-02.01_odp.01 }} to lead and support the following SCRM activities: {{ insert: param, sr-02.01_odp.02 }}." }, { @@ -74305,23 +61894,6 @@ "id": "sr-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-02(01)", @@ -74438,6 +62010,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-03", + "class": "zero-padded" + }, { "name": "label", "value": "SR-3" @@ -74598,11 +62175,6 @@ "id": "sr-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -74614,11 +62186,6 @@ "id": "sr-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -74630,11 +62197,6 @@ "id": "sr-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -74693,23 +62255,6 @@ "id": "sr-3_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-03a.[01]", @@ -74728,23 +62273,6 @@ "id": "sr-3_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-03a.[02]", @@ -74771,23 +62299,6 @@ "id": "sr-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-03b.", @@ -74806,23 +62317,6 @@ "id": "sr-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-03c.", @@ -74929,6 +62423,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-05", + "class": "zero-padded" + }, { "name": "label", "value": "SR-5" @@ -75047,13 +62546,6 @@ { "id": "sr-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ the following acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks: {{ insert: param, sr-05_odp }}." }, { @@ -75065,29 +62557,6 @@ "id": "sr-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-05", @@ -75256,6 +62725,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-08", + "class": "zero-padded" + }, { "name": "label", "value": "SR-8" @@ -75326,13 +62800,6 @@ { "id": "sr-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the {{ insert: param, sr-08_odp.01 }}.", "parts": [ { @@ -75364,23 +62831,6 @@ "id": "sr-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-08", @@ -75508,6 +62958,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-10", + "class": "zero-padded" + }, { "name": "label", "value": "SR-10" @@ -75578,13 +63033,6 @@ { "id": "sr-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Inspect the following systems or system components {{ insert: param, sr-10_odp.02 }} to detect tampering: {{ insert: param, sr-10_odp.01 }}." }, { @@ -75596,23 +63044,6 @@ "id": "sr-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-10", @@ -75731,6 +63162,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11" @@ -75790,11 +63226,6 @@ "id": "sr-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -75806,11 +63237,6 @@ "id": "sr-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -75869,23 +63295,6 @@ "id": "sr-11_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[01]", @@ -75904,23 +63313,6 @@ "id": "sr-11_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[02]", @@ -75939,23 +63331,6 @@ "id": "sr-11_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[03]", @@ -75974,23 +63349,6 @@ "id": "sr-11_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[04]", @@ -76017,23 +63375,6 @@ "id": "sr-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11b.", @@ -76140,6 +63481,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11(1)" @@ -76178,13 +63524,6 @@ { "id": "sr-11.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Train {{ insert: param, sr-11.01_odp }} to detect counterfeit system components (including hardware, software, and firmware)." }, { @@ -76196,23 +63535,6 @@ "id": "sr-11.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11(01)", @@ -76316,6 +63638,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11(2)" @@ -76366,13 +63693,6 @@ { "id": "sr-11.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain configuration control over the following system components awaiting service or repair and serviced or repaired components awaiting return to service: {{ insert: param, sr-11.02_odp }}." }, { @@ -76384,23 +63704,6 @@ "id": "sr-11.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11(02)", @@ -76547,6 +63850,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-12", + "class": "zero-padded" + }, { "name": "label", "value": "SR-12" @@ -76581,13 +63889,6 @@ { "id": "sr-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Dispose of {{ insert: param, sr-12_odp.01 }} using the following techniques and methods: {{ insert: param, sr-12_odp.02 }}." }, { @@ -76599,23 +63900,6 @@ "id": "sr-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-12", diff --git a/dist/content/rev5/baselines/json/FedRAMP_rev5_LOW-baseline_profile-min.json b/dist/content/rev5/baselines/json/FedRAMP_rev5_LOW-baseline_profile-min.json index d011da453..03caafb2f 100644 --- a/dist/content/rev5/baselines/json/FedRAMP_rev5_LOW-baseline_profile-min.json +++ b/dist/content/rev5/baselines/json/FedRAMP_rev5_LOW-baseline_profile-min.json @@ -1,11 +1,11 @@ { "profile": { - "uuid": "512149a6-7f04-4c01-bb1b-78eafd6a950d", + "uuid": "a092361d-50c4-4ada-8d3d-bc973ce9c441", "metadata": { "title": "FedRAMP Rev 5 Low Baseline", "published": "2023-08-31T00:00:00Z", - "last-modified": "2024-01-11T23:40:17Z", - "version": "5.1.1+fedramp-20240111-0", + "last-modified": "2023-12-18T15:21:26Z", + "version": "5.1.1+20231218-1", "oscal-version": "1.1.1", "roles": [ { @@ -1516,19752 +1516,546 @@ ], "alters": [ { - "control-id": "ac-1", + "control-id": "ac-7", "adds": [ { - "position": "starting", - "by-id": "ac-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_smt.c", - "props": [ + "position": "ending", + "by-id": "ac-7_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." + "id": "ac-7_fr", + "name": "item", + "title": "AC-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-7_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "In alignment with NIST SP 800-63B" + } + ] } ] } ] }, { - "control-id": "ac-14", + "control-id": "ac-8", "adds": [ { - "position": "starting", - "by-id": "ac-14_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-14_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-14_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-14_smt.b", - "props": [ + "position": "ending", + "by-id": "ac-8_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-8_fr", + "name": "item", + "title": "AC-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-8_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider shall determine elements of the cloud environment that require the System Use Notification control. The elements of the cloud environment that require System Use Notification are approved and accepted by the JAB/AO. " + }, + { + "id": "ac-8_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider shall determine how System Use Notification is going to be verified and provide appropriate periodicity of the check. The System Use Notification verification and periodicity are approved and accepted by the JAB/AO." + }, + { + "id": "ac-8_fr_smt.3", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "If not performed as part of a Configuration Baseline check, then there must be documented agreement on how to provide results of verification and the necessary periodicity of the verification by the service provider. The documented agreement on how to provide verification of the results are approved and accepted by the JAB/AO." + }, + { + "id": "ac-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "If performed as part of a Configuration Baseline check, then the % of items requiring setting that are checked and that pass (or fail) check can be provided." + } + ] } ] } ] }, { - "control-id": "ac-17", + "control-id": "ac-20", "adds": [ { - "position": "starting", - "by-id": "ac-17_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-17_smt.b", - "props": [ + "position": "ending", + "by-id": "ac-20_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-20_fr", + "name": "item", + "title": "AC-20 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-20_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The interrelated controls of AC-20, CA-3, and SA-9 should be differentiated as follows:\n\nAC-20 describes system access to and from external systems.\n\nCA-3 describes documentation of an agreement between the respective system owners when data is exchanged between the CSO and an external system.\n\nSA-9 describes the responsibilities of external system owners. These responsibilities would typically be captured in the agreement required by CA-3." + } + ] } ] } ] }, { - "control-id": "ac-18", + "control-id": "au-2", "adds": [ { - "position": "starting", - "by-id": "ac-18_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-18_smt.b", - "props": [ + "position": "ending", + "by-id": "au-2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-2_fr", + "name": "item", + "title": "AU-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-2_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO." + }, + { + "id": "au-2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(e) Guidance:" + } + ], + "prose": "Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO." + } + ] } ] } ] }, { - "control-id": "ac-19", + "control-id": "au-6", "adds": [ { - "position": "starting", - "by-id": "ac-19_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "au-6_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } + "id": "au-6_fr", + "name": "item", + "title": "AU-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-6_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO. In multi-tenant environments, capability and means for providing review, analysis, and reporting to consumer for data pertaining to consumer shall be documented." + } + ] + } ] - }, + } + ] + }, + { + "control-id": "au-11", + "adds": [ { - "position": "starting", - "by-id": "ac-19_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, + "position": "ending", + "by-id": "au-11_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" + "id": "au-11_fr", + "name": "item", + "title": "AU-11 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-11_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider retains audit records on-line for at least ninety days and further preserves audit records off-line for a period that is in accordance with NARA requirements." + }, + { + "id": "au-11_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf)" + }, + { + "id": "au-11_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The service provider is encouraged to align with M-21-31 where possible" + } + ] } ] - }, + } + ] + }, + { + "control-id": "ca-2", + "adds": [ { - "position": "starting", - "by-id": "ac-19_smt.a", - "props": [ + "position": "ending", + "by-id": "ca-2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ca-2_fr", + "name": "item", + "title": "CA-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Reference FedRAMP Annual Assessment Guidance." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ca-5", + "adds": [ { - "position": "starting", - "by-id": "ac-19_smt.b", - "props": [ + "position": "ending", + "by-id": "ca-5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ca-5_fr", + "name": "item", + "title": "CA-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-5_fr_gdn.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "POA&Ms must be provided at least monthly." + }, + { + "id": "ca-5_fr_smt.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Reference FedRAMP-POAM-Template" + } + ] } ] } ] }, { - "control-id": "ac-2", + "control-id": "ca-6", "adds": [ { - "position": "starting", - "by-id": "ac-2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, + "position": "ending", + "by-id": "ca-6_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" + "id": "ca-6_fr", + "name": "item", + "title": "CA-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-6_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(e) Guidance:" + } + ], + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F and according to FedRAMP Significant Change Policies and Procedures. The service provider describes the types of changes to the information system or the environment of operations that would impact the risk posture. The types of changes are approved and accepted by the JAB/AO." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ca-7", + "adds": [ { - "position": "starting", - "by-id": "ac-2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, + "position": "ending", + "by-id": "ca-7_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" + "id": "ca-7_fr", + "name": "item", + "title": "CA-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-7_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Operating System, Database, Web Application, Container, and Service Configuration Scans: at least monthly. All scans performed by Independent Assessor: at least annually." + }, + { + "id": "ca-7_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "CSOs with more than one agency ATO must implement a collaborative Continuous Monitoring (ConMon) approach described in the FedRAMP Guide for Multi-Agency Continuous Monitoring. This requirement applies to CSOs authorized via the Agency path as each agency customer is responsible for performing ConMon oversight. It does not apply to CSOs authorized via the JAB path because the JAB performs ConMon oversight." + }, + { + "id": "ca-7_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "FedRAMP does not provide a template for the Continuous Monitoring Plan. CSPs should reference the FedRAMP Continuous Monitoring Strategy Guide when developing the Continuous Monitoring Plan." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ca-8", + "adds": [ { - "position": "starting", - "by-id": "ac-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "ca-8_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" + "id": "ca-8_fr", + "name": "item", + "title": "CA-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Scope can be limited to public facing applications in alignment with M-22-09. Reference the FedRAMP Penetration Test Guidance." + } + ] } ] - }, + } + ] + }, + { + "control-id": "cm-2", + "adds": [ { - "position": "starting", - "by-id": "ac-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "cm-2_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.i.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.i.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.i.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.j", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.k-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.k-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.l", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.j", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.k", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.l", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-22", - "adds": [ - { - "position": "starting", - "by-id": "ac-22_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-3", - "adds": [ - { - "position": "starting", - "by-id": "ac-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-7", - "adds": [ - { - "position": "ending", - "by-id": "ac-7_smt", - "parts": [ - { - "id": "ac-7_fr", - "name": "item", - "title": "AC-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "In alignment with NIST SP 800-63B" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-8", - "adds": [ - { - "position": "ending", - "by-id": "ac-8_smt", - "parts": [ - { - "id": "ac-8_fr", - "name": "item", - "title": "AC-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider shall determine elements of the cloud environment that require the System Use Notification control. The elements of the cloud environment that require System Use Notification are approved and accepted by the JAB/AO. " - }, - { - "id": "ac-8_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider shall determine how System Use Notification is going to be verified and provide appropriate periodicity of the check. The System Use Notification verification and periodicity are approved and accepted by the JAB/AO." - }, - { - "id": "ac-8_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "If not performed as part of a Configuration Baseline check, then there must be documented agreement on how to provide results of verification and the necessary periodicity of the verification by the service provider. The documented agreement on how to provide verification of the results are approved and accepted by the JAB/AO." - }, - { - "id": "ac-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "If performed as part of a Configuration Baseline check, then the % of items requiring setting that are checked and that pass (or fail) check can be provided." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-20", - "adds": [ - { - "position": "ending", - "by-id": "ac-20_smt", - "parts": [ - { - "id": "ac-20_fr", - "name": "item", - "title": "AC-20 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-20_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The interrelated controls of AC-20, CA-3, and SA-9 should be differentiated as follows:\n\nAC-20 describes system access to and from external systems.\n\nCA-3 describes documentation of an agreement between the respective system owners when data is exchanged between the CSO and an external system.\n\nSA-9 describes the responsibilities of external system owners. These responsibilities would typically be captured in the agreement required by CA-3." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-1", - "adds": [ - { - "position": "starting", - "by-id": "at-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "at-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "at-2", - "adds": [ - { - "position": "starting", - "by-id": "at-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.1-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.1-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-2.2", - "adds": [ - { - "position": "starting", - "by-id": "at-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-3", - "adds": [ - { - "position": "starting", - "by-id": "at-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-4", - "adds": [ - { - "position": "starting", - "by-id": "at-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-1", - "adds": [ - { - "position": "starting", - "by-id": "au-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "au-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "au-12", - "adds": [ - { - "position": "starting", - "by-id": "au-12_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-2", - "adds": [ - { - "position": "ending", - "by-id": "au-2_smt", - "parts": [ - { - "id": "au-2_fr", - "name": "item", - "title": "AU-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO." - }, - { - "id": "au-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(e) Guidance:" - } - ], - "prose": "Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-3", - "adds": [ - { - "position": "starting", - "by-id": "au-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-4", - "adds": [ - { - "position": "starting", - "by-id": "au-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-5", - "adds": [ - { - "position": "starting", - "by-id": "au-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6", - "adds": [ - { - "position": "ending", - "by-id": "au-6_smt", - "parts": [ - { - "id": "au-6_fr", - "name": "item", - "title": "AU-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO. In multi-tenant environments, capability and means for providing review, analysis, and reporting to consumer for data pertaining to consumer shall be documented." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-11", - "adds": [ - { - "position": "ending", - "by-id": "au-11_smt", - "parts": [ - { - "id": "au-11_fr", - "name": "item", - "title": "AU-11 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-11_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider retains audit records on-line for at least ninety days and further preserves audit records off-line for a period that is in accordance with NARA requirements." - }, - { - "id": "au-11_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf)" - }, - { - "id": "au-11_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The service provider is encouraged to align with M-21-31 where possible" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-11", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-8", - "adds": [ - { - "position": "starting", - "by-id": "au-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-9", - "adds": [ - { - "position": "starting", - "by-id": "au-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-1", - "adds": [ - { - "position": "starting", - "by-id": "ca-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ca-2", - "adds": [ - { - "position": "ending", - "by-id": "ca-2_smt", - "parts": [ - { - "id": "ca-2_fr", - "name": "item", - "title": "CA-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Reference FedRAMP Annual Assessment Guidance." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.b.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-2.1", - "adds": [ - { - "position": "starting", - "by-id": "ca-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-3", - "adds": [ - { - "position": "starting", - "by-id": "ca-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-5", - "adds": [ - { - "position": "ending", - "by-id": "ca-5_smt", - "parts": [ - { - "id": "ca-5_fr", - "name": "item", - "title": "CA-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-5_fr_gdn.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "POA&Ms must be provided at least monthly." - }, - { - "id": "ca-5_fr_smt.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Reference FedRAMP-POAM-Template" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-6", - "adds": [ - { - "position": "ending", - "by-id": "ca-6_smt", - "parts": [ - { - "id": "ca-6_fr", - "name": "item", - "title": "CA-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-6_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(e) Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F and according to FedRAMP Significant Change Policies and Procedures. The service provider describes the types of changes to the information system or the environment of operations that would impact the risk posture. The types of changes are approved and accepted by the JAB/AO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-7", - "adds": [ - { - "position": "ending", - "by-id": "ca-7_smt", - "parts": [ - { - "id": "ca-7_fr", - "name": "item", - "title": "CA-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Operating System, Database, Web Application, Container, and Service Configuration Scans: at least monthly. All scans performed by Independent Assessor: at least annually." - }, - { - "id": "ca-7_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "CSOs with more than one agency ATO must implement a collaborative Continuous Monitoring (ConMon) approach described in the FedRAMP Guide for Multi-Agency Continuous Monitoring. This requirement applies to CSOs authorized via the Agency path as each agency customer is responsible for performing ConMon oversight. It does not apply to CSOs authorized via the JAB path because the JAB performs ConMon oversight." - }, - { - "id": "ca-7_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "FedRAMP does not provide a template for the Continuous Monitoring Plan. CSPs should reference the FedRAMP Continuous Monitoring Strategy Guide when developing the Continuous Monitoring Plan." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-7.4", - "adds": [ - { - "position": "starting", - "by-id": "ca-7.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-8", - "adds": [ - { - "position": "ending", - "by-id": "ca-8_smt", - "parts": [ - { - "id": "ca-8_fr", - "name": "item", - "title": "CA-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Scope can be limited to public facing applications in alignment with M-22-09. Reference the FedRAMP Penetration Test Guidance." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-9", - "adds": [ - { - "position": "starting", - "by-id": "ca-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-1", - "adds": [ - { - "position": "starting", - "by-id": "cm-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "cm-10", - "adds": [ - { - "position": "starting", - "by-id": "cm-10_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-11", - "adds": [ - { - "position": "starting", - "by-id": "cm-11_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-2", - "adds": [ - { - "position": "ending", - "by-id": "cm-2_smt", - "parts": [ - { - "id": "cm-2_fr", - "name": "item", - "title": "CM-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(b) (1) Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.b.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-4", - "adds": [ - { - "position": "starting", - "by-id": "cm-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-5", - "adds": [ - { - "position": "starting", - "by-id": "cm-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-6", - "adds": [ - { - "position": "ending", - "by-id": "cm-6_smt", - "parts": [ - { - "id": "cm-6_fr", - "name": "item", - "title": "CM-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement 1:" - } - ], - "prose": "The service provider shall use the DoD STIGs or Center for Internet Security guidelines to establish configuration settings;" - }, - { - "id": "cm-6_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement 2:" - } - ], - "prose": "The service provider shall ensure that checklists for configuration settings are Security Content Automation Protocol (SCAP) validated or SCAP compatible (if validated checklists are not available)." - }, - { - "id": "cm-6_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP's Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-7", - "adds": [ - { - "position": "ending", - "by-id": "cm-7_smt", - "parts": [ - { - "id": "cm-7_fr", - "name": "item", - "title": "CM-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider shall use Security guidelines (See CM-6) to establish list of prohibited or restricted functions, ports, protocols, and/or services or establishes its own list of prohibited or restricted functions, ports, protocols, and/or services if STIGs or CIS is not available." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-8", - "adds": [ - { - "position": "ending", - "by-id": "cm-8_smt", - "parts": [ - { - "id": "cm-8_fr", - "name": "item", - "title": "CM-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "must be provided at least monthly or when there is a change." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cp-1", - "adds": [ - { - "position": "starting", - "by-id": "cp-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "cp-10", - "adds": [ - { - "position": "starting", - "by-id": "cp-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2", - "adds": [ - { - "position": "ending", - "by-id": "cp-2_smt", - "parts": [ - { - "id": "cp-2_fr", - "name": "item", - "title": "CP-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "For JAB authorizations the contingency lists include designated FedRAMP personnel." - }, - { - "id": "cp-2_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "CSPs must use the FedRAMP Information System Contingency Plan (ISCP) Template (available on the fedramp.gov: https://www.fedramp.gov/assets/resources/templates/SSP-A06-FedRAMP-ISCP-Template.docx)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.e-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.e-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-3", - "adds": [ - { - "position": "ending", - "by-id": "cp-3_smt", - "parts": [ - { - "id": "cp-3_fr", - "name": "item", - "title": "CP-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "Privileged admins and engineers must take the basic contingency training within 10 days. Consideration must be given for those privileged admins and engineers with critical contingency-related roles, to gain enough system context and situational awareness to understand the full impact of contingency training as it applies to their respective level. Newly hired critical contingency personnel must take this more in-depth training within 60 days of hire date when the training will have more impact." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-4", - "adds": [ - { - "position": "ending", - "by-id": "cp-4_smt", - "parts": [ - { - "id": "cp-4_fr", - "name": "item", - "title": "CP-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider develops test plans in accordance with NIST Special Publication 800-34 (as amended); plans are approved by the JAB/AO prior to initiating testing." - }, - { - "id": "cp-4_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider must include the Contingency Plan test results with the security package within the Contingency Plan-designated appendix (Appendix G, Contingency Plan Test Report)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cp-9", - "adds": [ - { - "position": "ending", - "by-id": "cp-9_smt", - "parts": [ - { - "id": "cp-9_fr", - "name": "item", - "title": "CP-9 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-9_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider shall determine what elements of the cloud environment require the Information System Backup control. The service provider shall determine how Information System Backup is going to be verified and appropriate periodicity of the check." - }, - { - "id": "cp-9_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider maintains at least three backup copies of user-level information (at least one of which is available online) or provides an equivalent alternative." - }, - { - "id": "cp-9_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider maintains at least three backup copies of system-level information (at least one of which is available online) or provides an equivalent alternative." - }, - { - "id": "cp-9_fr_smt.4", - "name": "item", - "props": [ - { - "name": "label", - "value": "(c) Requirement:" - } - ], - "prose": "The service provider maintains at least three backup copies of information system documentation including security information (at least one of which is available online) or provides an equivalent alternative." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-1", - "adds": [ - { - "position": "starting", - "by-id": "ia-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ia-2", - "adds": [ - { - "position": "ending", - "by-id": "ia-2_smt", - "parts": [ - { - "id": "ia-2_fr", - "name": "item", - "title": "IA-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "For all control enhancements that specify multifactor authentication, the implementation must adhere to the Digital Identity Guidelines specified in NIST Special Publication 800-63B." - }, - { - "id": "ia-2_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Multi-factor authentication must be phishing-resistant." - }, - { - "id": "ia-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "\\\"Phishing-resistant\\\" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system." - }, - { - "id": "ia-2_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "All uses of encrypted virtual private networks must meet all applicable Federal requirements and architecture, dataflow, and security and privacy controls must be documented, assessed, and authorized to operate." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.1", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.1_smt", - "parts": [ - { - "id": "ia-2.1_fr", - "name": "item", - "title": "IA-2 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." - }, - { - "id": "ia-2.1_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Multi-factor authentication must be phishing-resistant." - }, - { - "id": "ia-2.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.2", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.2_smt", - "parts": [ - { - "id": "ia-2.2_fr", - "name": "item", - "title": "IA-2 (2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." - }, - { - "id": "ia-2.2_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Multi-factor authentication must be phishing-resistant." - }, - { - "id": "ia-2.2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.12", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.12_smt", - "parts": [ - { - "id": "ia-2.12_fr", - "name": "item", - "title": "IA-2 (12) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.12_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Include Common Access Card (CAC), i.e., the DoD technical implementation of PIV/FIPS 201/HSPD-12." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.8", - "adds": [ - { - "position": "starting", - "by-id": "ia-2.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-4", - "adds": [ - { - "position": "starting", - "by-id": "ia-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-5", - "adds": [ - { - "position": "ending", - "by-id": "ia-5_smt", - "parts": [ - { - "id": "ia-5_fr", - "name": "item", - "title": "IA-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Authenticators must be compliant with NIST SP 800-63-3 Digital Identity Guidelines IAL, AAL, FAL level 1. Link https://pages.nist.gov/800-63-3" - }, - { - "id": "ia-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "SP 800-63C Section 6.2.3 Encrypted Assertion requires that authentication assertions be encrypted when passed through third parties, such as a browser. For example, a SAML assertion can be encrypted using XML-Encryption, or an OpenID Connect ID Token can be encrypted using JSON Web Encryption (JWE)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.h-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.h-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-5.1", - "adds": [ - { - "position": "ending", - "by-id": "ia-5.1_smt", - "parts": [ - { - "id": "ia-5.1_fr", - "name": "item", - "title": "IA-5 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Password policies must be compliant with NIST SP 800-63B for all memorized, lookup, out-of-band, or One-Time-Passwords (OTP). Password policies shall not enforce special character or minimum password rotation requirements for memorized secrets of users." - }, - { - "id": "ia-5.1_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(h) Requirement:" - } - ], - "prose": "For cases where technology doesn't allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." - }, - { - "id": "ia-5.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Note that (c) and (d) require the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-11", - "adds": [ - { - "position": "ending", - "by-id": "ia-11_smt", - "parts": [ - { - "id": "ia-11_fr", - "name": "item", - "title": "IA-11 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-11_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The fixed time period cannot exceed the limits set in SP 800-63. At this writing they are:\n\n* AAL1 (low baseline) * 30 days of extended session * No limit on inactivity \n" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-6", - "adds": [ - { - "position": "starting", - "by-id": "ia-6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-7", - "adds": [ - { - "position": "starting", - "by-id": "ia-7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8", - "adds": [ - { - "position": "starting", - "by-id": "ia-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8.1", - "adds": [ - { - "position": "starting", - "by-id": "ia-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8.2", - "adds": [ - { - "position": "starting", - "by-id": "ia-8.2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8.4", - "adds": [ - { - "position": "starting", - "by-id": "ia-8.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-1", - "adds": [ - { - "position": "starting", - "by-id": "ir-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ir-2", - "adds": [ - { - "position": "starting", - "by-id": "ir-2_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-4", - "adds": [ - { - "position": "ending", - "by-id": "ir-4_smt", - "parts": [ - { - "id": "ir-4_fr", - "name": "item", - "title": "IR-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The FISMA definition of \\\"incident\\\" shall be used: \\\"An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.\\\"" - }, - { - "id": "ir-4_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider ensures that individuals conducting incident handling meet personnel security requirements commensurate with the criticality/sensitivity of the information being processed, stored, and transmitted by the information system." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-5", - "adds": [ - { - "position": "starting", - "by-id": "ir-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-6", - "adds": [ - { - "position": "ending", - "by-id": "ir-6_smt", - "parts": [ - { - "id": "ir-6_fr", - "name": "item", - "title": "IR-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Reports security incident information according to FedRAMP Incident Communications Procedure." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-7", - "adds": [ - { - "position": "starting", - "by-id": "ir-7_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-7_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-8", - "adds": [ - { - "position": "ending", - "by-id": "ir-8_smt", - "parts": [ - { - "id": "ir-8_fr", - "name": "item", - "title": "IR-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." - }, - { - "id": "ir-8_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(d) Requirement:" - } - ], - "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.10", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-1", - "adds": [ - { - "position": "starting", - "by-id": "ma-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ma-2", - "adds": [ - { - "position": "starting", - "by-id": "ma-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-4", - "adds": [ - { - "position": "starting", - "by-id": "ma-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-5", - "adds": [ - { - "position": "starting", - "by-id": "ma-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-1", - "adds": [ - { - "position": "starting", - "by-id": "mp-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "mp-2", - "adds": [ - { - "position": "starting", - "by-id": "mp-2_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-2_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-6", - "adds": [ - { - "position": "starting", - "by-id": "mp-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-7", - "adds": [ - { - "position": "starting", - "by-id": "mp-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-1", - "adds": [ - { - "position": "starting", - "by-id": "pe-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "pe-12", - "adds": [ - { - "position": "starting", - "by-id": "pe-12_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-13", - "adds": [ - { - "position": "starting", - "by-id": "pe-13_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-14", - "adds": [ - { - "position": "ending", - "by-id": "pe-14_smt", - "parts": [ - { - "id": "pe-14_fr", - "name": "item", - "title": "PE-14 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pe-14_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider measures temperature at server inlets and humidity levels by dew point." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-15", - "adds": [ - { - "position": "starting", - "by-id": "pe-15_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-16", - "adds": [ - { - "position": "starting", - "by-id": "pe-16_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-2", - "adds": [ - { - "position": "starting", - "by-id": "pe-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-3", - "adds": [ - { - "position": "starting", - "by-id": "pe-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.e-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.e-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.e-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.g-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.g-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "pe-6", - "adds": [ - { - "position": "starting", - "by-id": "pe-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-8", - "adds": [ - { - "position": "starting", - "by-id": "pe-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-1", - "adds": [ - { - "position": "starting", - "by-id": "pl-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "pl-11", - "adds": [ - { - "position": "starting", - "by-id": "pl-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-2", - "adds": [ - { - "position": "starting", - "by-id": "pl-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.4-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.4-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.10-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.10-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.11", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.12-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.12-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.13-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.13-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.14-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.14-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.15-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.15-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-4", - "adds": [ - { - "position": "starting", - "by-id": "pl-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-4.1", - "adds": [ - { - "position": "starting", - "by-id": "pl-4.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-8", - "adds": [ - { - "position": "ending", - "by-id": "pl-8_smt", - "parts": [ - { - "id": "pl-8_fr", - "name": "item", - "title": "PL-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pl-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(b) Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-10", - "adds": [ - { - "position": "ending", - "by-id": "pl-10_smt", - "parts": [ - { - "id": "pl-10_fr", - "name": "item", - "title": "PL-10 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pl-10_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Select the appropriate FedRAMP Baseline" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "pl-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-1", - "adds": [ - { - "position": "starting", - "by-id": "ps-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ps-2", - "adds": [ - { - "position": "starting", - "by-id": "ps-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-3", - "adds": [ - { - "position": "starting", - "by-id": "ps-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-4", - "adds": [ - { - "position": "starting", - "by-id": "ps-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-5", - "adds": [ - { - "position": "starting", - "by-id": "ps-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-6", - "adds": [ - { - "position": "starting", - "by-id": "ps-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-7", - "adds": [ - { - "position": "starting", - "by-id": "ps-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-8", - "adds": [ - { - "position": "starting", - "by-id": "ps-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-9", - "adds": [ - { - "position": "starting", - "by-id": "ps-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-1", - "adds": [ - { - "position": "starting", - "by-id": "ra-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ra-2", - "adds": [ - { - "position": "starting", - "by-id": "ra-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-3", - "adds": [ - { - "position": "ending", - "by-id": "ra-3_smt", - "parts": [ - { - "id": "ra-3_fr", - "name": "item", - "title": "RA-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ra-3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." - }, - { - "id": "ra-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(e) Requirement:" - } - ], - "prose": "Include all Authorizing Officials; for JAB authorizations to include FedRAMP." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-3.1", - "adds": [ - { - "position": "starting", - "by-id": "ra-3.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-5", - "adds": [ - { - "position": "ending", - "by-id": "ra-5_smt", - "parts": [ - { - "id": "ra-5_fr", - "name": "item", - "title": "RA-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ra-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See the FedRAMP Documents page> Vulnerability Scanning Requirements https://www.FedRAMP.gov/documents/" - }, - { - "id": "ra-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "an accredited independent assessor scans operating systems/infrastructure, web applications, and databases once annually." - }, - { - "id": "ra-5_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(d) Requirement:" - } - ], - "prose": "If a vulnerability is listed among the CISA Known Exploited Vulnerability (KEV) Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) the KEV remediation date supersedes the FedRAMP parameter requirement." - }, - { - "id": "ra-5_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "(e) Requirement:" - } - ], - "prose": "to include all Authorizing Officials; for JAB authorizations to include FedRAMP" - }, - { - "id": "ra-5_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a \\\"warning\\\" as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on \\\"Tracking of Compliance Scans\\\" in FAQs." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ra-5.11", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-5.2", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ra-7", - "adds": [ - { - "position": "starting", - "by-id": "ra-7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-1", - "adds": [ - { - "position": "starting", - "by-id": "sa-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "sa-2", - "adds": [ - { - "position": "starting", - "by-id": "sa-2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-22", - "adds": [ - { - "position": "starting", - "by-id": "sa-22_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-22_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-22_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-22_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-3", - "adds": [ - { - "position": "starting", - "by-id": "sa-3_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4", - "adds": [ - { - "position": "ending", - "by-id": "sa-4_smt", - "parts": [ - { - "id": "sa-4_fr", - "name": "item", - "title": "SA-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "sa-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider must comply with Federal Acquisition Regulation (FAR) Subpart 7.103, and Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year 2019 (Pub. L. 115-232), and FAR Subpart 4.21, which implements Section 889 (as well as any added updates related to FISMA to address security concerns in the system acquisitions process)." - }, - { - "id": "sa-4_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The use of Common Criteria (ISO/IEC 15408) evaluated products is strongly preferred.\n\nSee https://www.niap-ccevs.org/Product/index.cfm or https://www.commoncriteriaportal.org/products/." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4.10", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-5", - "adds": [ - { - "position": "starting", - "by-id": "sa-5_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.2-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.2-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.3-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.3-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-8", - "adds": [ - { - "position": "starting", - "by-id": "sa-8_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-10", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-9", - "adds": [ - { - "position": "starting", - "by-id": "sa-9_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-1", - "adds": [ - { - "position": "starting", - "by-id": "sc-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "sc-22", - "adds": [ - { - "position": "starting", - "by-id": "sc-22_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-22_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-39", - "adds": [ - { - "position": "starting", - "by-id": "sc-39_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-39_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-5", - "adds": [ - { - "position": "starting", - "by-id": "sc-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "cm-2_fr", + "name": "item", + "title": "CM-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cm-2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b) (1) Guidance:" + } + ], + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." + } + ] } ] } ] }, { - "control-id": "sc-7", + "control-id": "cm-6", "adds": [ { "position": "ending", - "by-id": "sc-7_smt", + "by-id": "cm-6_smt", "parts": [ { - "id": "sc-7_fr", + "id": "cm-6_fr", "name": "item", - "title": "SC-7 Additional FedRAMP Requirements and Guidance", + "title": "CM-6 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-7_fr_gdn.1", + "id": "cm-6_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement 1:" + } + ], + "prose": "The service provider shall use the DoD STIGs or Center for Internet Security guidelines to establish configuration settings;" + }, + { + "id": "cm-6_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement 2:" + } + ], + "prose": "The service provider shall ensure that checklists for configuration settings are Security Content Automation Protocol (SCAP) validated or SCAP compatible (if validated checklists are not available)." + }, + { + "id": "cm-6_fr_gdn.1", "name": "guidance", "props": [ { "name": "label", - "value": "(b) Guidance:" + "value": "Guidance:" } ], - "prose": "SC-7 (b) should be met by subnet isolation. A subnetwork (subnet) is a physically or logically segmented section of a larger network defined at TCP/IP Layer 3, to both minimize traffic and, important for a FedRAMP Authorization, add a crucial layer of network isolation. Subnets are distinct from VLANs (Layer 2), security groups, and VPCs and are specifically required to satisfy SC-7 part b and other controls. See the FedRAMP Subnets White Paper (https://www.fedramp.gov/assets/resources/documents/FedRAMP_subnets_white_paper.pdf) for additional information." + "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP\u2019s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-8", + "control-id": "cm-7", "adds": [ { "position": "ending", - "by-id": "sc-8_smt", + "by-id": "cm-7_smt", "parts": [ { - "id": "sc-8_fr", + "id": "cm-7_fr", "name": "item", - "title": "SC-8 Additional FedRAMP Requirements and Guidance", + "title": "CM-7 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n \n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work - e.g. log collection, scanning, etc.\n\n\n \n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters \n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information] " - }, - { - "id": "sc-8_fr_gdn.2", - "name": "guidance", + "id": "cm-7_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(b) Requirement:" } ], - "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n \n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n \n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS's Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS' recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n \n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n \n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n \n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf " + "prose": "The service provider shall use Security guidelines (See CM-6) to establish list of prohibited or restricted functions, ports, protocols, and/or services or establishes its own list of prohibited or restricted functions, ports, protocols, and/or services if STIGs or CIS is not available." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-8.1", + "control-id": "cm-8", "adds": [ { "position": "ending", - "by-id": "sc-8.1_smt", + "by-id": "cm-8_smt", "parts": [ { - "id": "sc-8.1_fr", + "id": "cm-8_fr", "name": "item", - "title": "SC-8 (1) Additional FedRAMP Requirements and Guidance", + "title": "CM-8 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-8.1_fr_smt.1", + "id": "cm-8_fr_smt.1", "name": "item", "props": [ { @@ -21269,361 +2063,199 @@ "value": "Requirement:" } ], - "prose": "Please ensure SSP Section 10.3 Cryptographic Modules Implemented for Data At Rest (DAR) and Data In Transit (DIT) is fully populated for reference in this control." - }, - { - "id": "sc-8.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See M-22-09, including \\\"Agencies encrypt all DNS requests and HTTP traffic within their environment\\\"\n\nSC-8 (1) applies when encryption has been selected as the method to protect confidentiality and integrity. Otherwise refer to SC-8 (5). SC-8 (1) is strongly encouraged." - }, + "prose": "must be provided at least monthly or when there is a change." + } + ] + } + ] + } + ] + }, + { + "control-id": "cp-2", + "adds": [ + { + "position": "ending", + "by-id": "cp-2_smt", + "parts": [ + { + "id": "cp-2_fr", + "name": "item", + "title": "CP-2 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-8.1_fr_gdn.2", - "name": "guidance", + "id": "cp-2_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" + "prose": "For JAB authorizations the contingency lists include designated FedRAMP personnel." }, { - "id": "sc-8.1_fr_gdn.3", - "name": "guidance", + "id": "cp-2_fr_smt.2", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "When leveraging encryption from the underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + "prose": "CSPs must use the FedRAMP Information System Contingency Plan (ISCP) Template (available on the fedramp.gov: https://www.fedramp.gov/assets/resources/templates/SSP-A06-FedRAMP-ISCP-Template.docx)." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "sc-12", + "control-id": "cp-3", "adds": [ { "position": "ending", - "by-id": "sc-12_smt", + "by-id": "cp-3_smt", "parts": [ { - "id": "sc-12_fr", + "id": "cp-3_fr", "name": "item", - "title": "SC-12 Additional FedRAMP Requirements and Guidance", + "title": "CP-3 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-12_fr_gdn.1", - "name": "guidance", + "id": "cp-3_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "See references in NIST 800-53 documentation." - }, + "prose": "Privileged admins and engineers must take the basic contingency training within 10 days. Consideration must be given for those privileged admins and engineers with critical contingency-related roles, to gain enough system context and situational awareness to understand the full impact of contingency training as it applies to their respective level. Newly hired critical contingency personnel must take this more in-depth training within 60 days of hire date when the training will have more impact." + } + ] + } + ] + } + ] + }, + { + "control-id": "cp-4", + "adds": [ + { + "position": "ending", + "by-id": "cp-4_smt", + "parts": [ + { + "id": "cp-4_fr", + "name": "item", + "title": "CP-4 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-12_fr_gdn.2", - "name": "guidance", + "id": "cp-4_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "Must meet applicable Federal Cryptographic Requirements. See References Section of control." + "prose": "The service provider develops test plans in accordance with NIST Special Publication 800-34 (as amended); plans are approved by the JAB/AO prior to initiating testing." }, { - "id": "sc-12_fr_gdn.3", - "name": "guidance", + "id": "cp-4_fr_smt.2", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(b) Requirement:" } ], - "prose": "Wildcard certificates may be used internally within the system, but are not permitted for external customer access to the system." + "prose": "The service provider must include the Contingency Plan test results with the security package within the Contingency Plan-designated appendix (Appendix G, Contingency Plan Test Report)." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-13", + "control-id": "cp-9", "adds": [ { "position": "ending", - "by-id": "sc-13_smt", + "by-id": "cp-9_smt", "parts": [ { - "id": "sc-13_fr", + "id": "cp-9_fr", "name": "item", - "title": "SC-13 Additional FedRAMP Requirements and Guidance", + "title": "CP-9 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-13_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "This control applies to all use of cryptography. In addition to encryption, this includes functions such as hashing, random number generation, and key generation. Examples include the following:\n\n* Encryption of data\n* Decryption of data\n* Generation of one time passwords (OTPs) for MFA\n* Protocols such as TLS, SSH, and HTTPS\n\n\n \n\nThe requirement for FIPS 140 validation, as well as timelines for acceptance of FIPS 140-2, and 140-3 can be found at the NIST Cryptographic Module Validation Program (CMVP).\n\nhttps://csrc.nist.gov/projects/cryptographic-module-validation-program" - }, - { - "id": "sc-13_fr_gdn.2", - "name": "guidance", + "id": "cp-9_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "For NSA-approved cryptography, the National Information Assurance Partnership (NIAP) oversees a national program to evaluate Commercial IT Products for Use in National Security Systems. The NIAP Product Compliant List can be found at the following location:\n\nhttps://www.niap-ccevs.org/Product/index.cfm" + "prose": "The service provider shall determine what elements of the cloud environment require the Information System Backup control. The service provider shall determine how Information System Backup is going to be verified and appropriate periodicity of the check." }, { - "id": "sc-13_fr_gdn.3", - "name": "guidance", + "id": "cp-9_fr_smt.2", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + "prose": "The service provider maintains at least three backup copies of user-level information (at least one of which is available online) or provides an equivalent alternative." }, { - "id": "sc-13_fr_gdn.4", - "name": "guidance", + "id": "cp-9_fr_smt.3", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(b) Requirement:" } ], - "prose": "Moving to non-FIPS CM or product is acceptable when:\n\n* FIPS validated version has a known vulnerability\n* Feature with vulnerability is in use\n* Non-FIPS version fixes the vulnerability\n* Non-FIPS version is submitted to NIST for FIPS validation\n* POA&M is added to track approval, and deployment when ready\n" + "prose": "The service provider maintains at least three backup copies of system-level information (at least one of which is available online) or provides an equivalent alternative." }, { - "id": "sc-13_fr_gdn.5", - "name": "guidance", + "id": "cp-9_fr_smt.4", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(c) Requirement:" } ], - "prose": "At a minimum, this control applies to cryptography in use for the following controls: AU-9(3), CP-9(8), IA-2(6), IA-5(1), MP-5, SC-8(1), and SC-28(1)." + "prose": "The service provider maintains at least three backup copies of information system documentation including security information (at least one of which is available online) or provides an equivalent alternative." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-13_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-13_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-13_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-13_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-13", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-15", + "control-id": "ia-2", "adds": [ { "position": "ending", - "by-id": "sc-15_smt", + "by-id": "ia-2_smt", "parts": [ { - "id": "sc-15_fr", + "id": "ia-2_fr", "name": "item", - "title": "SC-15 Additional FedRAMP Requirements and Guidance", + "title": "IA-2 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-15_fr_smt.1", + "id": "ia-2_fr_smt.1", "name": "item", "props": [ { @@ -21631,102 +2263,10 @@ "value": "Requirement:" } ], - "prose": "The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sc-15_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-15_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-15_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-15_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-20", - "adds": [ - { - "position": "ending", - "by-id": "sc-20_smt", - "parts": [ - { - "id": "sc-20_fr", - "name": "item", - "title": "SC-20 Additional FedRAMP Requirements and Guidance", - "parts": [ + "prose": "For all control enhancements that specify multifactor authentication, the implementation must adhere to the Digital Identity Guidelines specified in NIST Special Publication 800-63B." + }, { - "id": "sc-20_fr_smt.1", + "id": "ia-2_fr_smt.2", "name": "item", "props": [ { @@ -21734,10 +2274,10 @@ "value": "Requirement:" } ], - "prose": "Control Description should include how DNSSEC is implemented on authoritative DNS servers to supply valid responses to external DNSSEC requests." + "prose": "Multi-factor authentication must be phishing-resistant." }, { - "id": "sc-20_fr_gdn.1", + "id": "ia-2_fr_gdn.1", "name": "guidance", "props": [ { @@ -21745,10 +2285,10 @@ "value": "Guidance:" } ], - "prose": "SC-20 applies to use of external authoritative DNS to access a CSO from outside the boundary." + "prose": "\\\"Phishing-resistant\\\" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system." }, { - "id": "sc-20_fr_gdn.2", + "id": "ia-2_fr_gdn.2", "name": "guidance", "props": [ { @@ -21756,148 +2296,79 @@ "value": "Guidance:" } ], - "prose": "External authoritative DNS servers may be located outside an authorized environment. Positioning these servers inside an authorized boundary is encouraged." + "prose": "All uses of encrypted virtual private networks must meet all applicable Federal requirements and architecture, dataflow, and security and privacy controls must be documented, assessed, and authorized to operate." + } + ] + } + ] + } + ] + }, + { + "control-id": "ia-2.1", + "adds": [ + { + "position": "ending", + "by-id": "ia-2.1_smt", + "parts": [ + { + "id": "ia-2.1_fr", + "name": "item", + "title": "IA-2 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-2.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." }, { - "id": "sc-20_fr_gdn.3", - "name": "guidance", + "id": "ia-2.1_fr_smt.2", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "CSPs are recommended to self-check DNSSEC configuration through one of many available analyzers such as Sandia National Labs (https://dnsviz.net)" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "prose": "Multi-factor authentication must be phishing-resistant." + }, + { + "id": "ia-2.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." + } + ] } ] } ] }, { - "control-id": "sc-21", + "control-id": "ia-2.2", "adds": [ { "position": "ending", - "by-id": "sc-21_smt", + "by-id": "ia-2.2_smt", "parts": [ { - "id": "sc-21_fr", + "id": "ia-2.2_fr", "name": "item", - "title": "SC-21 Additional FedRAMP Requirements and Guidance", + "title": "IA-2 (2) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-21_fr_smt.1", + "id": "ia-2.2_fr_smt.1", "name": "item", "props": [ { @@ -21905,10 +2376,10 @@ "value": "Requirement:" } ], - "prose": "Control description should include how DNSSEC is implemented on recursive DNS servers to make DNSSEC requests when resolving DNS requests from internal components to domains external to the CSO boundary.\n\n* If the reply is signed, and fails DNSSEC, do not use the reply\n* If the reply is unsigned: * CSP chooses the policy to apply \n" + "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." }, { - "id": "sc-21_fr_smt.2", + "id": "ia-2.2_fr_smt.2", "name": "item", "props": [ { @@ -21916,21 +2387,10 @@ "value": "Requirement:" } ], - "prose": "Internal recursive DNS servers must be located inside an authorized environment. It is typically within the boundary, or leveraged from an underlying IaaS/PaaS." - }, - { - "id": "sc-21_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Accepting an unsigned reply is acceptable" + "prose": "Multi-factor authentication must be phishing-resistant." }, { - "id": "sc-21_fr_gdn.2", + "id": "ia-2.2_fr_gdn.1", "name": "guidance", "props": [ { @@ -21938,79 +2398,28 @@ "value": "Guidance:" } ], - "prose": "SC-21 applies to use of internal recursive DNS to access a domain outside the boundary by a component inside the boundary.\n\n* DNSSEC resolution to access a component inside the boundary is excluded.\n" + "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-21_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-21_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-21", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-28", + "control-id": "ia-2.12", "adds": [ { "position": "ending", - "by-id": "sc-28_smt", + "by-id": "ia-2.12_smt", "parts": [ { - "id": "sc-28_fr", + "id": "ia-2.12_fr", "name": "item", - "title": "SC-28 Additional FedRAMP Requirements and Guidance", + "title": "IA-2 (12) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-28_fr_gdn.1", + "id": "ia-2.12_fr_gdn.1", "name": "guidance", "props": [ { @@ -22018,21 +2427,39 @@ "value": "Guidance:" } ], - "prose": "The organization supports the capability to use cryptographic mechanisms to protect information at rest." - }, + "prose": "Include Common Access Card (CAC), i.e., the DoD technical implementation of PIV/FIPS 201/HSPD-12." + } + ] + } + ] + } + ] + }, + { + "control-id": "ia-5", + "adds": [ + { + "position": "ending", + "by-id": "ia-5_smt", + "parts": [ + { + "id": "ia-5_fr", + "name": "item", + "title": "IA-5 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-28_fr_gdn.2", - "name": "guidance", + "id": "ia-5_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + "prose": "Authenticators must be compliant with NIST SP 800-63-3 Digital Identity Guidelines IAL, AAL, FAL level 1. Link https://pages.nist.gov/800-63-3" }, { - "id": "sc-28_fr_gdn.3", + "id": "ia-5_fr_gdn.1", "name": "guidance", "props": [ { @@ -22040,79 +2467,50 @@ "value": "Guidance:" } ], - "prose": "Note that this enhancement requires the use of cryptography in accordance with SC-13." + "prose": "SP 800-63C Section 6.2.3 Encrypted Assertion requires that authentication assertions be encrypted when passed through third parties, such as a browser. For example, a SAML assertion can be encrypted using XML-Encryption, or an OpenID Connect ID Token can be encrypted using JSON Web Encryption (JWE)." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-28_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-28_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-28", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-28.1", + "control-id": "ia-5.1", "adds": [ { "position": "ending", - "by-id": "sc-28.1_smt", + "by-id": "ia-5.1_smt", "parts": [ { - "id": "sc-28.1_fr", + "id": "ia-5.1_fr", "name": "item", - "title": "SC-28 (1) Additional FedRAMP Requirements and Guidance", + "title": "IA-5 (1) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-28.1_fr_gdn.1", + "id": "ia-5.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Password policies must be compliant with NIST SP 800-63B for all memorized, lookup, out-of-band, or One-Time-Passwords (OTP). Password policies shall not enforce special character or minimum password rotation requirements for memorized secrets of users." + }, + { + "id": "ia-5.1_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(h) Requirement:" + } + ], + "prose": "For cases where technology doesn\u2019t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." + }, + { + "id": "ia-5.1_fr_gdn.1", "name": "guidance", "props": [ { @@ -22120,698 +2518,253 @@ "value": "Guidance:" } ], - "prose": "Organizations should select a mode of protection that is targeted towards the relevant threat scenarios.\n\nExamples:\n\nA. Organizations may apply full disk encryption (FDE) to a mobile device where the primary threat is loss of the device while storage is locked.\n\nB. For a database application housing data for a single customer, encryption at the file system level would often provide more protection than FDE against the more likely threat of an intruder on the operating system accessing the storage.\n\nC. For a database application housing data for multiple customers, encryption with unique keys for each customer at the database record level may be more appropriate." + "prose": "Note that (c) and (d) require the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13)." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-28.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-28.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "si-1", + "control-id": "ia-11", "adds": [ { - "position": "starting", - "by-id": "si-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "si-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-1_smt.c", - "props": [ + "position": "ending", + "by-id": "ia-11_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." + "id": "ia-11_fr", + "name": "item", + "title": "IA-11 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-11_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The fixed time period cannot exceed the limits set in SP 800-63. At this writing they are:\n\n* AAL1 (low baseline) * 30 days of extended session * No limit on inactivity \n" + } + ] } ] } ] }, { - "control-id": "si-12", + "control-id": "ir-4", "adds": [ { - "position": "starting", - "by-id": "si-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-12_smt", - "props": [ + "position": "ending", + "by-id": "ir-4_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ir-4_fr", + "name": "item", + "title": "IR-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-4_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The FISMA definition of \\\"incident\\\" shall be used: \\\"An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.\\\"" + }, + { + "id": "ir-4_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider ensures that individuals conducting incident handling meet personnel security requirements commensurate with the criticality/sensitivity of the information being processed, stored, and transmitted by the information system." + } + ] } ] } ] }, { - "control-id": "si-2", + "control-id": "ir-6", "adds": [ { - "position": "starting", - "by-id": "si-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.d", - "props": [ + "position": "ending", + "by-id": "ir-6_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ir-6_fr", + "name": "item", + "title": "IR-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-6_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Reports security incident information according to FedRAMP Incident Communications Procedure." + } + ] } ] } ] }, { - "control-id": "si-3", + "control-id": "ir-8", "adds": [ { - "position": "starting", - "by-id": "si-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.2-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.2-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.b", - "props": [ + "position": "ending", + "by-id": "ir-8_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ir-8_fr", + "name": "item", + "title": "IR-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-8_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(b) Requirement:" + } + ], + "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." + }, + { + "id": "ir-8_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(d) Requirement:" + } + ], + "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." + } + ] } ] - }, + } + ] + }, + { + "control-id": "pe-14", + "adds": [ { - "position": "starting", - "by-id": "si-3_smt.c", - "props": [ + "position": "ending", + "by-id": "pe-14_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "pe-14_fr", + "name": "item", + "title": "PE-14 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pe-14_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "The service provider measures temperature at server inlets and humidity levels by dew point." + } + ] } ] - }, + } + ] + }, + { + "control-id": "pl-8", + "adds": [ { - "position": "starting", - "by-id": "si-3_smt.d", - "props": [ + "position": "ending", + "by-id": "pl-8_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "pl-8_fr", + "name": "item", + "title": "PL-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pl-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b) Guidance:" + } + ], + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." + } + ] } ] - }, + } + ] + }, + { + "control-id": "pl-10", + "adds": [ { - "position": "starting", - "by-id": "si-3", - "props": [ + "position": "ending", + "by-id": "pl-10_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "pl-10_fr", + "name": "item", + "title": "PL-10 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pl-10_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Select the appropriate FedRAMP Baseline" + } + ] } ] } ] }, { - "control-id": "si-4", + "control-id": "ra-3", "adds": [ { "position": "ending", - "by-id": "si-4_smt", + "by-id": "ra-3_smt", "parts": [ { - "id": "si-4_fr", + "id": "ra-3_fr", "name": "item", - "title": "SI-4 Additional FedRAMP Requirements and Guidance", + "title": "RA-3 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-4_fr_gdn.1", + "id": "ra-3_fr_gdn.1", "name": "guidance", "props": [ { @@ -22819,1155 +2772,673 @@ "value": "Guidance:" } ], - "prose": "See US-CERT Incident Response Reporting Guidelines." + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." + }, + { + "id": "ra-3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(e) Requirement:" + } + ], + "prose": "Include all Authorizing Officials; for JAB authorizations to include FedRAMP." } ] } ] - }, - { - "position": "starting", - "by-id": "si-4_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "si-5", + "control-id": "ra-5", "adds": [ { "position": "ending", - "by-id": "si-5_smt", + "by-id": "ra-5_smt", "parts": [ { - "id": "si-5_fr_smt.1", + "id": "ra-5_fr", "name": "item", - "title": "SI-5 Additional FedRAMP Requirements and Guidance", - "props": [ + "title": "RA-5 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "name": "label", - "value": "Requirement:" + "id": "ra-5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See the FedRAMP Documents page> Vulnerability Scanning Requirements https://www.FedRAMP.gov/documents/" + }, + { + "id": "ra-5_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "an accredited independent assessor scans operating systems/infrastructure, web applications, and databases once annually." + }, + { + "id": "ra-5_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(d) Requirement:" + } + ], + "prose": "If a vulnerability is listed among the CISA Known Exploited Vulnerability (KEV) Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) the KEV remediation date supersedes the FedRAMP parameter requirement." + }, + { + "id": "ra-5_fr_smt.3", + "name": "item", + "props": [ + { + "name": "label", + "value": "(e) Requirement:" + } + ], + "prose": "to include all Authorizing Officials; for JAB authorizations to include FedRAMP" + }, + { + "id": "ra-5_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a \u201cwarning\u201d as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on \u201cTracking of Compliance Scans\u201d in FAQs." } - ], - "prose": "Service Providers must address the CISA Emergency and Binding Operational Directives applicable to their cloud service offering per FedRAMP guidance. This includes listing the applicable directives and stating compliance status." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + ] } ] } ] }, { - "control-id": "sr-1", + "control-id": "sa-4", "adds": [ { - "position": "starting", - "by-id": "sr-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_smt.c", - "props": [ + "position": "ending", + "by-id": "sa-4_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." + "id": "sa-4_fr", + "name": "item", + "title": "SA-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sa-4_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must comply with Federal Acquisition Regulation (FAR) Subpart 7.103, and Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year 2019 (Pub. L. 115-232), and FAR Subpart 4.21, which implements Section 889 (as well as any added updates related to FISMA to address security concerns in the system acquisitions process)." + }, + { + "id": "sa-4_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The use of Common Criteria (ISO/IEC 15408) evaluated products is strongly preferred.\n\nSee https://www.niap-ccevs.org/Product/index.cfm or https://www.commoncriteriaportal.org/products/." + } + ] } ] } ] }, { - "control-id": "sr-10", + "control-id": "sc-7", "adds": [ { - "position": "starting", - "by-id": "sr-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "sc-7_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" + "id": "sc-7_fr", + "name": "item", + "title": "SC-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-7_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b) Guidance:" + } + ], + "prose": "SC-7 (b) should be met by subnet isolation. A subnetwork (subnet) is a physically or logically segmented section of a larger network defined at TCP/IP Layer 3, to both minimize traffic and, important for a FedRAMP Authorization, add a crucial layer of network isolation. Subnets are distinct from VLANs (Layer 2), security groups, and VPCs and are specifically required to satisfy SC-7 part b and other controls. See the FedRAMP Subnets White Paper (https://www.fedramp.gov/assets/resources/documents/FedRAMP_subnets_white_paper.pdf) for additional information." + } + ] } ] - }, + } + ] + }, + { + "control-id": "sc-8", + "adds": [ { - "position": "starting", - "by-id": "sr-10_smt", - "props": [ + "position": "ending", + "by-id": "sc-8_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-8_fr", + "name": "item", + "title": "SC-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n \n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work \u2013 e.g. log collection, scanning, etc.\n\n\n \n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters \n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information] " + }, + { + "id": "sc-8_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n \n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n \n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS\u2019s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS\u2019 recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n \n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n \n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n \n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf " + } + ] } ] } ] }, { - "control-id": "sr-11.1", + "control-id": "sc-8.1", "adds": [ { - "position": "starting", - "by-id": "sr-11.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "sc-8.1_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" + "id": "sc-8.1_fr", + "name": "item", + "title": "SC-8 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-8.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Please ensure SSP Section 10.3 Cryptographic Modules Implemented for Data At Rest (DAR) and Data In Transit (DIT) is fully populated for reference in this control." + }, + { + "id": "sc-8.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See M-22-09, including \\\"Agencies encrypt all DNS requests and HTTP traffic within their environment\\\"\n\nSC-8 (1) applies when encryption has been selected as the method to protect confidentiality and integrity. Otherwise refer to SC-8 (5). SC-8 (1) is strongly encouraged." + }, + { + "id": "sc-8.1_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" + }, + { + "id": "sc-8.1_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When leveraging encryption from the underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + } + ] } ] - }, + } + ] + }, + { + "control-id": "sc-12", + "adds": [ { - "position": "starting", - "by-id": "sr-11.1_smt", - "props": [ + "position": "ending", + "by-id": "sc-12_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-12_fr", + "name": "item", + "title": "SC-12 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-12_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See references in NIST 800-53 documentation." + }, + { + "id": "sc-12_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Must meet applicable Federal Cryptographic Requirements. See References Section of control." + }, + { + "id": "sc-12_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Wildcard certificates may be used internally within the system, but are not permitted for external customer access to the system." + } + ] } ] } ] }, { - "control-id": "sr-11.2", + "control-id": "sc-13", "adds": [ { - "position": "starting", - "by-id": "sr-11.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11.2_smt", - "props": [ + "position": "ending", + "by-id": "sc-13_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-13_fr", + "name": "item", + "title": "SC-13 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-13_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "This control applies to all use of cryptography. In addition to encryption, this includes functions such as hashing, random number generation, and key generation. Examples include the following:\n\n* Encryption of data\n* Decryption of data\n* Generation of one time passwords (OTPs) for MFA\n* Protocols such as TLS, SSH, and HTTPS\n\n\n \n\nThe requirement for FIPS 140 validation, as well as timelines for acceptance of FIPS 140-2, and 140-3 can be found at the NIST Cryptographic Module Validation Program (CMVP).\n\nhttps://csrc.nist.gov/projects/cryptographic-module-validation-program" + }, + { + "id": "sc-13_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For NSA-approved cryptography, the National Information Assurance Partnership (NIAP) oversees a national program to evaluate Commercial IT Products for Use in National Security Systems. The NIAP Product Compliant List can be found at the following location:\n\nhttps://www.niap-ccevs.org/Product/index.cfm" + }, + { + "id": "sc-13_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + }, + { + "id": "sc-13_fr_gdn.4", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Moving to non-FIPS CM or product is acceptable when:\n\n* FIPS validated version has a known vulnerability\n* Feature with vulnerability is in use\n* Non-FIPS version fixes the vulnerability\n* Non-FIPS version is submitted to NIST for FIPS validation\n* POA&M is added to track approval, and deployment when ready\n" + }, + { + "id": "sc-13_fr_gdn.5", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "At a minimum, this control applies to cryptography in use for the following controls: AU-9(3), CP-9(8), IA-2(6), IA-5(1), MP-5, SC-8(1), and SC-28(1)." + } + ] } ] } ] }, { - "control-id": "sr-12", + "control-id": "sc-15", "adds": [ { - "position": "starting", - "by-id": "sr-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-12_smt", - "props": [ + "position": "ending", + "by-id": "sc-15_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-15_fr", + "name": "item", + "title": "SC-15 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-15_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use." + } + ] } ] } ] }, { - "control-id": "sr-2", + "control-id": "sc-20", "adds": [ { - "position": "starting", - "by-id": "sr-2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, + "position": "ending", + "by-id": "sc-20_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" + "id": "sc-20_fr", + "name": "item", + "title": "SC-20 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-20_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Control Description should include how DNSSEC is implemented on authoritative DNS servers to supply valid responses to external DNSSEC requests." + }, + { + "id": "sc-20_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SC-20 applies to use of external authoritative DNS to access a CSO from outside the boundary." + }, + { + "id": "sc-20_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "External authoritative DNS servers may be located outside an authorized environment. Positioning these servers inside an authorized boundary is encouraged." + }, + { + "id": "sc-20_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "CSPs are recommended to self-check DNSSEC configuration through one of many available analyzers such as Sandia National Labs (https://dnsviz.net)" + } + ] } ] - }, + } + ] + }, + { + "control-id": "sc-21", + "adds": [ { - "position": "starting", - "by-id": "sr-2_smt.a", - "props": [ + "position": "ending", + "by-id": "sc-21_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-21_fr", + "name": "item", + "title": "SC-21 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-21_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Control description should include how DNSSEC is implemented on recursive DNS servers to make DNSSEC requests when resolving DNS requests from internal components to domains external to the CSO boundary.\n\n* If the reply is signed, and fails DNSSEC, do not use the reply\n* If the reply is unsigned: * CSP chooses the policy to apply \n" + }, + { + "id": "sc-21_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Internal recursive DNS servers must be located inside an authorized environment. It is typically within the boundary, or leveraged from an underlying IaaS/PaaS." + }, + { + "id": "sc-21_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Accepting an unsigned reply is acceptable" + }, + { + "id": "sc-21_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SC-21 applies to use of internal recursive DNS to access a domain outside the boundary by a component inside the boundary.\n\n* DNSSEC resolution to access a component inside the boundary is excluded.\n" + } + ] } ] - }, + } + ] + }, + { + "control-id": "sc-28", + "adds": [ { - "position": "starting", - "by-id": "sr-2_smt.b", - "props": [ + "position": "ending", + "by-id": "sc-28_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-28_fr", + "name": "item", + "title": "SC-28 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-28_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The organization supports the capability to use cryptographic mechanisms to protect information at rest." + }, + { + "id": "sc-28_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + }, + { + "id": "sc-28_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Note that this enhancement requires the use of cryptography in accordance with SC-13." + } + ] } ] - }, + } + ] + }, + { + "control-id": "sc-28.1", + "adds": [ { - "position": "starting", - "by-id": "sr-2_smt.c", - "props": [ + "position": "ending", + "by-id": "sc-28.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-28.1_fr", + "name": "item", + "title": "SC-28 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-28.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Organizations should select a mode of protection that is targeted towards the relevant threat scenarios.\n\nExamples:\n\nA. Organizations may apply full disk encryption (FDE) to a mobile device where the primary threat is loss of the device while storage is locked.\n\nB. For a database application housing data for a single customer, encryption at the file system level would often provide more protection than FDE against the more likely threat of an intruder on the operating system accessing the storage.\n\nC. For a database application housing data for multiple customers, encryption with unique keys for each customer at the database record level may be more appropriate." + } + ] } ] } ] }, { - "control-id": "sr-2.1", + "control-id": "si-4", "adds": [ { - "position": "starting", - "by-id": "sr-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "si-4_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" + "id": "si-4_fr", + "name": "item", + "title": "SI-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "si-4_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See US-CERT Incident Response Reporting Guidelines." + } + ] } ] - }, + } + ] + }, + { + "control-id": "si-5", + "adds": [ { - "position": "starting", - "by-id": "sr-2.1_smt", - "props": [ + "position": "ending", + "by-id": "si-5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "si-5_fr_smt.1", + "name": "item", + "title": "SI-5 Additional FedRAMP Requirements and Guidance", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Service Providers must address the CISA Emergency and Binding Operational Directives applicable to their cloud service offering per FedRAMP guidance. This includes listing the applicable directives and stating compliance status." } ] } @@ -23999,176 +3470,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sr-5", - "adds": [ - { - "position": "starting", - "by-id": "sr-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, @@ -24198,40 +3499,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, @@ -24261,143 +3528,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] } @@ -24431,7 +3561,7 @@ }, { "uuid": "051a77c1-b61d-4995-8275-dacfe688d510", - "title": "NIST Special Publication (SP) 800-53", + "title": "NIST Special Publication (SP) 800-53 revision 5", "props": [ { "name": "version", @@ -24440,7 +3570,7 @@ ], "rlinks": [ { - "href": "https://raw.githubusercontent.com/usnistgov/oscal-content/v1.2.0/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json", + "href": "NIST_SP-800-53_rev5_catalog.json", "media-type": "application/oscal+json" } ] diff --git a/dist/content/rev5/baselines/json/FedRAMP_rev5_LOW-baseline_profile.json b/dist/content/rev5/baselines/json/FedRAMP_rev5_LOW-baseline_profile.json index 2b3a7ab2c..b81d1c34a 100644 --- a/dist/content/rev5/baselines/json/FedRAMP_rev5_LOW-baseline_profile.json +++ b/dist/content/rev5/baselines/json/FedRAMP_rev5_LOW-baseline_profile.json @@ -1,11 +1,11 @@ { "profile": { - "uuid": "512149a6-7f04-4c01-bb1b-78eafd6a950d", + "uuid": "a092361d-50c4-4ada-8d3d-bc973ce9c441", "metadata": { "title": "FedRAMP Rev 5 Low Baseline", "published": "2023-08-31T00:00:00Z", - "last-modified": "2024-01-11T23:40:17Z", - "version": "5.1.1+fedramp-20240111-0", + "last-modified": "2023-12-18T15:21:26Z", + "version": "5.1.1+20231218-1", "oscal-version": "1.1.1", "roles": [ { @@ -1516,19752 +1516,546 @@ ], "alters": [ { - "control-id": "ac-1", + "control-id": "ac-7", "adds": [ { - "position": "starting", - "by-id": "ac-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_smt.c", - "props": [ + "position": "ending", + "by-id": "ac-7_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." + "id": "ac-7_fr", + "name": "item", + "title": "AC-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-7_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "In alignment with NIST SP 800-63B" + } + ] } ] } ] }, { - "control-id": "ac-14", + "control-id": "ac-8", "adds": [ { - "position": "starting", - "by-id": "ac-14_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-14_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-14_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-14_smt.b", - "props": [ + "position": "ending", + "by-id": "ac-8_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-8_fr", + "name": "item", + "title": "AC-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-8_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider shall determine elements of the cloud environment that require the System Use Notification control. The elements of the cloud environment that require System Use Notification are approved and accepted by the JAB/AO. " + }, + { + "id": "ac-8_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider shall determine how System Use Notification is going to be verified and provide appropriate periodicity of the check. The System Use Notification verification and periodicity are approved and accepted by the JAB/AO." + }, + { + "id": "ac-8_fr_smt.3", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "If not performed as part of a Configuration Baseline check, then there must be documented agreement on how to provide results of verification and the necessary periodicity of the verification by the service provider. The documented agreement on how to provide verification of the results are approved and accepted by the JAB/AO." + }, + { + "id": "ac-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "If performed as part of a Configuration Baseline check, then the % of items requiring setting that are checked and that pass (or fail) check can be provided." + } + ] } ] } ] }, { - "control-id": "ac-17", + "control-id": "ac-20", "adds": [ { - "position": "starting", - "by-id": "ac-17_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-17_smt.b", - "props": [ + "position": "ending", + "by-id": "ac-20_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-20_fr", + "name": "item", + "title": "AC-20 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-20_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The interrelated controls of AC-20, CA-3, and SA-9 should be differentiated as follows:\n\nAC-20 describes system access to and from external systems.\n\nCA-3 describes documentation of an agreement between the respective system owners when data is exchanged between the CSO and an external system.\n\nSA-9 describes the responsibilities of external system owners. These responsibilities would typically be captured in the agreement required by CA-3." + } + ] } ] } ] }, { - "control-id": "ac-18", + "control-id": "au-2", "adds": [ { - "position": "starting", - "by-id": "ac-18_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-18_smt.b", - "props": [ + "position": "ending", + "by-id": "au-2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-2_fr", + "name": "item", + "title": "AU-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-2_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO." + }, + { + "id": "au-2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(e) Guidance:" + } + ], + "prose": "Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO." + } + ] } ] } ] }, { - "control-id": "ac-19", + "control-id": "au-6", "adds": [ { - "position": "starting", - "by-id": "ac-19_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "au-6_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } + "id": "au-6_fr", + "name": "item", + "title": "AU-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-6_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO. In multi-tenant environments, capability and means for providing review, analysis, and reporting to consumer for data pertaining to consumer shall be documented." + } + ] + } ] - }, + } + ] + }, + { + "control-id": "au-11", + "adds": [ { - "position": "starting", - "by-id": "ac-19_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, + "position": "ending", + "by-id": "au-11_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" + "id": "au-11_fr", + "name": "item", + "title": "AU-11 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-11_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider retains audit records on-line for at least ninety days and further preserves audit records off-line for a period that is in accordance with NARA requirements." + }, + { + "id": "au-11_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf)" + }, + { + "id": "au-11_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The service provider is encouraged to align with M-21-31 where possible" + } + ] } ] - }, + } + ] + }, + { + "control-id": "ca-2", + "adds": [ { - "position": "starting", - "by-id": "ac-19_smt.a", - "props": [ + "position": "ending", + "by-id": "ca-2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ca-2_fr", + "name": "item", + "title": "CA-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Reference FedRAMP Annual Assessment Guidance." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ca-5", + "adds": [ { - "position": "starting", - "by-id": "ac-19_smt.b", - "props": [ + "position": "ending", + "by-id": "ca-5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ca-5_fr", + "name": "item", + "title": "CA-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-5_fr_gdn.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "POA&Ms must be provided at least monthly." + }, + { + "id": "ca-5_fr_smt.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Reference FedRAMP-POAM-Template" + } + ] } ] } ] }, { - "control-id": "ac-2", + "control-id": "ca-6", "adds": [ { - "position": "starting", - "by-id": "ac-2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, + "position": "ending", + "by-id": "ca-6_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" + "id": "ca-6_fr", + "name": "item", + "title": "CA-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-6_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(e) Guidance:" + } + ], + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F and according to FedRAMP Significant Change Policies and Procedures. The service provider describes the types of changes to the information system or the environment of operations that would impact the risk posture. The types of changes are approved and accepted by the JAB/AO." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ca-7", + "adds": [ { - "position": "starting", - "by-id": "ac-2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, + "position": "ending", + "by-id": "ca-7_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" + "id": "ca-7_fr", + "name": "item", + "title": "CA-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-7_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Operating System, Database, Web Application, Container, and Service Configuration Scans: at least monthly. All scans performed by Independent Assessor: at least annually." + }, + { + "id": "ca-7_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "CSOs with more than one agency ATO must implement a collaborative Continuous Monitoring (ConMon) approach described in the FedRAMP Guide for Multi-Agency Continuous Monitoring. This requirement applies to CSOs authorized via the Agency path as each agency customer is responsible for performing ConMon oversight. It does not apply to CSOs authorized via the JAB path because the JAB performs ConMon oversight." + }, + { + "id": "ca-7_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "FedRAMP does not provide a template for the Continuous Monitoring Plan. CSPs should reference the FedRAMP Continuous Monitoring Strategy Guide when developing the Continuous Monitoring Plan." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ca-8", + "adds": [ { - "position": "starting", - "by-id": "ac-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "ca-8_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" + "id": "ca-8_fr", + "name": "item", + "title": "CA-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Scope can be limited to public facing applications in alignment with M-22-09. Reference the FedRAMP Penetration Test Guidance." + } + ] } ] - }, + } + ] + }, + { + "control-id": "cm-2", + "adds": [ { - "position": "starting", - "by-id": "ac-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "cm-2_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.i.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.i.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.i.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.j", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.k-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.k-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.l", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.j", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.k", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.l", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-22", - "adds": [ - { - "position": "starting", - "by-id": "ac-22_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-3", - "adds": [ - { - "position": "starting", - "by-id": "ac-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-7", - "adds": [ - { - "position": "ending", - "by-id": "ac-7_smt", - "parts": [ - { - "id": "ac-7_fr", - "name": "item", - "title": "AC-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "In alignment with NIST SP 800-63B" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-8", - "adds": [ - { - "position": "ending", - "by-id": "ac-8_smt", - "parts": [ - { - "id": "ac-8_fr", - "name": "item", - "title": "AC-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider shall determine elements of the cloud environment that require the System Use Notification control. The elements of the cloud environment that require System Use Notification are approved and accepted by the JAB/AO. " - }, - { - "id": "ac-8_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider shall determine how System Use Notification is going to be verified and provide appropriate periodicity of the check. The System Use Notification verification and periodicity are approved and accepted by the JAB/AO." - }, - { - "id": "ac-8_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "If not performed as part of a Configuration Baseline check, then there must be documented agreement on how to provide results of verification and the necessary periodicity of the verification by the service provider. The documented agreement on how to provide verification of the results are approved and accepted by the JAB/AO." - }, - { - "id": "ac-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "If performed as part of a Configuration Baseline check, then the % of items requiring setting that are checked and that pass (or fail) check can be provided." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-20", - "adds": [ - { - "position": "ending", - "by-id": "ac-20_smt", - "parts": [ - { - "id": "ac-20_fr", - "name": "item", - "title": "AC-20 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-20_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The interrelated controls of AC-20, CA-3, and SA-9 should be differentiated as follows:\n\nAC-20 describes system access to and from external systems.\n\nCA-3 describes documentation of an agreement between the respective system owners when data is exchanged between the CSO and an external system.\n\nSA-9 describes the responsibilities of external system owners. These responsibilities would typically be captured in the agreement required by CA-3." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-1", - "adds": [ - { - "position": "starting", - "by-id": "at-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "at-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "at-2", - "adds": [ - { - "position": "starting", - "by-id": "at-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.1-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.1-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-2.2", - "adds": [ - { - "position": "starting", - "by-id": "at-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-3", - "adds": [ - { - "position": "starting", - "by-id": "at-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-4", - "adds": [ - { - "position": "starting", - "by-id": "at-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-1", - "adds": [ - { - "position": "starting", - "by-id": "au-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "au-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "au-12", - "adds": [ - { - "position": "starting", - "by-id": "au-12_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-2", - "adds": [ - { - "position": "ending", - "by-id": "au-2_smt", - "parts": [ - { - "id": "au-2_fr", - "name": "item", - "title": "AU-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO." - }, - { - "id": "au-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(e) Guidance:" - } - ], - "prose": "Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-3", - "adds": [ - { - "position": "starting", - "by-id": "au-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-4", - "adds": [ - { - "position": "starting", - "by-id": "au-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-5", - "adds": [ - { - "position": "starting", - "by-id": "au-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6", - "adds": [ - { - "position": "ending", - "by-id": "au-6_smt", - "parts": [ - { - "id": "au-6_fr", - "name": "item", - "title": "AU-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO. In multi-tenant environments, capability and means for providing review, analysis, and reporting to consumer for data pertaining to consumer shall be documented." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-11", - "adds": [ - { - "position": "ending", - "by-id": "au-11_smt", - "parts": [ - { - "id": "au-11_fr", - "name": "item", - "title": "AU-11 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-11_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider retains audit records on-line for at least ninety days and further preserves audit records off-line for a period that is in accordance with NARA requirements." - }, - { - "id": "au-11_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf)" - }, - { - "id": "au-11_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The service provider is encouraged to align with M-21-31 where possible" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-11", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-8", - "adds": [ - { - "position": "starting", - "by-id": "au-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-9", - "adds": [ - { - "position": "starting", - "by-id": "au-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-1", - "adds": [ - { - "position": "starting", - "by-id": "ca-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ca-2", - "adds": [ - { - "position": "ending", - "by-id": "ca-2_smt", - "parts": [ - { - "id": "ca-2_fr", - "name": "item", - "title": "CA-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Reference FedRAMP Annual Assessment Guidance." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.b.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-2.1", - "adds": [ - { - "position": "starting", - "by-id": "ca-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-3", - "adds": [ - { - "position": "starting", - "by-id": "ca-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-5", - "adds": [ - { - "position": "ending", - "by-id": "ca-5_smt", - "parts": [ - { - "id": "ca-5_fr", - "name": "item", - "title": "CA-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-5_fr_gdn.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "POA&Ms must be provided at least monthly." - }, - { - "id": "ca-5_fr_smt.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Reference FedRAMP-POAM-Template" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-6", - "adds": [ - { - "position": "ending", - "by-id": "ca-6_smt", - "parts": [ - { - "id": "ca-6_fr", - "name": "item", - "title": "CA-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-6_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(e) Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F and according to FedRAMP Significant Change Policies and Procedures. The service provider describes the types of changes to the information system or the environment of operations that would impact the risk posture. The types of changes are approved and accepted by the JAB/AO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-7", - "adds": [ - { - "position": "ending", - "by-id": "ca-7_smt", - "parts": [ - { - "id": "ca-7_fr", - "name": "item", - "title": "CA-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Operating System, Database, Web Application, Container, and Service Configuration Scans: at least monthly. All scans performed by Independent Assessor: at least annually." - }, - { - "id": "ca-7_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "CSOs with more than one agency ATO must implement a collaborative Continuous Monitoring (ConMon) approach described in the FedRAMP Guide for Multi-Agency Continuous Monitoring. This requirement applies to CSOs authorized via the Agency path as each agency customer is responsible for performing ConMon oversight. It does not apply to CSOs authorized via the JAB path because the JAB performs ConMon oversight." - }, - { - "id": "ca-7_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "FedRAMP does not provide a template for the Continuous Monitoring Plan. CSPs should reference the FedRAMP Continuous Monitoring Strategy Guide when developing the Continuous Monitoring Plan." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-7.4", - "adds": [ - { - "position": "starting", - "by-id": "ca-7.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-8", - "adds": [ - { - "position": "ending", - "by-id": "ca-8_smt", - "parts": [ - { - "id": "ca-8_fr", - "name": "item", - "title": "CA-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Scope can be limited to public facing applications in alignment with M-22-09. Reference the FedRAMP Penetration Test Guidance." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-9", - "adds": [ - { - "position": "starting", - "by-id": "ca-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-1", - "adds": [ - { - "position": "starting", - "by-id": "cm-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "cm-10", - "adds": [ - { - "position": "starting", - "by-id": "cm-10_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-11", - "adds": [ - { - "position": "starting", - "by-id": "cm-11_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-2", - "adds": [ - { - "position": "ending", - "by-id": "cm-2_smt", - "parts": [ - { - "id": "cm-2_fr", - "name": "item", - "title": "CM-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(b) (1) Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.b.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-4", - "adds": [ - { - "position": "starting", - "by-id": "cm-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-5", - "adds": [ - { - "position": "starting", - "by-id": "cm-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-6", - "adds": [ - { - "position": "ending", - "by-id": "cm-6_smt", - "parts": [ - { - "id": "cm-6_fr", - "name": "item", - "title": "CM-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement 1:" - } - ], - "prose": "The service provider shall use the DoD STIGs or Center for Internet Security guidelines to establish configuration settings;" - }, - { - "id": "cm-6_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement 2:" - } - ], - "prose": "The service provider shall ensure that checklists for configuration settings are Security Content Automation Protocol (SCAP) validated or SCAP compatible (if validated checklists are not available)." - }, - { - "id": "cm-6_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP's Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-7", - "adds": [ - { - "position": "ending", - "by-id": "cm-7_smt", - "parts": [ - { - "id": "cm-7_fr", - "name": "item", - "title": "CM-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider shall use Security guidelines (See CM-6) to establish list of prohibited or restricted functions, ports, protocols, and/or services or establishes its own list of prohibited or restricted functions, ports, protocols, and/or services if STIGs or CIS is not available." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-8", - "adds": [ - { - "position": "ending", - "by-id": "cm-8_smt", - "parts": [ - { - "id": "cm-8_fr", - "name": "item", - "title": "CM-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "must be provided at least monthly or when there is a change." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cp-1", - "adds": [ - { - "position": "starting", - "by-id": "cp-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "cp-10", - "adds": [ - { - "position": "starting", - "by-id": "cp-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2", - "adds": [ - { - "position": "ending", - "by-id": "cp-2_smt", - "parts": [ - { - "id": "cp-2_fr", - "name": "item", - "title": "CP-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "For JAB authorizations the contingency lists include designated FedRAMP personnel." - }, - { - "id": "cp-2_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "CSPs must use the FedRAMP Information System Contingency Plan (ISCP) Template (available on the fedramp.gov: https://www.fedramp.gov/assets/resources/templates/SSP-A06-FedRAMP-ISCP-Template.docx)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.e-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.e-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-3", - "adds": [ - { - "position": "ending", - "by-id": "cp-3_smt", - "parts": [ - { - "id": "cp-3_fr", - "name": "item", - "title": "CP-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "Privileged admins and engineers must take the basic contingency training within 10 days. Consideration must be given for those privileged admins and engineers with critical contingency-related roles, to gain enough system context and situational awareness to understand the full impact of contingency training as it applies to their respective level. Newly hired critical contingency personnel must take this more in-depth training within 60 days of hire date when the training will have more impact." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-4", - "adds": [ - { - "position": "ending", - "by-id": "cp-4_smt", - "parts": [ - { - "id": "cp-4_fr", - "name": "item", - "title": "CP-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider develops test plans in accordance with NIST Special Publication 800-34 (as amended); plans are approved by the JAB/AO prior to initiating testing." - }, - { - "id": "cp-4_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider must include the Contingency Plan test results with the security package within the Contingency Plan-designated appendix (Appendix G, Contingency Plan Test Report)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cp-9", - "adds": [ - { - "position": "ending", - "by-id": "cp-9_smt", - "parts": [ - { - "id": "cp-9_fr", - "name": "item", - "title": "CP-9 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-9_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider shall determine what elements of the cloud environment require the Information System Backup control. The service provider shall determine how Information System Backup is going to be verified and appropriate periodicity of the check." - }, - { - "id": "cp-9_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider maintains at least three backup copies of user-level information (at least one of which is available online) or provides an equivalent alternative." - }, - { - "id": "cp-9_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider maintains at least three backup copies of system-level information (at least one of which is available online) or provides an equivalent alternative." - }, - { - "id": "cp-9_fr_smt.4", - "name": "item", - "props": [ - { - "name": "label", - "value": "(c) Requirement:" - } - ], - "prose": "The service provider maintains at least three backup copies of information system documentation including security information (at least one of which is available online) or provides an equivalent alternative." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-1", - "adds": [ - { - "position": "starting", - "by-id": "ia-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ia-2", - "adds": [ - { - "position": "ending", - "by-id": "ia-2_smt", - "parts": [ - { - "id": "ia-2_fr", - "name": "item", - "title": "IA-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "For all control enhancements that specify multifactor authentication, the implementation must adhere to the Digital Identity Guidelines specified in NIST Special Publication 800-63B." - }, - { - "id": "ia-2_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Multi-factor authentication must be phishing-resistant." - }, - { - "id": "ia-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "\\\"Phishing-resistant\\\" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system." - }, - { - "id": "ia-2_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "All uses of encrypted virtual private networks must meet all applicable Federal requirements and architecture, dataflow, and security and privacy controls must be documented, assessed, and authorized to operate." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.1", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.1_smt", - "parts": [ - { - "id": "ia-2.1_fr", - "name": "item", - "title": "IA-2 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." - }, - { - "id": "ia-2.1_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Multi-factor authentication must be phishing-resistant." - }, - { - "id": "ia-2.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.2", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.2_smt", - "parts": [ - { - "id": "ia-2.2_fr", - "name": "item", - "title": "IA-2 (2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." - }, - { - "id": "ia-2.2_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Multi-factor authentication must be phishing-resistant." - }, - { - "id": "ia-2.2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.12", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.12_smt", - "parts": [ - { - "id": "ia-2.12_fr", - "name": "item", - "title": "IA-2 (12) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.12_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Include Common Access Card (CAC), i.e., the DoD technical implementation of PIV/FIPS 201/HSPD-12." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.8", - "adds": [ - { - "position": "starting", - "by-id": "ia-2.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-4", - "adds": [ - { - "position": "starting", - "by-id": "ia-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-5", - "adds": [ - { - "position": "ending", - "by-id": "ia-5_smt", - "parts": [ - { - "id": "ia-5_fr", - "name": "item", - "title": "IA-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Authenticators must be compliant with NIST SP 800-63-3 Digital Identity Guidelines IAL, AAL, FAL level 1. Link https://pages.nist.gov/800-63-3" - }, - { - "id": "ia-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "SP 800-63C Section 6.2.3 Encrypted Assertion requires that authentication assertions be encrypted when passed through third parties, such as a browser. For example, a SAML assertion can be encrypted using XML-Encryption, or an OpenID Connect ID Token can be encrypted using JSON Web Encryption (JWE)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.h-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.h-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-5.1", - "adds": [ - { - "position": "ending", - "by-id": "ia-5.1_smt", - "parts": [ - { - "id": "ia-5.1_fr", - "name": "item", - "title": "IA-5 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Password policies must be compliant with NIST SP 800-63B for all memorized, lookup, out-of-band, or One-Time-Passwords (OTP). Password policies shall not enforce special character or minimum password rotation requirements for memorized secrets of users." - }, - { - "id": "ia-5.1_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(h) Requirement:" - } - ], - "prose": "For cases where technology doesn't allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." - }, - { - "id": "ia-5.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Note that (c) and (d) require the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-11", - "adds": [ - { - "position": "ending", - "by-id": "ia-11_smt", - "parts": [ - { - "id": "ia-11_fr", - "name": "item", - "title": "IA-11 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-11_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The fixed time period cannot exceed the limits set in SP 800-63. At this writing they are:\n\n* AAL1 (low baseline) * 30 days of extended session * No limit on inactivity \n" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-6", - "adds": [ - { - "position": "starting", - "by-id": "ia-6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-7", - "adds": [ - { - "position": "starting", - "by-id": "ia-7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8", - "adds": [ - { - "position": "starting", - "by-id": "ia-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8.1", - "adds": [ - { - "position": "starting", - "by-id": "ia-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8.2", - "adds": [ - { - "position": "starting", - "by-id": "ia-8.2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8.4", - "adds": [ - { - "position": "starting", - "by-id": "ia-8.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-1", - "adds": [ - { - "position": "starting", - "by-id": "ir-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ir-2", - "adds": [ - { - "position": "starting", - "by-id": "ir-2_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-4", - "adds": [ - { - "position": "ending", - "by-id": "ir-4_smt", - "parts": [ - { - "id": "ir-4_fr", - "name": "item", - "title": "IR-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The FISMA definition of \\\"incident\\\" shall be used: \\\"An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.\\\"" - }, - { - "id": "ir-4_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider ensures that individuals conducting incident handling meet personnel security requirements commensurate with the criticality/sensitivity of the information being processed, stored, and transmitted by the information system." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-5", - "adds": [ - { - "position": "starting", - "by-id": "ir-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-6", - "adds": [ - { - "position": "ending", - "by-id": "ir-6_smt", - "parts": [ - { - "id": "ir-6_fr", - "name": "item", - "title": "IR-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Reports security incident information according to FedRAMP Incident Communications Procedure." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-7", - "adds": [ - { - "position": "starting", - "by-id": "ir-7_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-7_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-8", - "adds": [ - { - "position": "ending", - "by-id": "ir-8_smt", - "parts": [ - { - "id": "ir-8_fr", - "name": "item", - "title": "IR-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." - }, - { - "id": "ir-8_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(d) Requirement:" - } - ], - "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.10", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-1", - "adds": [ - { - "position": "starting", - "by-id": "ma-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ma-2", - "adds": [ - { - "position": "starting", - "by-id": "ma-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-4", - "adds": [ - { - "position": "starting", - "by-id": "ma-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-5", - "adds": [ - { - "position": "starting", - "by-id": "ma-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-1", - "adds": [ - { - "position": "starting", - "by-id": "mp-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "mp-2", - "adds": [ - { - "position": "starting", - "by-id": "mp-2_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-2_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-6", - "adds": [ - { - "position": "starting", - "by-id": "mp-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-7", - "adds": [ - { - "position": "starting", - "by-id": "mp-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-1", - "adds": [ - { - "position": "starting", - "by-id": "pe-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "pe-12", - "adds": [ - { - "position": "starting", - "by-id": "pe-12_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-13", - "adds": [ - { - "position": "starting", - "by-id": "pe-13_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-14", - "adds": [ - { - "position": "ending", - "by-id": "pe-14_smt", - "parts": [ - { - "id": "pe-14_fr", - "name": "item", - "title": "PE-14 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pe-14_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider measures temperature at server inlets and humidity levels by dew point." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-15", - "adds": [ - { - "position": "starting", - "by-id": "pe-15_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-16", - "adds": [ - { - "position": "starting", - "by-id": "pe-16_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-2", - "adds": [ - { - "position": "starting", - "by-id": "pe-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-3", - "adds": [ - { - "position": "starting", - "by-id": "pe-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.e-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.e-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.e-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.g-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.g-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "pe-6", - "adds": [ - { - "position": "starting", - "by-id": "pe-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-8", - "adds": [ - { - "position": "starting", - "by-id": "pe-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-1", - "adds": [ - { - "position": "starting", - "by-id": "pl-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "pl-11", - "adds": [ - { - "position": "starting", - "by-id": "pl-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-2", - "adds": [ - { - "position": "starting", - "by-id": "pl-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.4-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.4-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.10-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.10-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.11", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.12-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.12-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.13-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.13-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.14-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.14-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.15-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.15-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-4", - "adds": [ - { - "position": "starting", - "by-id": "pl-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-4.1", - "adds": [ - { - "position": "starting", - "by-id": "pl-4.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-8", - "adds": [ - { - "position": "ending", - "by-id": "pl-8_smt", - "parts": [ - { - "id": "pl-8_fr", - "name": "item", - "title": "PL-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pl-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(b) Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-10", - "adds": [ - { - "position": "ending", - "by-id": "pl-10_smt", - "parts": [ - { - "id": "pl-10_fr", - "name": "item", - "title": "PL-10 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pl-10_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Select the appropriate FedRAMP Baseline" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "pl-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-1", - "adds": [ - { - "position": "starting", - "by-id": "ps-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ps-2", - "adds": [ - { - "position": "starting", - "by-id": "ps-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-3", - "adds": [ - { - "position": "starting", - "by-id": "ps-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-4", - "adds": [ - { - "position": "starting", - "by-id": "ps-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-5", - "adds": [ - { - "position": "starting", - "by-id": "ps-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-6", - "adds": [ - { - "position": "starting", - "by-id": "ps-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-7", - "adds": [ - { - "position": "starting", - "by-id": "ps-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-8", - "adds": [ - { - "position": "starting", - "by-id": "ps-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-9", - "adds": [ - { - "position": "starting", - "by-id": "ps-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-1", - "adds": [ - { - "position": "starting", - "by-id": "ra-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ra-2", - "adds": [ - { - "position": "starting", - "by-id": "ra-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-3", - "adds": [ - { - "position": "ending", - "by-id": "ra-3_smt", - "parts": [ - { - "id": "ra-3_fr", - "name": "item", - "title": "RA-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ra-3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." - }, - { - "id": "ra-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(e) Requirement:" - } - ], - "prose": "Include all Authorizing Officials; for JAB authorizations to include FedRAMP." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-3.1", - "adds": [ - { - "position": "starting", - "by-id": "ra-3.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-5", - "adds": [ - { - "position": "ending", - "by-id": "ra-5_smt", - "parts": [ - { - "id": "ra-5_fr", - "name": "item", - "title": "RA-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ra-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See the FedRAMP Documents page> Vulnerability Scanning Requirements https://www.FedRAMP.gov/documents/" - }, - { - "id": "ra-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "an accredited independent assessor scans operating systems/infrastructure, web applications, and databases once annually." - }, - { - "id": "ra-5_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(d) Requirement:" - } - ], - "prose": "If a vulnerability is listed among the CISA Known Exploited Vulnerability (KEV) Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) the KEV remediation date supersedes the FedRAMP parameter requirement." - }, - { - "id": "ra-5_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "(e) Requirement:" - } - ], - "prose": "to include all Authorizing Officials; for JAB authorizations to include FedRAMP" - }, - { - "id": "ra-5_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a \\\"warning\\\" as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on \\\"Tracking of Compliance Scans\\\" in FAQs." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ra-5.11", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-5.2", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ra-7", - "adds": [ - { - "position": "starting", - "by-id": "ra-7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-1", - "adds": [ - { - "position": "starting", - "by-id": "sa-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "sa-2", - "adds": [ - { - "position": "starting", - "by-id": "sa-2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-22", - "adds": [ - { - "position": "starting", - "by-id": "sa-22_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-22_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-22_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-22_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-3", - "adds": [ - { - "position": "starting", - "by-id": "sa-3_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4", - "adds": [ - { - "position": "ending", - "by-id": "sa-4_smt", - "parts": [ - { - "id": "sa-4_fr", - "name": "item", - "title": "SA-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "sa-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider must comply with Federal Acquisition Regulation (FAR) Subpart 7.103, and Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year 2019 (Pub. L. 115-232), and FAR Subpart 4.21, which implements Section 889 (as well as any added updates related to FISMA to address security concerns in the system acquisitions process)." - }, - { - "id": "sa-4_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The use of Common Criteria (ISO/IEC 15408) evaluated products is strongly preferred.\n\nSee https://www.niap-ccevs.org/Product/index.cfm or https://www.commoncriteriaportal.org/products/." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4.10", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-5", - "adds": [ - { - "position": "starting", - "by-id": "sa-5_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.2-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.2-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.3-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.3-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-8", - "adds": [ - { - "position": "starting", - "by-id": "sa-8_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-10", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-9", - "adds": [ - { - "position": "starting", - "by-id": "sa-9_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-1", - "adds": [ - { - "position": "starting", - "by-id": "sc-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "sc-22", - "adds": [ - { - "position": "starting", - "by-id": "sc-22_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-22_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-39", - "adds": [ - { - "position": "starting", - "by-id": "sc-39_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-39_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-5", - "adds": [ - { - "position": "starting", - "by-id": "sc-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "cm-2_fr", + "name": "item", + "title": "CM-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cm-2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b) (1) Guidance:" + } + ], + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." + } + ] } ] } ] }, { - "control-id": "sc-7", + "control-id": "cm-6", "adds": [ { "position": "ending", - "by-id": "sc-7_smt", + "by-id": "cm-6_smt", "parts": [ { - "id": "sc-7_fr", + "id": "cm-6_fr", "name": "item", - "title": "SC-7 Additional FedRAMP Requirements and Guidance", + "title": "CM-6 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-7_fr_gdn.1", + "id": "cm-6_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement 1:" + } + ], + "prose": "The service provider shall use the DoD STIGs or Center for Internet Security guidelines to establish configuration settings;" + }, + { + "id": "cm-6_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement 2:" + } + ], + "prose": "The service provider shall ensure that checklists for configuration settings are Security Content Automation Protocol (SCAP) validated or SCAP compatible (if validated checklists are not available)." + }, + { + "id": "cm-6_fr_gdn.1", "name": "guidance", "props": [ { "name": "label", - "value": "(b) Guidance:" + "value": "Guidance:" } ], - "prose": "SC-7 (b) should be met by subnet isolation. A subnetwork (subnet) is a physically or logically segmented section of a larger network defined at TCP/IP Layer 3, to both minimize traffic and, important for a FedRAMP Authorization, add a crucial layer of network isolation. Subnets are distinct from VLANs (Layer 2), security groups, and VPCs and are specifically required to satisfy SC-7 part b and other controls. See the FedRAMP Subnets White Paper (https://www.fedramp.gov/assets/resources/documents/FedRAMP_subnets_white_paper.pdf) for additional information." + "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP’s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-8", + "control-id": "cm-7", "adds": [ { "position": "ending", - "by-id": "sc-8_smt", + "by-id": "cm-7_smt", "parts": [ { - "id": "sc-8_fr", + "id": "cm-7_fr", "name": "item", - "title": "SC-8 Additional FedRAMP Requirements and Guidance", + "title": "CM-7 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n \n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work - e.g. log collection, scanning, etc.\n\n\n \n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters \n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information] " - }, - { - "id": "sc-8_fr_gdn.2", - "name": "guidance", + "id": "cm-7_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(b) Requirement:" } ], - "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n \n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n \n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS's Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS' recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n \n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n \n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n \n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf " + "prose": "The service provider shall use Security guidelines (See CM-6) to establish list of prohibited or restricted functions, ports, protocols, and/or services or establishes its own list of prohibited or restricted functions, ports, protocols, and/or services if STIGs or CIS is not available." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-8.1", + "control-id": "cm-8", "adds": [ { "position": "ending", - "by-id": "sc-8.1_smt", + "by-id": "cm-8_smt", "parts": [ { - "id": "sc-8.1_fr", + "id": "cm-8_fr", "name": "item", - "title": "SC-8 (1) Additional FedRAMP Requirements and Guidance", + "title": "CM-8 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-8.1_fr_smt.1", + "id": "cm-8_fr_smt.1", "name": "item", "props": [ { @@ -21269,361 +2063,199 @@ "value": "Requirement:" } ], - "prose": "Please ensure SSP Section 10.3 Cryptographic Modules Implemented for Data At Rest (DAR) and Data In Transit (DIT) is fully populated for reference in this control." - }, - { - "id": "sc-8.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See M-22-09, including \\\"Agencies encrypt all DNS requests and HTTP traffic within their environment\\\"\n\nSC-8 (1) applies when encryption has been selected as the method to protect confidentiality and integrity. Otherwise refer to SC-8 (5). SC-8 (1) is strongly encouraged." - }, + "prose": "must be provided at least monthly or when there is a change." + } + ] + } + ] + } + ] + }, + { + "control-id": "cp-2", + "adds": [ + { + "position": "ending", + "by-id": "cp-2_smt", + "parts": [ + { + "id": "cp-2_fr", + "name": "item", + "title": "CP-2 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-8.1_fr_gdn.2", - "name": "guidance", + "id": "cp-2_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" + "prose": "For JAB authorizations the contingency lists include designated FedRAMP personnel." }, { - "id": "sc-8.1_fr_gdn.3", - "name": "guidance", + "id": "cp-2_fr_smt.2", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "When leveraging encryption from the underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + "prose": "CSPs must use the FedRAMP Information System Contingency Plan (ISCP) Template (available on the fedramp.gov: https://www.fedramp.gov/assets/resources/templates/SSP-A06-FedRAMP-ISCP-Template.docx)." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "sc-12", + "control-id": "cp-3", "adds": [ { "position": "ending", - "by-id": "sc-12_smt", + "by-id": "cp-3_smt", "parts": [ { - "id": "sc-12_fr", + "id": "cp-3_fr", "name": "item", - "title": "SC-12 Additional FedRAMP Requirements and Guidance", + "title": "CP-3 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-12_fr_gdn.1", - "name": "guidance", + "id": "cp-3_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "See references in NIST 800-53 documentation." - }, + "prose": "Privileged admins and engineers must take the basic contingency training within 10 days. Consideration must be given for those privileged admins and engineers with critical contingency-related roles, to gain enough system context and situational awareness to understand the full impact of contingency training as it applies to their respective level. Newly hired critical contingency personnel must take this more in-depth training within 60 days of hire date when the training will have more impact." + } + ] + } + ] + } + ] + }, + { + "control-id": "cp-4", + "adds": [ + { + "position": "ending", + "by-id": "cp-4_smt", + "parts": [ + { + "id": "cp-4_fr", + "name": "item", + "title": "CP-4 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-12_fr_gdn.2", - "name": "guidance", + "id": "cp-4_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "Must meet applicable Federal Cryptographic Requirements. See References Section of control." + "prose": "The service provider develops test plans in accordance with NIST Special Publication 800-34 (as amended); plans are approved by the JAB/AO prior to initiating testing." }, { - "id": "sc-12_fr_gdn.3", - "name": "guidance", + "id": "cp-4_fr_smt.2", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(b) Requirement:" } ], - "prose": "Wildcard certificates may be used internally within the system, but are not permitted for external customer access to the system." + "prose": "The service provider must include the Contingency Plan test results with the security package within the Contingency Plan-designated appendix (Appendix G, Contingency Plan Test Report)." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-13", + "control-id": "cp-9", "adds": [ { "position": "ending", - "by-id": "sc-13_smt", + "by-id": "cp-9_smt", "parts": [ { - "id": "sc-13_fr", + "id": "cp-9_fr", "name": "item", - "title": "SC-13 Additional FedRAMP Requirements and Guidance", + "title": "CP-9 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-13_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "This control applies to all use of cryptography. In addition to encryption, this includes functions such as hashing, random number generation, and key generation. Examples include the following:\n\n* Encryption of data\n* Decryption of data\n* Generation of one time passwords (OTPs) for MFA\n* Protocols such as TLS, SSH, and HTTPS\n\n\n \n\nThe requirement for FIPS 140 validation, as well as timelines for acceptance of FIPS 140-2, and 140-3 can be found at the NIST Cryptographic Module Validation Program (CMVP).\n\nhttps://csrc.nist.gov/projects/cryptographic-module-validation-program" - }, - { - "id": "sc-13_fr_gdn.2", - "name": "guidance", + "id": "cp-9_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "For NSA-approved cryptography, the National Information Assurance Partnership (NIAP) oversees a national program to evaluate Commercial IT Products for Use in National Security Systems. The NIAP Product Compliant List can be found at the following location:\n\nhttps://www.niap-ccevs.org/Product/index.cfm" + "prose": "The service provider shall determine what elements of the cloud environment require the Information System Backup control. The service provider shall determine how Information System Backup is going to be verified and appropriate periodicity of the check." }, { - "id": "sc-13_fr_gdn.3", - "name": "guidance", + "id": "cp-9_fr_smt.2", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + "prose": "The service provider maintains at least three backup copies of user-level information (at least one of which is available online) or provides an equivalent alternative." }, { - "id": "sc-13_fr_gdn.4", - "name": "guidance", + "id": "cp-9_fr_smt.3", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(b) Requirement:" } ], - "prose": "Moving to non-FIPS CM or product is acceptable when:\n\n* FIPS validated version has a known vulnerability\n* Feature with vulnerability is in use\n* Non-FIPS version fixes the vulnerability\n* Non-FIPS version is submitted to NIST for FIPS validation\n* POA&M is added to track approval, and deployment when ready\n" + "prose": "The service provider maintains at least three backup copies of system-level information (at least one of which is available online) or provides an equivalent alternative." }, { - "id": "sc-13_fr_gdn.5", - "name": "guidance", + "id": "cp-9_fr_smt.4", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(c) Requirement:" } ], - "prose": "At a minimum, this control applies to cryptography in use for the following controls: AU-9(3), CP-9(8), IA-2(6), IA-5(1), MP-5, SC-8(1), and SC-28(1)." + "prose": "The service provider maintains at least three backup copies of information system documentation including security information (at least one of which is available online) or provides an equivalent alternative." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-13_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-13_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-13_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-13_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-13", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-15", + "control-id": "ia-2", "adds": [ { "position": "ending", - "by-id": "sc-15_smt", + "by-id": "ia-2_smt", "parts": [ { - "id": "sc-15_fr", + "id": "ia-2_fr", "name": "item", - "title": "SC-15 Additional FedRAMP Requirements and Guidance", + "title": "IA-2 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-15_fr_smt.1", + "id": "ia-2_fr_smt.1", "name": "item", "props": [ { @@ -21631,102 +2263,10 @@ "value": "Requirement:" } ], - "prose": "The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sc-15_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-15_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-15_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-15_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-20", - "adds": [ - { - "position": "ending", - "by-id": "sc-20_smt", - "parts": [ - { - "id": "sc-20_fr", - "name": "item", - "title": "SC-20 Additional FedRAMP Requirements and Guidance", - "parts": [ + "prose": "For all control enhancements that specify multifactor authentication, the implementation must adhere to the Digital Identity Guidelines specified in NIST Special Publication 800-63B." + }, { - "id": "sc-20_fr_smt.1", + "id": "ia-2_fr_smt.2", "name": "item", "props": [ { @@ -21734,10 +2274,10 @@ "value": "Requirement:" } ], - "prose": "Control Description should include how DNSSEC is implemented on authoritative DNS servers to supply valid responses to external DNSSEC requests." + "prose": "Multi-factor authentication must be phishing-resistant." }, { - "id": "sc-20_fr_gdn.1", + "id": "ia-2_fr_gdn.1", "name": "guidance", "props": [ { @@ -21745,10 +2285,10 @@ "value": "Guidance:" } ], - "prose": "SC-20 applies to use of external authoritative DNS to access a CSO from outside the boundary." + "prose": "\\\"Phishing-resistant\\\" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system." }, { - "id": "sc-20_fr_gdn.2", + "id": "ia-2_fr_gdn.2", "name": "guidance", "props": [ { @@ -21756,148 +2296,79 @@ "value": "Guidance:" } ], - "prose": "External authoritative DNS servers may be located outside an authorized environment. Positioning these servers inside an authorized boundary is encouraged." + "prose": "All uses of encrypted virtual private networks must meet all applicable Federal requirements and architecture, dataflow, and security and privacy controls must be documented, assessed, and authorized to operate." + } + ] + } + ] + } + ] + }, + { + "control-id": "ia-2.1", + "adds": [ + { + "position": "ending", + "by-id": "ia-2.1_smt", + "parts": [ + { + "id": "ia-2.1_fr", + "name": "item", + "title": "IA-2 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-2.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." }, { - "id": "sc-20_fr_gdn.3", - "name": "guidance", + "id": "ia-2.1_fr_smt.2", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "CSPs are recommended to self-check DNSSEC configuration through one of many available analyzers such as Sandia National Labs (https://dnsviz.net)" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "prose": "Multi-factor authentication must be phishing-resistant." + }, + { + "id": "ia-2.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." + } + ] } ] } ] }, { - "control-id": "sc-21", + "control-id": "ia-2.2", "adds": [ { "position": "ending", - "by-id": "sc-21_smt", + "by-id": "ia-2.2_smt", "parts": [ { - "id": "sc-21_fr", + "id": "ia-2.2_fr", "name": "item", - "title": "SC-21 Additional FedRAMP Requirements and Guidance", + "title": "IA-2 (2) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-21_fr_smt.1", + "id": "ia-2.2_fr_smt.1", "name": "item", "props": [ { @@ -21905,10 +2376,10 @@ "value": "Requirement:" } ], - "prose": "Control description should include how DNSSEC is implemented on recursive DNS servers to make DNSSEC requests when resolving DNS requests from internal components to domains external to the CSO boundary.\n\n* If the reply is signed, and fails DNSSEC, do not use the reply\n* If the reply is unsigned: * CSP chooses the policy to apply \n" + "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." }, { - "id": "sc-21_fr_smt.2", + "id": "ia-2.2_fr_smt.2", "name": "item", "props": [ { @@ -21916,21 +2387,10 @@ "value": "Requirement:" } ], - "prose": "Internal recursive DNS servers must be located inside an authorized environment. It is typically within the boundary, or leveraged from an underlying IaaS/PaaS." - }, - { - "id": "sc-21_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Accepting an unsigned reply is acceptable" + "prose": "Multi-factor authentication must be phishing-resistant." }, { - "id": "sc-21_fr_gdn.2", + "id": "ia-2.2_fr_gdn.1", "name": "guidance", "props": [ { @@ -21938,79 +2398,28 @@ "value": "Guidance:" } ], - "prose": "SC-21 applies to use of internal recursive DNS to access a domain outside the boundary by a component inside the boundary.\n\n* DNSSEC resolution to access a component inside the boundary is excluded.\n" + "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-21_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-21_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-21", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-28", + "control-id": "ia-2.12", "adds": [ { "position": "ending", - "by-id": "sc-28_smt", + "by-id": "ia-2.12_smt", "parts": [ { - "id": "sc-28_fr", + "id": "ia-2.12_fr", "name": "item", - "title": "SC-28 Additional FedRAMP Requirements and Guidance", + "title": "IA-2 (12) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-28_fr_gdn.1", + "id": "ia-2.12_fr_gdn.1", "name": "guidance", "props": [ { @@ -22018,21 +2427,39 @@ "value": "Guidance:" } ], - "prose": "The organization supports the capability to use cryptographic mechanisms to protect information at rest." - }, + "prose": "Include Common Access Card (CAC), i.e., the DoD technical implementation of PIV/FIPS 201/HSPD-12." + } + ] + } + ] + } + ] + }, + { + "control-id": "ia-5", + "adds": [ + { + "position": "ending", + "by-id": "ia-5_smt", + "parts": [ + { + "id": "ia-5_fr", + "name": "item", + "title": "IA-5 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-28_fr_gdn.2", - "name": "guidance", + "id": "ia-5_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + "prose": "Authenticators must be compliant with NIST SP 800-63-3 Digital Identity Guidelines IAL, AAL, FAL level 1. Link https://pages.nist.gov/800-63-3" }, { - "id": "sc-28_fr_gdn.3", + "id": "ia-5_fr_gdn.1", "name": "guidance", "props": [ { @@ -22040,79 +2467,50 @@ "value": "Guidance:" } ], - "prose": "Note that this enhancement requires the use of cryptography in accordance with SC-13." + "prose": "SP 800-63C Section 6.2.3 Encrypted Assertion requires that authentication assertions be encrypted when passed through third parties, such as a browser. For example, a SAML assertion can be encrypted using XML-Encryption, or an OpenID Connect ID Token can be encrypted using JSON Web Encryption (JWE)." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-28_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-28_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-28", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-28.1", + "control-id": "ia-5.1", "adds": [ { "position": "ending", - "by-id": "sc-28.1_smt", + "by-id": "ia-5.1_smt", "parts": [ { - "id": "sc-28.1_fr", + "id": "ia-5.1_fr", "name": "item", - "title": "SC-28 (1) Additional FedRAMP Requirements and Guidance", + "title": "IA-5 (1) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-28.1_fr_gdn.1", + "id": "ia-5.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Password policies must be compliant with NIST SP 800-63B for all memorized, lookup, out-of-band, or One-Time-Passwords (OTP). Password policies shall not enforce special character or minimum password rotation requirements for memorized secrets of users." + }, + { + "id": "ia-5.1_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(h) Requirement:" + } + ], + "prose": "For cases where technology doesn’t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." + }, + { + "id": "ia-5.1_fr_gdn.1", "name": "guidance", "props": [ { @@ -22120,698 +2518,253 @@ "value": "Guidance:" } ], - "prose": "Organizations should select a mode of protection that is targeted towards the relevant threat scenarios.\n\nExamples:\n\nA. Organizations may apply full disk encryption (FDE) to a mobile device where the primary threat is loss of the device while storage is locked.\n\nB. For a database application housing data for a single customer, encryption at the file system level would often provide more protection than FDE against the more likely threat of an intruder on the operating system accessing the storage.\n\nC. For a database application housing data for multiple customers, encryption with unique keys for each customer at the database record level may be more appropriate." + "prose": "Note that (c) and (d) require the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13)." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-28.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-28.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "si-1", + "control-id": "ia-11", "adds": [ { - "position": "starting", - "by-id": "si-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "si-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-1_smt.c", - "props": [ + "position": "ending", + "by-id": "ia-11_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." + "id": "ia-11_fr", + "name": "item", + "title": "IA-11 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-11_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The fixed time period cannot exceed the limits set in SP 800-63. At this writing they are:\n\n* AAL1 (low baseline) * 30 days of extended session * No limit on inactivity \n" + } + ] } ] } ] }, { - "control-id": "si-12", + "control-id": "ir-4", "adds": [ { - "position": "starting", - "by-id": "si-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-12_smt", - "props": [ + "position": "ending", + "by-id": "ir-4_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ir-4_fr", + "name": "item", + "title": "IR-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-4_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The FISMA definition of \\\"incident\\\" shall be used: \\\"An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.\\\"" + }, + { + "id": "ir-4_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider ensures that individuals conducting incident handling meet personnel security requirements commensurate with the criticality/sensitivity of the information being processed, stored, and transmitted by the information system." + } + ] } ] } ] }, { - "control-id": "si-2", + "control-id": "ir-6", "adds": [ { - "position": "starting", - "by-id": "si-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.d", - "props": [ + "position": "ending", + "by-id": "ir-6_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ir-6_fr", + "name": "item", + "title": "IR-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-6_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Reports security incident information according to FedRAMP Incident Communications Procedure." + } + ] } ] } ] }, { - "control-id": "si-3", + "control-id": "ir-8", "adds": [ { - "position": "starting", - "by-id": "si-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.2-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.2-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.b", - "props": [ + "position": "ending", + "by-id": "ir-8_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ir-8_fr", + "name": "item", + "title": "IR-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-8_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(b) Requirement:" + } + ], + "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." + }, + { + "id": "ir-8_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(d) Requirement:" + } + ], + "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." + } + ] } ] - }, + } + ] + }, + { + "control-id": "pe-14", + "adds": [ { - "position": "starting", - "by-id": "si-3_smt.c", - "props": [ + "position": "ending", + "by-id": "pe-14_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "pe-14_fr", + "name": "item", + "title": "PE-14 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pe-14_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "The service provider measures temperature at server inlets and humidity levels by dew point." + } + ] } ] - }, + } + ] + }, + { + "control-id": "pl-8", + "adds": [ { - "position": "starting", - "by-id": "si-3_smt.d", - "props": [ + "position": "ending", + "by-id": "pl-8_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "pl-8_fr", + "name": "item", + "title": "PL-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pl-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b) Guidance:" + } + ], + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." + } + ] } ] - }, + } + ] + }, + { + "control-id": "pl-10", + "adds": [ { - "position": "starting", - "by-id": "si-3", - "props": [ + "position": "ending", + "by-id": "pl-10_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "pl-10_fr", + "name": "item", + "title": "PL-10 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pl-10_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Select the appropriate FedRAMP Baseline" + } + ] } ] } ] }, { - "control-id": "si-4", + "control-id": "ra-3", "adds": [ { "position": "ending", - "by-id": "si-4_smt", + "by-id": "ra-3_smt", "parts": [ { - "id": "si-4_fr", + "id": "ra-3_fr", "name": "item", - "title": "SI-4 Additional FedRAMP Requirements and Guidance", + "title": "RA-3 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-4_fr_gdn.1", + "id": "ra-3_fr_gdn.1", "name": "guidance", "props": [ { @@ -22819,1155 +2772,673 @@ "value": "Guidance:" } ], - "prose": "See US-CERT Incident Response Reporting Guidelines." + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." + }, + { + "id": "ra-3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(e) Requirement:" + } + ], + "prose": "Include all Authorizing Officials; for JAB authorizations to include FedRAMP." } ] } ] - }, - { - "position": "starting", - "by-id": "si-4_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "si-5", + "control-id": "ra-5", "adds": [ { "position": "ending", - "by-id": "si-5_smt", + "by-id": "ra-5_smt", "parts": [ { - "id": "si-5_fr_smt.1", + "id": "ra-5_fr", "name": "item", - "title": "SI-5 Additional FedRAMP Requirements and Guidance", - "props": [ + "title": "RA-5 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "name": "label", - "value": "Requirement:" + "id": "ra-5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See the FedRAMP Documents page> Vulnerability Scanning Requirements https://www.FedRAMP.gov/documents/" + }, + { + "id": "ra-5_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "an accredited independent assessor scans operating systems/infrastructure, web applications, and databases once annually." + }, + { + "id": "ra-5_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(d) Requirement:" + } + ], + "prose": "If a vulnerability is listed among the CISA Known Exploited Vulnerability (KEV) Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) the KEV remediation date supersedes the FedRAMP parameter requirement." + }, + { + "id": "ra-5_fr_smt.3", + "name": "item", + "props": [ + { + "name": "label", + "value": "(e) Requirement:" + } + ], + "prose": "to include all Authorizing Officials; for JAB authorizations to include FedRAMP" + }, + { + "id": "ra-5_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a “warning” as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on “Tracking of Compliance Scans” in FAQs." } - ], - "prose": "Service Providers must address the CISA Emergency and Binding Operational Directives applicable to their cloud service offering per FedRAMP guidance. This includes listing the applicable directives and stating compliance status." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + ] } ] } ] }, { - "control-id": "sr-1", + "control-id": "sa-4", "adds": [ { - "position": "starting", - "by-id": "sr-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_smt.c", - "props": [ + "position": "ending", + "by-id": "sa-4_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." + "id": "sa-4_fr", + "name": "item", + "title": "SA-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sa-4_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must comply with Federal Acquisition Regulation (FAR) Subpart 7.103, and Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year 2019 (Pub. L. 115-232), and FAR Subpart 4.21, which implements Section 889 (as well as any added updates related to FISMA to address security concerns in the system acquisitions process)." + }, + { + "id": "sa-4_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The use of Common Criteria (ISO/IEC 15408) evaluated products is strongly preferred.\n\nSee https://www.niap-ccevs.org/Product/index.cfm or https://www.commoncriteriaportal.org/products/." + } + ] } ] } ] }, { - "control-id": "sr-10", + "control-id": "sc-7", "adds": [ { - "position": "starting", - "by-id": "sr-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "sc-7_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" + "id": "sc-7_fr", + "name": "item", + "title": "SC-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-7_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b) Guidance:" + } + ], + "prose": "SC-7 (b) should be met by subnet isolation. A subnetwork (subnet) is a physically or logically segmented section of a larger network defined at TCP/IP Layer 3, to both minimize traffic and, important for a FedRAMP Authorization, add a crucial layer of network isolation. Subnets are distinct from VLANs (Layer 2), security groups, and VPCs and are specifically required to satisfy SC-7 part b and other controls. See the FedRAMP Subnets White Paper (https://www.fedramp.gov/assets/resources/documents/FedRAMP_subnets_white_paper.pdf) for additional information." + } + ] } ] - }, + } + ] + }, + { + "control-id": "sc-8", + "adds": [ { - "position": "starting", - "by-id": "sr-10_smt", - "props": [ + "position": "ending", + "by-id": "sc-8_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-8_fr", + "name": "item", + "title": "SC-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n \n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work – e.g. log collection, scanning, etc.\n\n\n \n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters \n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information] " + }, + { + "id": "sc-8_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n \n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n \n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS’s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS’ recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n \n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n \n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n \n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf " + } + ] } ] } ] }, { - "control-id": "sr-11.1", + "control-id": "sc-8.1", "adds": [ { - "position": "starting", - "by-id": "sr-11.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "sc-8.1_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" + "id": "sc-8.1_fr", + "name": "item", + "title": "SC-8 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-8.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Please ensure SSP Section 10.3 Cryptographic Modules Implemented for Data At Rest (DAR) and Data In Transit (DIT) is fully populated for reference in this control." + }, + { + "id": "sc-8.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See M-22-09, including \\\"Agencies encrypt all DNS requests and HTTP traffic within their environment\\\"\n\nSC-8 (1) applies when encryption has been selected as the method to protect confidentiality and integrity. Otherwise refer to SC-8 (5). SC-8 (1) is strongly encouraged." + }, + { + "id": "sc-8.1_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" + }, + { + "id": "sc-8.1_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When leveraging encryption from the underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + } + ] } ] - }, + } + ] + }, + { + "control-id": "sc-12", + "adds": [ { - "position": "starting", - "by-id": "sr-11.1_smt", - "props": [ + "position": "ending", + "by-id": "sc-12_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-12_fr", + "name": "item", + "title": "SC-12 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-12_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See references in NIST 800-53 documentation." + }, + { + "id": "sc-12_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Must meet applicable Federal Cryptographic Requirements. See References Section of control." + }, + { + "id": "sc-12_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Wildcard certificates may be used internally within the system, but are not permitted for external customer access to the system." + } + ] } ] } ] }, { - "control-id": "sr-11.2", + "control-id": "sc-13", "adds": [ { - "position": "starting", - "by-id": "sr-11.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11.2_smt", - "props": [ + "position": "ending", + "by-id": "sc-13_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-13_fr", + "name": "item", + "title": "SC-13 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-13_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "This control applies to all use of cryptography. In addition to encryption, this includes functions such as hashing, random number generation, and key generation. Examples include the following:\n\n* Encryption of data\n* Decryption of data\n* Generation of one time passwords (OTPs) for MFA\n* Protocols such as TLS, SSH, and HTTPS\n\n\n \n\nThe requirement for FIPS 140 validation, as well as timelines for acceptance of FIPS 140-2, and 140-3 can be found at the NIST Cryptographic Module Validation Program (CMVP).\n\nhttps://csrc.nist.gov/projects/cryptographic-module-validation-program" + }, + { + "id": "sc-13_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For NSA-approved cryptography, the National Information Assurance Partnership (NIAP) oversees a national program to evaluate Commercial IT Products for Use in National Security Systems. The NIAP Product Compliant List can be found at the following location:\n\nhttps://www.niap-ccevs.org/Product/index.cfm" + }, + { + "id": "sc-13_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + }, + { + "id": "sc-13_fr_gdn.4", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Moving to non-FIPS CM or product is acceptable when:\n\n* FIPS validated version has a known vulnerability\n* Feature with vulnerability is in use\n* Non-FIPS version fixes the vulnerability\n* Non-FIPS version is submitted to NIST for FIPS validation\n* POA&M is added to track approval, and deployment when ready\n" + }, + { + "id": "sc-13_fr_gdn.5", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "At a minimum, this control applies to cryptography in use for the following controls: AU-9(3), CP-9(8), IA-2(6), IA-5(1), MP-5, SC-8(1), and SC-28(1)." + } + ] } ] } ] }, { - "control-id": "sr-12", + "control-id": "sc-15", "adds": [ { - "position": "starting", - "by-id": "sr-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-12_smt", - "props": [ + "position": "ending", + "by-id": "sc-15_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-15_fr", + "name": "item", + "title": "SC-15 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-15_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use." + } + ] } ] } ] }, { - "control-id": "sr-2", + "control-id": "sc-20", "adds": [ { - "position": "starting", - "by-id": "sr-2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, + "position": "ending", + "by-id": "sc-20_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" + "id": "sc-20_fr", + "name": "item", + "title": "SC-20 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-20_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Control Description should include how DNSSEC is implemented on authoritative DNS servers to supply valid responses to external DNSSEC requests." + }, + { + "id": "sc-20_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SC-20 applies to use of external authoritative DNS to access a CSO from outside the boundary." + }, + { + "id": "sc-20_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "External authoritative DNS servers may be located outside an authorized environment. Positioning these servers inside an authorized boundary is encouraged." + }, + { + "id": "sc-20_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "CSPs are recommended to self-check DNSSEC configuration through one of many available analyzers such as Sandia National Labs (https://dnsviz.net)" + } + ] } ] - }, + } + ] + }, + { + "control-id": "sc-21", + "adds": [ { - "position": "starting", - "by-id": "sr-2_smt.a", - "props": [ + "position": "ending", + "by-id": "sc-21_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-21_fr", + "name": "item", + "title": "SC-21 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-21_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Control description should include how DNSSEC is implemented on recursive DNS servers to make DNSSEC requests when resolving DNS requests from internal components to domains external to the CSO boundary.\n\n* If the reply is signed, and fails DNSSEC, do not use the reply\n* If the reply is unsigned: * CSP chooses the policy to apply \n" + }, + { + "id": "sc-21_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Internal recursive DNS servers must be located inside an authorized environment. It is typically within the boundary, or leveraged from an underlying IaaS/PaaS." + }, + { + "id": "sc-21_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Accepting an unsigned reply is acceptable" + }, + { + "id": "sc-21_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SC-21 applies to use of internal recursive DNS to access a domain outside the boundary by a component inside the boundary.\n\n* DNSSEC resolution to access a component inside the boundary is excluded.\n" + } + ] } ] - }, + } + ] + }, + { + "control-id": "sc-28", + "adds": [ { - "position": "starting", - "by-id": "sr-2_smt.b", - "props": [ + "position": "ending", + "by-id": "sc-28_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-28_fr", + "name": "item", + "title": "SC-28 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-28_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The organization supports the capability to use cryptographic mechanisms to protect information at rest." + }, + { + "id": "sc-28_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + }, + { + "id": "sc-28_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Note that this enhancement requires the use of cryptography in accordance with SC-13." + } + ] } ] - }, + } + ] + }, + { + "control-id": "sc-28.1", + "adds": [ { - "position": "starting", - "by-id": "sr-2_smt.c", - "props": [ + "position": "ending", + "by-id": "sc-28.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-28.1_fr", + "name": "item", + "title": "SC-28 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-28.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Organizations should select a mode of protection that is targeted towards the relevant threat scenarios.\n\nExamples:\n\nA. Organizations may apply full disk encryption (FDE) to a mobile device where the primary threat is loss of the device while storage is locked.\n\nB. For a database application housing data for a single customer, encryption at the file system level would often provide more protection than FDE against the more likely threat of an intruder on the operating system accessing the storage.\n\nC. For a database application housing data for multiple customers, encryption with unique keys for each customer at the database record level may be more appropriate." + } + ] } ] } ] }, { - "control-id": "sr-2.1", + "control-id": "si-4", "adds": [ { - "position": "starting", - "by-id": "sr-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "si-4_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" + "id": "si-4_fr", + "name": "item", + "title": "SI-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "si-4_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See US-CERT Incident Response Reporting Guidelines." + } + ] } ] - }, + } + ] + }, + { + "control-id": "si-5", + "adds": [ { - "position": "starting", - "by-id": "sr-2.1_smt", - "props": [ + "position": "ending", + "by-id": "si-5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "si-5_fr_smt.1", + "name": "item", + "title": "SI-5 Additional FedRAMP Requirements and Guidance", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Service Providers must address the CISA Emergency and Binding Operational Directives applicable to their cloud service offering per FedRAMP guidance. This includes listing the applicable directives and stating compliance status." } ] } @@ -23999,176 +3470,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sr-5", - "adds": [ - { - "position": "starting", - "by-id": "sr-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, @@ -24198,40 +3499,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, @@ -24261,143 +3528,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] } @@ -24431,7 +3561,7 @@ }, { "uuid": "051a77c1-b61d-4995-8275-dacfe688d510", - "title": "NIST Special Publication (SP) 800-53", + "title": "NIST Special Publication (SP) 800-53 revision 5", "props": [ { "name": "version", @@ -24440,7 +3570,7 @@ ], "rlinks": [ { - "href": "https://raw.githubusercontent.com/usnistgov/oscal-content/v1.2.0/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json", + "href": "NIST_SP-800-53_rev5_catalog.json", "media-type": "application/oscal+json" } ] diff --git a/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog-min.json b/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog-min.json index fe97a3e91..0c3aaa149 100644 --- a/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog-min.json +++ b/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog-min.json @@ -1,11 +1,11 @@ { "catalog": { - "uuid": "eb6bef32-6355-473b-bda6-410c70d50797", + "uuid": "1386400e-7824-43de-a156-0c0dceee1c04", "metadata": { "title": "FedRAMP Rev 5 Moderate Baseline", "published": "2023-08-31T00:00:00Z", - "last-modified": "2024-01-19T14:51:19.392491-05:00", - "version": "5.1.1+fedramp-20240111-0", + "last-modified": "2024-02-06T11:19:16.235649-05:00", + "version": "5.1.1+20231218-1", "oscal-version": "1.1.1", "links": [ { @@ -205,6 +205,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-01", + "class": "zero-padded" + }, { "name": "label", "value": "AC-1" @@ -284,12 +289,6 @@ "id": "ac-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -349,11 +348,6 @@ "id": "ac-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -365,12 +359,6 @@ "id": "ac-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -435,23 +423,6 @@ "id": "ac-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[01]", @@ -470,23 +441,6 @@ "id": "ac-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[02]", @@ -505,17 +459,6 @@ "id": "ac-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[03]", @@ -534,17 +477,6 @@ "id": "ac-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[04]", @@ -574,17 +506,6 @@ "id": "ac-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.01(a)", @@ -730,17 +651,6 @@ "id": "ac-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.01(b)", @@ -775,23 +685,6 @@ "id": "ac-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01b.", @@ -821,23 +714,6 @@ "id": "ac-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01c.01", @@ -893,23 +769,6 @@ "id": "ac-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01c.02", @@ -1141,9 +1000,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02", + "class": "zero-padded" }, { "name": "label", @@ -1299,11 +1158,6 @@ "id": "ac-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -1315,11 +1169,6 @@ "id": "ac-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -1331,11 +1180,6 @@ "id": "ac-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -1347,11 +1191,6 @@ "id": "ac-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -1398,11 +1237,6 @@ "id": "ac-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -1414,11 +1248,6 @@ "id": "ac-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -1430,11 +1259,6 @@ "id": "ac-2_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -1446,11 +1270,6 @@ "id": "ac-2_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -1497,11 +1316,6 @@ "id": "ac-2_smt.i", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "i." @@ -1548,11 +1362,6 @@ "id": "ac-2_smt.j", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "j." @@ -1564,11 +1373,6 @@ "id": "ac-2_smt.k", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "k." @@ -1580,11 +1384,6 @@ "id": "ac-2_smt.l", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "l." @@ -1625,17 +1424,6 @@ "id": "ac-2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-02a.[01]", @@ -1654,17 +1442,6 @@ "id": "ac-2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-02a.[02]", @@ -1691,23 +1468,6 @@ "id": "ac-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02b.", @@ -1726,23 +1486,6 @@ "id": "ac-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02c.", @@ -1761,17 +1504,6 @@ "id": "ac-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-02d.", @@ -1882,23 +1614,6 @@ "id": "ac-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02e.", @@ -1917,23 +1632,6 @@ "id": "ac-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02f.", @@ -2043,23 +1741,6 @@ "id": "ac-2_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02g.", @@ -2078,23 +1759,6 @@ "id": "ac-2_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02h.", @@ -2179,23 +1843,6 @@ "id": "ac-2_obj.i.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02i.01", @@ -2214,23 +1861,6 @@ "id": "ac-2_obj.i.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02i.02", @@ -2249,23 +1879,6 @@ "id": "ac-2_obj.i.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02i.03", @@ -2292,23 +1905,6 @@ "id": "ac-2_obj.j", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02j.", @@ -2338,23 +1934,6 @@ "id": "ac-2_obj.k-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02k.[01]", @@ -2373,23 +1952,6 @@ "id": "ac-2_obj.k-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02k.[02]", @@ -2416,23 +1978,6 @@ "id": "ac-2_obj.l", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02l.", @@ -2577,9 +2122,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(01)", + "class": "zero-padded" }, { "name": "label", @@ -2610,13 +2155,6 @@ { "id": "ac-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Support the management of system accounts using {{ insert: param, ac-02.01_odp }}." }, { @@ -2628,23 +2166,6 @@ "id": "ac-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(01)", @@ -2763,9 +2284,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(02)", + "class": "zero-padded" }, { "name": "label", @@ -2796,13 +2317,6 @@ { "id": "ac-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Automatically {{ insert: param, ac-02.02_odp.01 }} temporary and emergency accounts after {{ insert: param, ac-02.02_odp.02 }}." }, { @@ -2814,17 +2328,6 @@ "id": "ac-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(02)", @@ -2943,9 +2446,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(03)", + "class": "zero-padded" }, { "name": "label", @@ -2982,11 +2485,6 @@ "id": "ac-2.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -2998,11 +2496,6 @@ "id": "ac-2.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -3014,11 +2507,6 @@ "id": "ac-2.3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -3030,11 +2518,6 @@ "id": "ac-2.3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -3104,23 +2587,6 @@ "id": "ac-2.3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(03)(a)", @@ -3139,23 +2605,6 @@ "id": "ac-2.3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(03)(b)", @@ -3174,23 +2623,6 @@ "id": "ac-2.3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(03)(c)", @@ -3209,23 +2641,6 @@ "id": "ac-2.3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(03)(d)", @@ -3322,9 +2737,9 @@ "title": "Automated Audit Actions", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(04)", + "class": "zero-padded" }, { "name": "label", @@ -3363,41 +2778,17 @@ { "id": "ac-2.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Automatically audit account creation, modification, enabling, disabling, and removal actions." }, { "id": "ac-2.4_gdn", "name": "guidance", - "prose": "Account management audit records are defined in accordance with [AU-2](#au-2) and reviewed, analyzed, and reported in accordance with [AU-6](#au-6)." + "prose": "Account management audit records are defined in accordance with [AU-02](#au-2) and reviewed, analyzed, and reported in accordance with [AU-06](#au-6)." }, { "id": "ac-2.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(04)", @@ -3593,9 +2984,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(05)", + "class": "zero-padded" }, { "name": "label", @@ -3635,13 +3026,6 @@ { "id": "ac-2.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require that users log out when {{ insert: param, ac-02.05_odp }}.", "parts": [ { @@ -3673,23 +3057,6 @@ "id": "ac-2.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(05)", @@ -3767,9 +3134,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(07)", + "class": "zero-padded" }, { "name": "label", @@ -3805,11 +3172,6 @@ "id": "ac-2.7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -3821,11 +3183,6 @@ "id": "ac-2.7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -3837,11 +3194,6 @@ "id": "ac-2.7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -3853,11 +3205,6 @@ "id": "ac-2.7_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -3887,23 +3234,6 @@ "id": "ac-2.7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(07)(a)", @@ -3922,23 +3252,6 @@ "id": "ac-2.7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(07)(b)", @@ -3957,23 +3270,6 @@ "id": "ac-2.7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(07)(c)", @@ -3992,23 +3288,6 @@ "id": "ac-2.7_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(07)(d)", @@ -4121,9 +3400,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(09)", + "class": "zero-padded" }, { "name": "label", @@ -4154,13 +3433,6 @@ { "id": "ac-2.9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Only permit the use of shared and group accounts that meet {{ insert: param, ac-02.09_odp }}.", "parts": [ { @@ -4192,23 +3464,6 @@ "id": "ac-2.9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(09)", @@ -4322,9 +3577,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(12)", + "class": "zero-padded" }, { "name": "label", @@ -4385,11 +3640,6 @@ "id": "ac-2.12_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -4401,11 +3651,6 @@ "id": "ac-2.12_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -4464,23 +3709,6 @@ "id": "ac-2.12_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(12)(a)", @@ -4499,23 +3727,6 @@ "id": "ac-2.12_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(12)(b)", @@ -4637,9 +3848,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(13)", + "class": "zero-padded" }, { "name": "label", @@ -4678,13 +3889,6 @@ { "id": "ac-2.13_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Disable accounts of individuals within {{ insert: param, ac-02.13_odp.01 }} of discovery of {{ insert: param, ac-02.13_odp.02 }}." }, { @@ -4696,23 +3900,6 @@ "id": "ac-2.13_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(13)", @@ -4803,9 +3990,9 @@ "title": "Access Enforcement", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-03", + "class": "zero-padded" }, { "name": "label", @@ -5040,13 +4227,6 @@ { "id": "ac-3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies." }, { @@ -5058,23 +4238,6 @@ "id": "ac-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-03", @@ -5173,6 +4336,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-04", + "class": "zero-padded" + }, { "name": "label", "value": "AC-4" @@ -5282,13 +4450,6 @@ { "id": "ac-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Enforce approved authorizations for controlling the flow of information within the system and between connected systems based on {{ insert: param, ac-04_odp }}." }, { @@ -5300,23 +4461,6 @@ "id": "ac-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-04", @@ -5437,6 +4581,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-04(21)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-4(21)" @@ -5475,13 +4624,6 @@ { "id": "ac-4.21_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Separate information flows logically or physically using {{ insert: param, ac-4.21_prm_1 }} to accomplish {{ insert: param, ac-04.21_odp.03 }}." }, { @@ -5493,23 +4635,6 @@ "id": "ac-4.21_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-04(21)", @@ -5647,6 +4772,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-05", + "class": "zero-padded" + }, { "name": "label", "value": "AC-5" @@ -5741,11 +4871,6 @@ "id": "ac-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -5757,11 +4882,6 @@ "id": "ac-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -5809,17 +4929,6 @@ "id": "ac-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-05a.", @@ -5838,17 +4947,6 @@ "id": "ac-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-05b.", @@ -5945,9 +5043,9 @@ "title": "Least Privilege", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06", + "class": "zero-padded" }, { "name": "label", @@ -6022,13 +5120,6 @@ { "id": "ac-6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks." }, { @@ -6040,23 +5131,6 @@ "id": "ac-6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06", @@ -6195,6 +5269,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-06(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-6(1)" @@ -6250,11 +5329,6 @@ "id": "ac-6.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -6266,11 +5340,6 @@ "id": "ac-6.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -6300,23 +5369,6 @@ "id": "ac-6.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(01)(a)", @@ -6390,23 +5442,6 @@ "id": "ac-6.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(01)(b)", @@ -6519,9 +5554,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06(02)", + "class": "zero-padded" }, { "name": "label", @@ -6568,13 +5603,6 @@ { "id": "ac-6.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require that users of system accounts (or roles) with access to {{ insert: param, ac-06.02_odp }} use non-privileged accounts or roles, when accessing nonsecurity functions.", "parts": [ { @@ -6606,23 +5634,6 @@ "id": "ac-6.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(02)", @@ -6722,9 +5733,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06(05)", + "class": "zero-padded" }, { "name": "label", @@ -6767,13 +5778,6 @@ { "id": "ac-6.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Restrict privileged accounts on the system to {{ insert: param, ac-06.05_odp }}." }, { @@ -6785,23 +5789,6 @@ "id": "ac-6.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(05)", @@ -6919,6 +5906,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-06(07)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-6(7)" @@ -6957,11 +5949,6 @@ "id": "ac-6.7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -6973,11 +5960,6 @@ "id": "ac-6.7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -7007,23 +5989,6 @@ "id": "ac-6.7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(07)(a)", @@ -7042,23 +6007,6 @@ "id": "ac-6.7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(07)(b)", @@ -7154,6 +6102,11 @@ "class": "SP800-53-enhancement", "title": "Log Use of Privileged Functions", "props": [ + { + "name": "label", + "value": "AC-06(09)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-6(9)" @@ -7195,13 +6148,6 @@ { "id": "ac-6.9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Log the execution of privileged functions." }, { @@ -7213,23 +6159,6 @@ "id": "ac-6.9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(09)", @@ -7318,9 +6247,9 @@ "title": "Prohibit Non-privileged Users from Executing Privileged Functions", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06(10)", + "class": "zero-padded" }, { "name": "label", @@ -7351,13 +6280,6 @@ { "id": "ac-6.10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent non-privileged users from executing privileged functions." }, { @@ -7369,23 +6291,6 @@ "id": "ac-6.10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(10)", @@ -7535,6 +6440,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-07", + "class": "zero-padded" + }, { "name": "label", "value": "AC-7" @@ -7593,11 +6503,6 @@ "id": "ac-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -7609,11 +6514,6 @@ "id": "ac-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -7661,23 +6561,6 @@ "id": "ac-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-07a.", @@ -7696,23 +6579,6 @@ "id": "ac-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-07b.", @@ -7838,6 +6704,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-08", + "class": "zero-padded" + }, { "name": "label", "value": "AC-8" @@ -7885,11 +6756,6 @@ "id": "ac-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -7947,11 +6813,6 @@ "id": "ac-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -7963,11 +6824,6 @@ "id": "ac-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -8083,23 +6939,6 @@ "id": "ac-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.", @@ -8112,17 +6951,6 @@ "id": "ac-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.01", @@ -8141,17 +6969,6 @@ "id": "ac-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.02", @@ -8170,17 +6987,6 @@ "id": "ac-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.03", @@ -8199,17 +7005,6 @@ "id": "ac-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.04", @@ -8236,23 +7031,6 @@ "id": "ac-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-08b.", @@ -8271,17 +7049,6 @@ "id": "ac-8_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08c.", @@ -8458,6 +7225,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-11", + "class": "zero-padded" + }, { "name": "label", "value": "AC-11" @@ -8504,11 +7276,6 @@ "id": "ac-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -8520,11 +7287,6 @@ "id": "ac-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -8554,23 +7316,6 @@ "id": "ac-11_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-11a.", @@ -8589,23 +7334,6 @@ "id": "ac-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-11b.", @@ -8701,6 +7429,11 @@ "class": "SP800-53-enhancement", "title": "Pattern-hiding Displays", "props": [ + { + "name": "label", + "value": "AC-11(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-11(1)" @@ -8730,13 +7463,6 @@ { "id": "ac-11.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Conceal, via the device lock, information previously visible on the display with a publicly viewable image." }, { @@ -8748,23 +7474,6 @@ "id": "ac-11.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-11(01)", @@ -8865,6 +7574,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-12", + "class": "zero-padded" + }, { "name": "label", "value": "AC-12" @@ -8902,13 +7616,6 @@ { "id": "ac-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Automatically terminate a user session after {{ insert: param, ac-12_odp }}." }, { @@ -8920,23 +7627,6 @@ "id": "ac-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-12", @@ -9035,6 +7725,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-14", + "class": "zero-padded" + }, { "name": "label", "value": "AC-14" @@ -9077,11 +7772,6 @@ "id": "ac-14_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -9093,11 +7783,6 @@ "id": "ac-14_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -9127,23 +7812,6 @@ "id": "ac-14_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-14a.", @@ -9162,17 +7830,6 @@ "id": "ac-14_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-14b.", @@ -9283,6 +7940,11 @@ "class": "SP800-53", "title": "Remote Access", "props": [ + { + "name": "label", + "value": "AC-17", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17" @@ -9413,11 +8075,6 @@ "id": "ac-17_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -9429,11 +8086,6 @@ "id": "ac-17_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -9463,23 +8115,6 @@ "id": "ac-17_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-17a.", @@ -9553,23 +8188,6 @@ "id": "ac-17_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17b.", @@ -9665,6 +8283,11 @@ "class": "SP800-53-enhancement", "title": "Monitoring and Control", "props": [ + { + "name": "label", + "value": "AC-17(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17(1)" @@ -9715,13 +8338,6 @@ { "id": "ac-17.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ automated mechanisms to monitor and control remote access methods." }, { @@ -9733,23 +8349,6 @@ "id": "ac-17.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(01)", @@ -9875,9 +8474,9 @@ "title": "Protection of Confidentiality and Integrity Using Encryption", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-17(02)", + "class": "zero-padded" }, { "name": "label", @@ -9920,13 +8519,6 @@ { "id": "ac-17.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to protect the confidentiality and integrity of remote access sessions." }, { @@ -9938,23 +8530,6 @@ "id": "ac-17.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(02)", @@ -10042,6 +8617,11 @@ "class": "SP800-53-enhancement", "title": "Managed Access Control Points", "props": [ + { + "name": "label", + "value": "AC-17(03)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17(3)" @@ -10075,13 +8655,6 @@ { "id": "ac-17.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Route remote accesses through authorized and managed network access control points." }, { @@ -10093,23 +8666,6 @@ "id": "ac-17.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(03)", @@ -10221,6 +8777,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-17(04)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17(4)" @@ -10267,11 +8828,6 @@ "id": "ac-17.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -10283,11 +8839,6 @@ "id": "ac-17.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -10328,23 +8879,6 @@ "id": "ac-17.4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(a)[01]", @@ -10363,23 +8897,6 @@ "id": "ac-17.4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(a)[02]", @@ -10398,23 +8915,6 @@ "id": "ac-17.4_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(a)[03]", @@ -10433,23 +8933,6 @@ "id": "ac-17.4_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(a)[04]", @@ -10476,17 +8959,6 @@ "id": "ac-17.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(b)", @@ -10584,6 +9056,11 @@ "class": "SP800-53", "title": "Wireless Access", "props": [ + { + "name": "label", + "value": "AC-18", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18" @@ -10674,11 +9151,6 @@ "id": "ac-18_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -10690,11 +9162,6 @@ "id": "ac-18_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -10724,23 +9191,6 @@ "id": "ac-18_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-18a.", @@ -10814,23 +9264,6 @@ "id": "ac-18_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18b.", @@ -10938,6 +9371,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-18(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18(1)" @@ -10979,13 +9417,6 @@ { "id": "ac-18.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect wireless access to the system using authentication of {{ insert: param, ac-18.01_odp }} and encryption." }, { @@ -11008,23 +9439,6 @@ "id": "ac-18.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18(01)[01]", @@ -11043,23 +9457,6 @@ "id": "ac-18.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18(01)[02]", @@ -11155,6 +9552,11 @@ "class": "SP800-53-enhancement", "title": "Disable Wireless Networking", "props": [ + { + "name": "label", + "value": "AC-18(03)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18(3)" @@ -11189,13 +9591,6 @@ { "id": "ac-18.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Disable, when not intended for use, wireless networking capabilities embedded within system components prior to issuance and deployment." }, { @@ -11207,23 +9602,6 @@ "id": "ac-18.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18(03)", @@ -11313,6 +9691,11 @@ "class": "SP800-53", "title": "Access Control for Mobile Devices", "props": [ + { + "name": "label", + "value": "AC-19", + "class": "zero-padded" + }, { "name": "label", "value": "AC-19" @@ -11439,11 +9822,6 @@ "id": "ac-19_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -11455,11 +9833,6 @@ "id": "ac-19_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -11489,23 +9862,6 @@ "id": "ac-19_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-19a.", @@ -11579,23 +9935,6 @@ "id": "ac-19_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-19b.", @@ -11711,6 +10050,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-19(05)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-19(5)" @@ -11752,13 +10096,6 @@ { "id": "ac-19.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ {{ insert: param, ac-19.05_odp.01 }} to protect the confidentiality and integrity of information on {{ insert: param, ac-19.05_odp.02 }}." }, { @@ -11770,23 +10107,6 @@ "id": "ac-19.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-19(05)", @@ -11915,6 +10235,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-20", + "class": "zero-padded" + }, { "name": "label", "value": "AC-20" @@ -11993,11 +10318,6 @@ "id": "ac-20_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -12033,11 +10353,6 @@ "id": "ac-20_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -12085,23 +10400,6 @@ "id": "ac-20_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-20a.", @@ -12157,23 +10455,6 @@ "id": "ac-20_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-20b.", @@ -12269,6 +10550,11 @@ "class": "SP800-53-enhancement", "title": "Limits on Authorized Use", "props": [ + { + "name": "label", + "value": "AC-20(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-20(1)" @@ -12308,11 +10594,6 @@ "id": "ac-20.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -12324,11 +10605,6 @@ "id": "ac-20.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -12358,23 +10634,6 @@ "id": "ac-20.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-20(01)(a)", @@ -12393,23 +10652,6 @@ "id": "ac-20.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-20(01)(b)", @@ -12516,6 +10758,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-20(02)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-20(2)" @@ -12553,13 +10800,6 @@ { "id": "ac-20.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Restrict the use of organization-controlled portable storage devices by authorized individuals on external systems using {{ insert: param, ac-20.02_odp }}." }, { @@ -12571,23 +10811,6 @@ "id": "ac-20.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-20(02)", @@ -12697,6 +10920,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-21", + "class": "zero-padded" + }, { "name": "label", "value": "AC-21" @@ -12767,11 +10995,6 @@ "id": "ac-21_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -12783,11 +11006,6 @@ "id": "ac-21_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -12817,23 +11035,6 @@ "id": "ac-21_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-21a.", @@ -12852,23 +11053,6 @@ "id": "ac-21_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-21b.", @@ -12980,6 +11164,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-22", + "class": "zero-padded" + }, { "name": "label", "value": "AC-22" @@ -13030,11 +11219,6 @@ "id": "ac-22_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -13046,11 +11230,6 @@ "id": "ac-22_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -13062,11 +11241,6 @@ "id": "ac-22_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -13078,11 +11252,6 @@ "id": "ac-22_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -13112,23 +11281,6 @@ "id": "ac-22_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-22a.", @@ -13147,23 +11299,6 @@ "id": "ac-22_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-22b.", @@ -13182,23 +11317,6 @@ "id": "ac-22_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-22c.", @@ -13217,23 +11335,6 @@ "id": "ac-22_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-22d.", @@ -13468,6 +11569,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-01", + "class": "zero-padded" + }, { "name": "label", "value": "AT-1" @@ -13539,12 +11645,6 @@ "id": "at-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -13604,11 +11704,6 @@ "id": "at-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -13620,12 +11715,6 @@ "id": "at-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -13690,23 +11779,6 @@ "id": "at-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[01]", @@ -13725,23 +11797,6 @@ "id": "at-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[02]", @@ -13760,17 +11815,6 @@ "id": "at-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[03]", @@ -13789,17 +11833,6 @@ "id": "at-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[04]", @@ -13829,17 +11862,6 @@ "id": "at-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.01(a)", @@ -13985,17 +12007,6 @@ "id": "at-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.01(b)", @@ -14030,23 +12041,6 @@ "id": "at-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01b.", @@ -14076,23 +12070,6 @@ "id": "at-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01c.01", @@ -14148,23 +12125,6 @@ "id": "at-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01c.02", @@ -14366,6 +12326,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-02", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2" @@ -14489,11 +12454,6 @@ "id": "at-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -14529,11 +12489,6 @@ "id": "at-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -14545,11 +12500,6 @@ "id": "at-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -14561,11 +12511,6 @@ "id": "at-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -14617,23 +12562,6 @@ "id": "at-2_obj.a.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[01]", @@ -14652,23 +12580,6 @@ "id": "at-2_obj.a.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[02]", @@ -14687,23 +12598,6 @@ "id": "at-2_obj.a.1-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[03]", @@ -14722,23 +12616,6 @@ "id": "at-2_obj.a.1-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[04]", @@ -14765,23 +12642,6 @@ "id": "at-2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.02", @@ -14845,17 +12705,6 @@ "id": "at-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AT-02b.", @@ -14874,23 +12723,6 @@ "id": "at-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02c.", @@ -14946,23 +12778,6 @@ "id": "at-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02d.", @@ -15058,6 +12873,11 @@ "class": "SP800-53-enhancement", "title": "Insider Threat", "props": [ + { + "name": "label", + "value": "AT-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2(2)" @@ -15096,13 +12916,6 @@ { "id": "at-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide literacy training on recognizing and reporting potential indicators of insider threat." }, { @@ -15114,23 +12927,6 @@ "id": "at-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02(02)", @@ -15233,6 +13029,11 @@ "class": "SP800-53-enhancement", "title": "Social Engineering and Mining", "props": [ + { + "name": "label", + "value": "AT-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2(3)" @@ -15267,13 +13068,6 @@ { "id": "at-2.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide literacy training on recognizing and reporting potential and actual instances of social engineering and social mining." }, { @@ -15285,23 +13079,6 @@ "id": "at-2.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02(03)", @@ -15503,6 +13280,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-03", + "class": "zero-padded" + }, { "name": "label", "value": "AT-3" @@ -15638,11 +13420,6 @@ "id": "at-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -15678,11 +13455,6 @@ "id": "at-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -15694,11 +13466,6 @@ "id": "at-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -15739,23 +13506,6 @@ "id": "at-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-03a.01", @@ -15847,23 +13597,6 @@ "id": "at-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-03a.02", @@ -15927,17 +13660,6 @@ "id": "at-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AT-03b.", @@ -15993,23 +13715,6 @@ "id": "at-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-03c.", @@ -16121,6 +13826,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-04", + "class": "zero-padded" + }, { "name": "label", "value": "AT-4" @@ -16184,11 +13894,6 @@ "id": "at-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -16200,11 +13905,6 @@ "id": "at-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -16234,23 +13934,6 @@ "id": "at-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-04a.", @@ -16306,17 +13989,6 @@ "id": "at-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AT-04b.", @@ -16514,6 +14186,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-01", + "class": "zero-padded" + }, { "name": "label", "value": "AU-1" @@ -16577,12 +14254,6 @@ "id": "au-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -16642,11 +14313,6 @@ "id": "au-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -16658,12 +14324,6 @@ "id": "au-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -16728,23 +14388,6 @@ "id": "au-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[01]", @@ -16763,23 +14406,6 @@ "id": "au-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[02]", @@ -16798,17 +14424,6 @@ "id": "au-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[03]", @@ -16827,17 +14442,6 @@ "id": "au-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[04]", @@ -16867,17 +14471,6 @@ "id": "au-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.01(a)", @@ -17023,17 +14616,6 @@ "id": "au-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.01(b)", @@ -17068,23 +14650,6 @@ "id": "au-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01b.", @@ -17114,23 +14679,6 @@ "id": "au-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01c.01", @@ -17186,23 +14734,6 @@ "id": "au-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01c.02", @@ -17379,9 +14910,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-02", + "class": "zero-padded" }, { "name": "label", @@ -17557,11 +15088,6 @@ "id": "au-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -17573,11 +15099,6 @@ "id": "au-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -17589,11 +15110,6 @@ "id": "au-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -17605,11 +15121,6 @@ "id": "au-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -17621,11 +15132,6 @@ "id": "au-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -17684,23 +15190,6 @@ "id": "au-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02a.", @@ -17719,23 +15208,6 @@ "id": "au-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02b.", @@ -17765,23 +15237,6 @@ "id": "au-2_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02c.[01]", @@ -17800,17 +15255,6 @@ "id": "au-2_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-02c.[02]", @@ -17837,23 +15281,6 @@ "id": "au-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02d.", @@ -17872,17 +15299,6 @@ "id": "au-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-02e.", @@ -17979,9 +15395,9 @@ "title": "Content of Audit Records", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-03", + "class": "zero-padded" }, { "name": "label", @@ -18058,11 +15474,6 @@ "id": "au-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -18074,11 +15485,6 @@ "id": "au-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -18090,11 +15496,6 @@ "id": "au-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -18106,11 +15507,6 @@ "id": "au-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -18122,11 +15518,6 @@ "id": "au-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -18138,11 +15529,6 @@ "id": "au-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -18161,23 +15547,6 @@ "id": "au-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-03", @@ -18391,9 +15760,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-03(01)", + "class": "zero-padded" }, { "name": "label", @@ -18424,13 +15793,6 @@ { "id": "au-3.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Generate audit records containing the following additional information: {{ insert: param, au-03.01_odp }}.", "parts": [ { @@ -18462,23 +15824,6 @@ "id": "au-3.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-03(01)", @@ -18580,9 +15925,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-04", + "class": "zero-padded" }, { "name": "label", @@ -18650,13 +15995,6 @@ { "id": "au-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Allocate audit log storage capacity to accommodate {{ insert: param, au-04_odp }}." }, { @@ -18668,23 +16006,6 @@ "id": "au-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-04", @@ -18807,9 +16128,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-05", + "class": "zero-padded" }, { "name": "label", @@ -18877,11 +16198,6 @@ "id": "au-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -18893,11 +16209,6 @@ "id": "au-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -18927,23 +16238,6 @@ "id": "au-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-05a.", @@ -18962,23 +16256,6 @@ "id": "au-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-05b.", @@ -19109,9 +16386,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06", + "class": "zero-padded" }, { "name": "label", @@ -19276,11 +16553,6 @@ "id": "au-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -19292,11 +16564,6 @@ "id": "au-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -19308,11 +16575,6 @@ "id": "au-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -19360,23 +16622,6 @@ "id": "au-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06a.", @@ -19395,23 +16640,6 @@ "id": "au-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06b.", @@ -19430,23 +16658,6 @@ "id": "au-6_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06c.", @@ -19532,9 +16743,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06(01)", + "class": "zero-padded" }, { "name": "label", @@ -19574,13 +16785,6 @@ { "id": "au-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Integrate audit record review, analysis, and reporting processes using {{ insert: param, au-06.01_odp }}." }, { @@ -19592,23 +16796,6 @@ "id": "au-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06(01)", @@ -19697,9 +16884,9 @@ "title": "Correlate Audit Record Repositories", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06(03)", + "class": "zero-padded" }, { "name": "label", @@ -19743,13 +16930,6 @@ { "id": "au-6.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Analyze and correlate audit records across different repositories to gain organization-wide situational awareness." }, { @@ -19761,23 +16941,6 @@ "id": "au-6.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06(03)", @@ -19867,6 +17030,11 @@ "class": "SP800-53", "title": "Audit Record Reduction and Report Generation", "props": [ + { + "name": "label", + "value": "AU-07", + "class": "zero-padded" + }, { "name": "label", "value": "AU-7" @@ -19955,11 +17123,6 @@ "id": "au-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -19971,11 +17134,6 @@ "id": "au-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -20005,29 +17163,6 @@ "id": "au-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-07a.", @@ -20083,23 +17218,6 @@ "id": "au-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-07b.", @@ -20243,6 +17361,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-07(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AU-7(1)" @@ -20277,13 +17400,6 @@ { "id": "au-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide and implement the capability to process, sort, and search audit records for events of interest based on the following content: {{ insert: param, au-07.01_odp }}." }, { @@ -20295,23 +17411,6 @@ "id": "au-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-07(01)", @@ -20455,9 +17554,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-08", + "class": "zero-padded" }, { "name": "label", @@ -20505,11 +17604,6 @@ "id": "au-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -20521,11 +17615,6 @@ "id": "au-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -20555,23 +17644,6 @@ "id": "au-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-08a.", @@ -20590,23 +17662,6 @@ "id": "au-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-08b.", @@ -20713,6 +17768,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-09", + "class": "zero-padded" + }, { "name": "label", "value": "AU-9" @@ -20811,11 +17871,6 @@ "id": "au-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -20827,11 +17882,6 @@ "id": "au-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -20861,23 +17911,6 @@ "id": "au-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09a.", @@ -20896,23 +17929,6 @@ "id": "au-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09b.", @@ -21019,6 +18035,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-09(04)", + "class": "zero-padded" + }, { "name": "label", "value": "AU-9(4)" @@ -21052,13 +18073,6 @@ { "id": "au-9.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Authorize access to management of audit logging functionality to only {{ insert: param, au-09.04_odp }}." }, { @@ -21070,23 +18084,6 @@ "id": "au-9.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09(04)", @@ -21193,9 +18190,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-11", + "class": "zero-padded" }, { "name": "label", @@ -21262,13 +18259,6 @@ { "id": "au-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Retain audit records for {{ insert: param, au-11_odp }} to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.", "parts": [ { @@ -21322,23 +18312,6 @@ "id": "au-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-11", @@ -21430,9 +18403,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-12", + "class": "zero-padded" }, { "name": "label", @@ -21540,11 +18513,6 @@ "id": "au-12_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -21556,11 +18524,6 @@ "id": "au-12_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -21572,11 +18535,6 @@ "id": "au-12_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -21606,23 +18564,6 @@ "id": "au-12_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-12a.", @@ -21641,23 +18582,6 @@ "id": "au-12_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-12b.", @@ -21676,17 +18600,6 @@ "id": "au-12_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-12c.", @@ -21884,6 +18797,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-01", + "class": "zero-padded" + }, { "name": "label", "value": "CA-1" @@ -21971,12 +18889,6 @@ "id": "ca-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -22036,11 +18948,6 @@ "id": "ca-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -22052,12 +18959,6 @@ "id": "ca-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -22122,23 +19023,6 @@ "id": "ca-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[01]", @@ -22157,23 +19041,6 @@ "id": "ca-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[02]", @@ -22192,17 +19059,6 @@ "id": "ca-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[03]", @@ -22221,17 +19077,6 @@ "id": "ca-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[04]", @@ -22261,17 +19106,6 @@ "id": "ca-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.01(a)", @@ -22417,17 +19251,6 @@ "id": "ca-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.01(b)", @@ -22462,23 +19285,6 @@ "id": "ca-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01b.", @@ -22508,23 +19314,6 @@ "id": "ca-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01c.01", @@ -22580,23 +19369,6 @@ "id": "ca-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01c.02", @@ -22745,6 +19517,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-02", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2" @@ -22872,11 +19649,6 @@ "id": "ca-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -22888,11 +19660,6 @@ "id": "ca-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -22939,11 +19706,6 @@ "id": "ca-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -22955,11 +19717,6 @@ "id": "ca-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -22971,11 +19728,6 @@ "id": "ca-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -22987,11 +19739,6 @@ "id": "ca-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -23039,17 +19786,6 @@ "id": "ca-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-02a.", @@ -23079,23 +19815,6 @@ "id": "ca-2_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02b.01", @@ -23114,23 +19833,6 @@ "id": "ca-2_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02b.02", @@ -23149,23 +19851,6 @@ "id": "ca-2_obj.b.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02b.03", @@ -23247,23 +19932,6 @@ "id": "ca-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02c.", @@ -23282,23 +19950,6 @@ "id": "ca-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02d.", @@ -23354,17 +20005,6 @@ "id": "ca-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-02e.", @@ -23383,17 +20023,6 @@ "id": "ca-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-02f.", @@ -23489,6 +20118,11 @@ "class": "SP800-53-enhancement", "title": "Independent Assessors", "props": [ + { + "name": "label", + "value": "CA-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2(1)" @@ -23523,13 +20157,6 @@ { "id": "ca-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ independent assessors or assessment teams to conduct control assessments.", "parts": [ { @@ -23561,23 +20188,6 @@ "id": "ca-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02(01)", @@ -23682,6 +20292,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2(3)" @@ -23720,13 +20335,6 @@ { "id": "ca-2.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Leverage the results of control assessments performed by {{ insert: param, ca-02.03_odp.01 }} on {{ insert: param, ca-02.03_odp.02 }} when the assessment meets {{ insert: param, ca-02.03_odp.03 }}." }, { @@ -23738,23 +20346,6 @@ "id": "ca-2.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02(03)", @@ -23862,6 +20453,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-03", + "class": "zero-padded" + }, { "name": "label", "value": "CA-3" @@ -23957,11 +20553,6 @@ "id": "ca-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -23973,11 +20564,6 @@ "id": "ca-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -23989,11 +20575,6 @@ "id": "ca-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -24023,23 +20604,6 @@ "id": "ca-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-03a.", @@ -24058,17 +20622,6 @@ "id": "ca-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-03b.", @@ -24196,23 +20749,6 @@ "id": "ca-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-03c.", @@ -24302,6 +20838,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-05", + "class": "zero-padded" + }, { "name": "label", "value": "CA-5" @@ -24373,11 +20914,6 @@ "id": "ca-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -24389,11 +20925,6 @@ "id": "ca-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -24452,23 +20983,6 @@ "id": "ca-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-05a.", @@ -24487,23 +21001,6 @@ "id": "ca-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-05b.", @@ -24615,6 +21112,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-06", + "class": "zero-padded" + }, { "name": "label", "value": "CA-6" @@ -24694,11 +21196,6 @@ "id": "ca-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -24710,11 +21207,6 @@ "id": "ca-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -24726,11 +21218,6 @@ "id": "ca-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -24766,11 +21253,6 @@ "id": "ca-6_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -24782,11 +21264,6 @@ "id": "ca-6_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -24834,23 +21311,6 @@ "id": "ca-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06a.", @@ -24869,23 +21329,6 @@ "id": "ca-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06b.", @@ -24915,23 +21358,6 @@ "id": "ca-6_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06c.01", @@ -24950,23 +21376,6 @@ "id": "ca-6_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06c.02", @@ -24993,23 +21402,6 @@ "id": "ca-6_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06d.", @@ -25028,17 +21420,6 @@ "id": "ca-6_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-06e.", @@ -25212,6 +21593,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-07", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7" @@ -25484,11 +21870,6 @@ "id": "ca-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -25500,11 +21881,6 @@ "id": "ca-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -25516,11 +21892,6 @@ "id": "ca-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -25532,11 +21903,6 @@ "id": "ca-7_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -25548,11 +21914,6 @@ "id": "ca-7_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -25564,11 +21925,6 @@ "id": "ca-7_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -25580,11 +21936,6 @@ "id": "ca-7_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -25654,23 +22005,6 @@ "id": "ca-7_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07[01]", @@ -25689,23 +22023,6 @@ "id": "ca-7_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07[02]", @@ -25724,23 +22041,6 @@ "id": "ca-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07a.", @@ -25759,23 +22059,6 @@ "id": "ca-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07b.", @@ -25831,23 +22114,6 @@ "id": "ca-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07c.", @@ -25866,23 +22132,6 @@ "id": "ca-7_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07d.", @@ -25901,23 +22150,6 @@ "id": "ca-7_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07e.", @@ -25936,23 +22168,6 @@ "id": "ca-7_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07f.", @@ -25971,23 +22186,6 @@ "id": "ca-7_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07g.", @@ -26120,6 +22318,11 @@ "class": "SP800-53-enhancement", "title": "Independent Assessment", "props": [ + { + "name": "label", + "value": "CA-07(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7(1)" @@ -26154,13 +22357,6 @@ { "id": "ca-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ independent assessors or assessment teams to monitor the controls in the system on an ongoing basis." }, { @@ -26172,23 +22368,6 @@ "id": "ca-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(01)", @@ -26254,6 +22433,11 @@ "class": "SP800-53-enhancement", "title": "Risk Monitoring", "props": [ + { + "name": "label", + "value": "CA-07(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7(4)" @@ -26299,11 +22483,6 @@ "id": "ca-7.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -26315,11 +22494,6 @@ "id": "ca-7.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -26331,11 +22505,6 @@ "id": "ca-7.4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -26354,23 +22523,6 @@ "id": "ca-7.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)", @@ -26383,23 +22535,6 @@ "id": "ca-7.4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)(a)", @@ -26418,23 +22553,6 @@ "id": "ca-7.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)(b)", @@ -26453,23 +22571,6 @@ "id": "ca-7.4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)(c)", @@ -26592,6 +22693,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-08", + "class": "zero-padded" + }, { "name": "label", "value": "CA-8" @@ -26642,13 +22748,6 @@ { "id": "ca-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Conduct penetration testing {{ insert: param, ca-08_odp.01 }} on {{ insert: param, ca-08_odp.02 }}.", "parts": [ { @@ -26680,23 +22779,6 @@ "id": "ca-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-08", @@ -26784,6 +22866,11 @@ "class": "SP800-53-enhancement", "title": "Independent Penetration Testing Agent or Team", "props": [ + { + "name": "label", + "value": "CA-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-8(1)" @@ -26822,13 +22909,6 @@ { "id": "ca-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ an independent penetration testing agent or team to perform penetration testing on the system or system components." }, { @@ -26840,23 +22920,6 @@ "id": "ca-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-08(01)", @@ -26934,9 +22997,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CA-08(02)", + "class": "zero-padded" }, { "name": "label", @@ -26972,19 +23035,12 @@ { "id": "ca-8.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ the following red-team exercises to simulate attempts by adversaries to compromise organizational systems in accordance with applicable rules of engagement: {{ insert: param, ca-08.02_odp }}.", "parts": [ { "id": "ca-8.2_fr", "name": "item", - "title": "CA-8(2) Additional FedRAMP Requirements and Guidance", + "title": "CM-2 Additional FedRAMP Requirements and Guidance", "parts": [ { "id": "ca-8.2_fr_gdn.1", @@ -27010,23 +23066,6 @@ "id": "ca-8.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-08(02)", @@ -27150,6 +23189,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-09", + "class": "zero-padded" + }, { "name": "label", "value": "CA-9" @@ -27225,11 +23269,6 @@ "id": "ca-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -27241,11 +23280,6 @@ "id": "ca-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -27257,11 +23291,6 @@ "id": "ca-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -27273,11 +23302,6 @@ "id": "ca-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -27307,23 +23331,6 @@ "id": "ca-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-09a.", @@ -27342,17 +23349,6 @@ "id": "ca-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-09b.", @@ -27444,23 +23440,6 @@ "id": "ca-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-09c.", @@ -27479,23 +23458,6 @@ "id": "ca-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-09d.", @@ -27693,6 +23655,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-01", + "class": "zero-padded" + }, { "name": "label", "value": "CM-1" @@ -27764,12 +23731,6 @@ "id": "cm-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -27829,11 +23790,6 @@ "id": "cm-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -27845,12 +23801,6 @@ "id": "cm-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -27915,23 +23865,6 @@ "id": "cm-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[01]", @@ -27950,23 +23883,6 @@ "id": "cm-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[02]", @@ -27985,17 +23901,6 @@ "id": "cm-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[03]", @@ -28014,17 +23919,6 @@ "id": "cm-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[04]", @@ -28054,17 +23948,6 @@ "id": "cm-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.01(a)", @@ -28210,17 +24093,6 @@ "id": "cm-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.01(b)", @@ -28255,23 +24127,6 @@ "id": "cm-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01b.", @@ -28301,23 +24156,6 @@ "id": "cm-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01c.01", @@ -28373,23 +24211,6 @@ "id": "cm-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01c.02", @@ -28538,6 +24359,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2" @@ -28657,11 +24483,6 @@ "id": "cm-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -28673,11 +24494,6 @@ "id": "cm-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -28760,17 +24576,6 @@ "id": "cm-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-02a.", @@ -28837,23 +24642,6 @@ "id": "cm-2_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02b.01", @@ -28872,23 +24660,6 @@ "id": "cm-2_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02b.02", @@ -28907,23 +24678,6 @@ "id": "cm-2_obj.b.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02b.03", @@ -29038,6 +24792,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2(2)" @@ -29084,13 +24843,6 @@ { "id": "cm-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain the currency, completeness, accuracy, and availability of the baseline configuration of the system using {{ insert: param, cm-02.02_odp }}." }, { @@ -29102,23 +24854,6 @@ "id": "cm-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02(02)", @@ -29290,6 +25025,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2(3)" @@ -29324,13 +25064,6 @@ { "id": "cm-2.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Retain {{ insert: param, cm-02.03_odp }} of previous versions of baseline configurations of the system to support rollback." }, { @@ -29342,17 +25075,6 @@ "id": "cm-2.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-02(03)", @@ -29469,6 +25191,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02(07)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2(7)" @@ -29516,11 +25243,6 @@ "id": "cm-2.7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -29532,11 +25254,6 @@ "id": "cm-2.7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -29566,23 +25283,6 @@ "id": "cm-2.7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02(07)(a)", @@ -29601,23 +25301,6 @@ "id": "cm-2.7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02(07)(b)", @@ -29763,6 +25446,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-03", + "class": "zero-padded" + }, { "name": "label", "value": "CM-3" @@ -29902,11 +25590,6 @@ "id": "cm-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -29918,11 +25601,6 @@ "id": "cm-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -29934,11 +25612,6 @@ "id": "cm-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -29950,11 +25623,6 @@ "id": "cm-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -29966,11 +25634,6 @@ "id": "cm-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -29982,11 +25645,6 @@ "id": "cm-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -29998,11 +25656,6 @@ "id": "cm-3_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -30061,23 +25714,6 @@ "id": "cm-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03a.", @@ -30096,23 +25732,6 @@ "id": "cm-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03b.", @@ -30168,23 +25787,6 @@ "id": "cm-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03c.", @@ -30203,17 +25805,6 @@ "id": "cm-3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-03d.", @@ -30232,17 +25823,6 @@ "id": "cm-3_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-03e.", @@ -30261,23 +25841,6 @@ "id": "cm-3_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03f.", @@ -30344,23 +25907,6 @@ "id": "cm-3_obj.g-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03g.[01]", @@ -30379,23 +25925,6 @@ "id": "cm-3_obj.g-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03g.[02]", @@ -30499,6 +26028,11 @@ "class": "SP800-53-enhancement", "title": "Testing, Validation, and Documentation of Changes", "props": [ + { + "name": "label", + "value": "CM-03(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-3(2)" @@ -30533,13 +26067,6 @@ { "id": "cm-3.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Test, validate, and document changes to the system before finalizing the implementation of the changes." }, { @@ -30551,23 +26078,6 @@ "id": "cm-3.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(02)", @@ -30748,6 +26258,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-03(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-3(4)" @@ -30777,13 +26292,6 @@ { "id": "cm-3.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require {{ insert: param, cm-3.4_prm_1 }} to be members of the {{ insert: param, cm-03.04_odp.03 }}." }, { @@ -30795,23 +26303,6 @@ "id": "cm-3.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(04)", @@ -30938,6 +26429,11 @@ "class": "SP800-53", "title": "Impact Analyses", "props": [ + { + "name": "label", + "value": "CM-04", + "class": "zero-padded" + }, { "name": "label", "value": "CM-4" @@ -31020,13 +26516,6 @@ { "id": "cm-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Analyze changes to the system to determine potential security and privacy impacts prior to change implementation." }, { @@ -31038,23 +26527,6 @@ "id": "cm-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04", @@ -31179,6 +26651,11 @@ "class": "SP800-53-enhancement", "title": "Verification of Controls", "props": [ + { + "name": "label", + "value": "CM-04(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-4(2)" @@ -31225,13 +26702,6 @@ { "id": "cm-4.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "After system changes, verify that the impacted controls are implemented correctly, operating as intended, and producing the desired outcome with regard to meeting the security and privacy requirements for the system." }, { @@ -31243,23 +26713,6 @@ "id": "cm-4.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(02)", @@ -31459,9 +26912,9 @@ "title": "Access Restrictions for Change", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-05", + "class": "zero-padded" }, { "name": "label", @@ -31536,13 +26989,6 @@ { "id": "cm-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system." }, { @@ -31554,23 +27000,6 @@ "id": "cm-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-05", @@ -31778,6 +27207,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-5(1)" @@ -31840,11 +27274,6 @@ "id": "cm-5.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -31856,11 +27285,6 @@ "id": "cm-5.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -31890,17 +27314,6 @@ "id": "cm-5.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-05(01)(a)", @@ -31919,23 +27332,6 @@ "id": "cm-5.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-05(01)(b)", @@ -32060,6 +27456,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-05(05)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-5(5)" @@ -32098,11 +27499,6 @@ "id": "cm-5.5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -32114,11 +27510,6 @@ "id": "cm-5.5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -32148,17 +27539,6 @@ "id": "cm-5.5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-05(05)(a)", @@ -32214,23 +27594,6 @@ "id": "cm-5.5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-05(05)(b)", @@ -32395,9 +27758,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-06", + "class": "zero-padded" }, { "name": "label", @@ -32570,11 +27933,6 @@ "id": "cm-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -32586,11 +27944,6 @@ "id": "cm-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -32602,11 +27955,6 @@ "id": "cm-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -32618,11 +27966,6 @@ "id": "cm-6_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -32666,7 +28009,7 @@ "value": "Guidance:" } ], - "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP's Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." + "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP\u2019s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." } ] } @@ -32692,17 +28035,6 @@ "id": "cm-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-06a.", @@ -32721,23 +28053,6 @@ "id": "cm-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06b.", @@ -32756,23 +28071,6 @@ "id": "cm-6_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06c.", @@ -32828,23 +28126,6 @@ "id": "cm-6_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06d.", @@ -33020,9 +28301,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-06(01)", + "class": "zero-padded" }, { "name": "label", @@ -33057,13 +28338,6 @@ { "id": "cm-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Manage, apply, and verify configuration settings for {{ insert: param, cm-06.01_odp.01 }} using {{ insert: param, cm-6.1_prm_2 }}." }, { @@ -33075,17 +28349,6 @@ "id": "cm-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-06(01)", @@ -33291,9 +28554,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-07", + "class": "zero-padded" }, { "name": "label", @@ -33418,11 +28681,6 @@ "id": "cm-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -33434,11 +28692,6 @@ "id": "cm-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -33486,23 +28739,6 @@ "id": "cm-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07a.", @@ -33521,17 +28757,6 @@ "id": "cm-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-07b.", @@ -33784,9 +29009,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-07(01)", + "class": "zero-padded" }, { "name": "label", @@ -33831,11 +29056,6 @@ "id": "cm-7.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -33847,11 +29067,6 @@ "id": "cm-7.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -33881,23 +29096,6 @@ "id": "cm-7.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(01)(a)", @@ -33916,23 +29114,6 @@ "id": "cm-7.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(01)(b)", @@ -34141,9 +29322,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-07(02)", + "class": "zero-padded" }, { "name": "label", @@ -34194,13 +29375,6 @@ { "id": "cm-7.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent program execution in accordance with {{ insert: param, cm-07.02_odp.01 }}.", "parts": [ { @@ -34232,17 +29406,6 @@ "id": "cm-7.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(02)", @@ -34356,9 +29519,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-07(05)", + "class": "zero-padded" }, { "name": "label", @@ -34435,11 +29598,6 @@ "id": "cm-7.5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -34451,11 +29609,6 @@ "id": "cm-7.5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -34467,11 +29620,6 @@ "id": "cm-7.5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -34501,23 +29649,6 @@ "id": "cm-7.5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(05)(a)", @@ -34536,17 +29667,6 @@ "id": "cm-7.5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(05)(b)", @@ -34565,23 +29685,6 @@ "id": "cm-7.5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(05)(c)", @@ -34705,9 +29808,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-08", + "class": "zero-padded" }, { "name": "label", @@ -34840,11 +29943,6 @@ "id": "cm-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -34913,11 +30011,6 @@ "id": "cm-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -34976,23 +30069,6 @@ "id": "cm-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.01", @@ -35011,23 +30087,6 @@ "id": "cm-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.02", @@ -35046,23 +30105,6 @@ "id": "cm-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.03", @@ -35081,23 +30123,6 @@ "id": "cm-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.04", @@ -35116,23 +30141,6 @@ "id": "cm-8_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.05", @@ -35159,23 +30167,6 @@ "id": "cm-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08b.", @@ -35271,6 +30262,11 @@ "class": "SP800-53-enhancement", "title": "Updates During Installation and Removal", "props": [ + { + "name": "label", + "value": "CM-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-8(1)" @@ -35309,13 +30305,6 @@ { "id": "cm-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Update the inventory of system components as part of component installations, removals, and system updates." }, { @@ -35327,23 +30316,6 @@ "id": "cm-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08(01)", @@ -35558,6 +30530,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-08(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-8(3)" @@ -35633,11 +30610,6 @@ "id": "cm-8.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -35649,11 +30621,6 @@ "id": "cm-8.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -35683,17 +30650,6 @@ "id": "cm-8.3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-08(03)(a)", @@ -35767,17 +30723,6 @@ "id": "cm-8.3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-08(03)(b)", @@ -35941,6 +30886,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-09", + "class": "zero-padded" + }, { "name": "label", "value": "CM-9" @@ -36012,11 +30962,6 @@ "id": "cm-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -36028,11 +30973,6 @@ "id": "cm-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -36044,11 +30984,6 @@ "id": "cm-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -36060,11 +30995,6 @@ "id": "cm-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -36076,11 +31006,6 @@ "id": "cm-9_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -36110,17 +31035,6 @@ "id": "cm-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09", @@ -36168,17 +31082,6 @@ "id": "cm-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09a.", @@ -36263,23 +31166,6 @@ "id": "cm-9_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-09b.[01]", @@ -36298,17 +31184,6 @@ "id": "cm-9_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09b.[02]", @@ -36346,17 +31221,6 @@ "id": "cm-9_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09c.[01]", @@ -36375,17 +31239,6 @@ "id": "cm-9_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09c.[02]", @@ -36412,23 +31265,6 @@ "id": "cm-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-09d.", @@ -36447,17 +31283,6 @@ "id": "cm-9_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-09e.", @@ -36590,6 +31415,11 @@ "class": "SP800-53", "title": "Software Usage Restrictions", "props": [ + { + "name": "label", + "value": "CM-10", + "class": "zero-padded" + }, { "name": "label", "value": "CM-10" @@ -36644,11 +31474,6 @@ "id": "cm-10_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -36660,11 +31485,6 @@ "id": "cm-10_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -36676,11 +31496,6 @@ "id": "cm-10_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -36710,23 +31525,6 @@ "id": "cm-10_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-10a.", @@ -36745,23 +31543,6 @@ "id": "cm-10_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-10b.", @@ -36780,23 +31561,6 @@ "id": "cm-10_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-10c.", @@ -36926,6 +31690,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-11", + "class": "zero-padded" + }, { "name": "label", "value": "CM-11" @@ -37000,11 +31769,6 @@ "id": "cm-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -37016,11 +31780,6 @@ "id": "cm-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -37032,11 +31791,6 @@ "id": "cm-11_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -37066,23 +31820,6 @@ "id": "cm-11_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-11a.", @@ -37101,23 +31838,6 @@ "id": "cm-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-11b.", @@ -37136,17 +31856,6 @@ "id": "cm-11_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-11c.", @@ -37253,6 +31962,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-12", + "class": "zero-padded" + }, { "name": "label", "value": "CM-12" @@ -37364,11 +32078,6 @@ "id": "cm-12_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -37380,11 +32089,6 @@ "id": "cm-12_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -37396,11 +32100,6 @@ "id": "cm-12_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -37459,23 +32158,6 @@ "id": "cm-12_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12a.[01]", @@ -37494,23 +32176,6 @@ "id": "cm-12_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12a.[02]", @@ -37529,23 +32194,6 @@ "id": "cm-12_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12a.[03]", @@ -37572,23 +32220,6 @@ "id": "cm-12_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12b.", @@ -37644,23 +32275,6 @@ "id": "cm-12_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12c.", @@ -37818,6 +32432,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-12(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-12(1)" @@ -37852,13 +32471,6 @@ { "id": "cm-12.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Use automated tools to identify {{ insert: param, cm-12.01_odp.01 }} on {{ insert: param, cm-12.01_odp.02 }} to ensure controls are in place to protect organizational information and individual privacy.", "parts": [ { @@ -37890,17 +32502,6 @@ "id": "cm-12.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-12(01)", @@ -38092,6 +32693,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-01", + "class": "zero-padded" + }, { "name": "label", "value": "CP-1" @@ -38163,12 +32769,6 @@ "id": "cp-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -38228,11 +32828,6 @@ "id": "cp-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -38244,12 +32839,6 @@ "id": "cp-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -38314,23 +32903,6 @@ "id": "cp-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[01]", @@ -38349,23 +32921,6 @@ "id": "cp-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[02]", @@ -38384,17 +32939,6 @@ "id": "cp-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[03]", @@ -38413,17 +32957,6 @@ "id": "cp-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[04]", @@ -38453,17 +32986,6 @@ "id": "cp-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.01(a)", @@ -38609,17 +33131,6 @@ "id": "cp-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.01(b)", @@ -38654,23 +33165,6 @@ "id": "cp-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01b.", @@ -38700,23 +33194,6 @@ "id": "cp-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01c.01", @@ -38772,23 +33249,6 @@ "id": "cp-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01c.02", @@ -38989,6 +33449,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-02", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2" @@ -39127,11 +33592,6 @@ "id": "cp-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -39222,11 +33682,6 @@ "id": "cp-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -39238,11 +33693,6 @@ "id": "cp-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -39254,11 +33704,6 @@ "id": "cp-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -39270,11 +33715,6 @@ "id": "cp-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -39286,11 +33726,6 @@ "id": "cp-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -39302,11 +33737,6 @@ "id": "cp-2_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -39318,11 +33748,6 @@ "id": "cp-2_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -39392,17 +33817,6 @@ "id": "cp-2_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.01", @@ -39421,17 +33835,6 @@ "id": "cp-2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.02", @@ -39505,17 +33908,6 @@ "id": "cp-2_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.03", @@ -39589,17 +33981,6 @@ "id": "cp-2_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.04", @@ -39618,17 +33999,6 @@ "id": "cp-2_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.05", @@ -39647,17 +34017,6 @@ "id": "cp-2_obj.a.6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.06", @@ -39676,17 +34035,6 @@ "id": "cp-2_obj.a.7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.07", @@ -39761,23 +34109,6 @@ "id": "cp-2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02b.[01]", @@ -39796,23 +34127,6 @@ "id": "cp-2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02b.[02]", @@ -39839,23 +34153,6 @@ "id": "cp-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02c.", @@ -39874,23 +34171,6 @@ "id": "cp-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02d.", @@ -39920,23 +34200,6 @@ "id": "cp-2_obj.e-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02e.[01]", @@ -39955,23 +34218,6 @@ "id": "cp-2_obj.e-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02e.[02]", @@ -39998,23 +34244,6 @@ "id": "cp-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02f.", @@ -40070,23 +34299,6 @@ "id": "cp-2_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02g.", @@ -40142,29 +34354,6 @@ "id": "cp-2_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-02h.", @@ -40297,6 +34486,11 @@ "class": "SP800-53-enhancement", "title": "Coordinate with Related Plans", "props": [ + { + "name": "label", + "value": "CP-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2(1)" @@ -40326,13 +34520,6 @@ { "id": "cp-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Coordinate contingency plan development with organizational elements responsible for related plans." }, { @@ -40344,23 +34531,6 @@ "id": "cp-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02(01)", @@ -40456,6 +34626,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2(3)" @@ -40485,13 +34660,6 @@ { "id": "cp-2.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Plan for the resumption of {{ insert: param, cp-02.03_odp.01 }} mission and business functions within {{ insert: param, cp-02.03_odp.02 }} of contingency plan activation." }, { @@ -40503,23 +34671,6 @@ "id": "cp-2.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02(03)", @@ -40618,6 +34769,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-02(08)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2(8)" @@ -40655,13 +34811,6 @@ { "id": "cp-2.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify critical system assets supporting {{ insert: param, cp-02.08_odp }} mission and business functions." }, { @@ -40673,23 +34822,6 @@ "id": "cp-2.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02(08)", @@ -40810,6 +34942,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-03", + "class": "zero-padded" + }, { "name": "label", "value": "CP-3" @@ -40885,11 +35022,6 @@ "id": "cp-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -40936,11 +35068,6 @@ "id": "cp-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -40999,23 +35126,6 @@ "id": "cp-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-03a.01", @@ -41034,23 +35144,6 @@ "id": "cp-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03a.02", @@ -41069,23 +35162,6 @@ "id": "cp-3_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03a.03", @@ -41123,23 +35199,6 @@ "id": "cp-3_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03b.[01]", @@ -41158,23 +35217,6 @@ "id": "cp-3_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03b.[02]", @@ -41322,9 +35364,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CP-04", + "class": "zero-padded" }, { "name": "label", @@ -41417,11 +35459,6 @@ "id": "cp-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -41433,11 +35470,6 @@ "id": "cp-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -41449,11 +35481,6 @@ "id": "cp-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -41523,29 +35550,6 @@ "id": "cp-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04a.[01]", @@ -41564,29 +35568,6 @@ "id": "cp-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04a.[02]", @@ -41605,29 +35586,6 @@ "id": "cp-4_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04a.[03]", @@ -41654,23 +35612,6 @@ "id": "cp-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04b.", @@ -41689,23 +35630,6 @@ "id": "cp-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04c.", @@ -41801,6 +35725,11 @@ "class": "SP800-53-enhancement", "title": "Coordinate with Related Plans", "props": [ + { + "name": "label", + "value": "CP-04(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-4(1)" @@ -41843,13 +35772,6 @@ { "id": "cp-4.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Coordinate contingency plan testing with organizational elements responsible for related plans." }, { @@ -41861,29 +35783,6 @@ "id": "cp-4.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04(01)", @@ -41951,6 +35850,11 @@ "class": "SP800-53", "title": "Alternate Storage Site", "props": [ + { + "name": "label", + "value": "CP-06", + "class": "zero-padded" + }, { "name": "label", "value": "CP-6" @@ -42025,11 +35929,6 @@ "id": "cp-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -42041,11 +35940,6 @@ "id": "cp-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -42086,29 +35980,6 @@ "id": "cp-6_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-06a.[01]", @@ -42127,29 +35998,6 @@ "id": "cp-6_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-06a.[02]", @@ -42176,29 +36024,6 @@ "id": "cp-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-06b.", @@ -42294,6 +36119,11 @@ "class": "SP800-53-enhancement", "title": "Separation from Primary Site", "props": [ + { + "name": "label", + "value": "CP-06(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-6(1)" @@ -42327,13 +36157,6 @@ { "id": "cp-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify an alternate storage site that is sufficiently separated from the primary storage site to reduce susceptibility to the same threats." }, { @@ -42345,29 +36168,6 @@ "id": "cp-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-06(01)", @@ -42433,6 +36233,11 @@ "class": "SP800-53-enhancement", "title": "Accessibility", "props": [ + { + "name": "label", + "value": "CP-06(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-6(3)" @@ -42466,13 +36271,6 @@ { "id": "cp-6.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outline explicit mitigation actions." }, { @@ -42495,23 +36293,6 @@ "id": "cp-6.3_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-06(03)[01]", @@ -42530,23 +36311,6 @@ "id": "cp-6.3_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-06(03)[02]", @@ -42642,6 +36406,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-07", + "class": "zero-padded" + }, { "name": "label", "value": "CP-7" @@ -42724,11 +36493,6 @@ "id": "cp-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -42740,11 +36504,6 @@ "id": "cp-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -42756,11 +36515,6 @@ "id": "cp-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -42808,29 +36562,6 @@ "id": "cp-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-07a.", @@ -42860,29 +36591,6 @@ "id": "cp-7_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-07b.[01]", @@ -42901,29 +36609,6 @@ "id": "cp-7_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-07b.[02]", @@ -42950,29 +36635,6 @@ "id": "cp-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-07c.", @@ -43068,6 +36730,11 @@ "class": "SP800-53-enhancement", "title": "Separation from Primary Site", "props": [ + { + "name": "label", + "value": "CP-07(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-7(1)" @@ -43101,13 +36768,6 @@ { "id": "cp-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats.", "parts": [ { @@ -43139,23 +36799,6 @@ "id": "cp-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-07(01)", @@ -43221,6 +36864,11 @@ "class": "SP800-53-enhancement", "title": "Accessibility", "props": [ + { + "name": "label", + "value": "CP-07(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-7(2)" @@ -43254,13 +36902,6 @@ { "id": "cp-7.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify potential accessibility problems to alternate processing sites in the event of an area-wide disruption or disaster and outlines explicit mitigation actions." }, { @@ -43283,23 +36924,6 @@ "id": "cp-7.2_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-07(02)[01]", @@ -43318,23 +36942,6 @@ "id": "cp-7.2_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-07(02)[02]", @@ -43408,6 +37015,11 @@ "class": "SP800-53-enhancement", "title": "Priority of Service", "props": [ + { + "name": "label", + "value": "CP-07(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-7(3)" @@ -43437,13 +37049,6 @@ { "id": "cp-7.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Develop alternate processing site agreements that contain priority-of-service provisions in accordance with availability requirements (including recovery time objectives)." }, { @@ -43455,23 +37060,6 @@ "id": "cp-7.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-07(03)", @@ -43559,6 +37147,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-08", + "class": "zero-padded" + }, { "name": "label", "value": "CP-8" @@ -43608,13 +37201,6 @@ { "id": "cp-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish alternate telecommunications services, including necessary agreements to permit the resumption of {{ insert: param, cp-08_odp.01 }} for essential mission and business functions within {{ insert: param, cp-08_odp.02 }} when the primary telecommunications capabilities are unavailable at either the primary or alternate processing or storage sites.", "parts": [ { @@ -43646,29 +37232,6 @@ "id": "cp-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-08", @@ -43756,6 +37319,11 @@ "class": "SP800-53-enhancement", "title": "Priority of Service Provisions", "props": [ + { + "name": "label", + "value": "CP-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-8(1)" @@ -43790,11 +37358,6 @@ "id": "cp-8.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -43806,11 +37369,6 @@ "id": "cp-8.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -43840,29 +37398,6 @@ "id": "cp-8.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(01)(a)", @@ -43918,29 +37453,6 @@ "id": "cp-8.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(01)(b)", @@ -44036,6 +37548,11 @@ "class": "SP800-53-enhancement", "title": "Single Points of Failure", "props": [ + { + "name": "label", + "value": "CP-08(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-8(2)" @@ -44065,13 +37582,6 @@ { "id": "cp-8.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Obtain alternate telecommunications services to reduce the likelihood of sharing a single point of failure with primary telecommunications services." }, { @@ -44083,23 +37593,6 @@ "id": "cp-8.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(02)", @@ -44220,6 +37713,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9" @@ -44310,11 +37808,6 @@ "id": "cp-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -44326,11 +37819,6 @@ "id": "cp-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -44342,11 +37830,6 @@ "id": "cp-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -44358,11 +37841,6 @@ "id": "cp-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -44443,29 +37921,6 @@ "id": "cp-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09a.", @@ -44484,29 +37939,6 @@ "id": "cp-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09b.", @@ -44525,29 +37957,6 @@ "id": "cp-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09c.", @@ -44566,23 +37975,6 @@ "id": "cp-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09d.", @@ -44762,6 +38154,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9(1)" @@ -44795,13 +38192,6 @@ { "id": "cp-9.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Test backup information {{ insert: param, cp-9.1_prm_1 }} to verify media reliability and information integrity." }, { @@ -44813,29 +38203,6 @@ "id": "cp-9.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09(01)", @@ -44976,6 +38343,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09(08)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9(8)" @@ -45017,13 +38389,6 @@ { "id": "cp-9.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of {{ insert: param, cp-09.08_odp }}.", "parts": [ { @@ -45055,29 +38420,6 @@ "id": "cp-9.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09(08)", @@ -45191,6 +38533,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-10", + "class": "zero-padded" + }, { "name": "label", "value": "CP-10" @@ -45256,13 +38603,6 @@ { "id": "cp-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide for the recovery and reconstitution of the system to a known state within {{ insert: param, cp-10_prm_1 }} after a disruption, compromise, or failure." }, { @@ -45274,29 +38614,6 @@ "id": "cp-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-10", @@ -45421,6 +38738,11 @@ "class": "SP800-53-enhancement", "title": "Transaction Recovery", "props": [ + { + "name": "label", + "value": "CP-10(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-10(2)" @@ -45450,13 +38772,6 @@ { "id": "cp-10.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement transaction recovery for systems that are transaction-based." }, { @@ -45468,29 +38783,6 @@ "id": "cp-10.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-10(02)", @@ -45682,6 +38974,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-01", + "class": "zero-padded" + }, { "name": "label", "value": "IA-1" @@ -45777,12 +39074,6 @@ "id": "ia-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -45842,11 +39133,6 @@ "id": "ia-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -45858,12 +39144,6 @@ "id": "ia-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -45928,23 +39208,6 @@ "id": "ia-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[01]", @@ -45963,23 +39226,6 @@ "id": "ia-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[02]", @@ -45998,17 +39244,6 @@ "id": "ia-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[03]", @@ -46027,17 +39262,6 @@ "id": "ia-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[04]", @@ -46067,17 +39291,6 @@ "id": "ia-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.01(a)", @@ -46223,17 +39436,6 @@ "id": "ia-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.01(b)", @@ -46268,23 +39470,6 @@ "id": "ia-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01b.", @@ -46314,23 +39499,6 @@ "id": "ia-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01c.01", @@ -46386,23 +39554,6 @@ "id": "ia-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01c.02", @@ -46522,9 +39673,9 @@ "title": "Identification and Authentication (Organizational Users)", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02", + "class": "zero-padded" }, { "name": "label", @@ -46696,13 +39847,6 @@ { "id": "ia-2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.", "parts": [ { @@ -46778,29 +39922,6 @@ "id": "ia-2_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02[01]", @@ -46819,29 +39940,6 @@ "id": "ia-2_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02[02]", @@ -46938,9 +40036,9 @@ "title": "Multi-factor Authentication to Privileged Accounts", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(01)", + "class": "zero-padded" }, { "name": "label", @@ -46979,13 +40077,6 @@ { "id": "ia-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement multi-factor authentication for access to privileged accounts.", "parts": [ { @@ -47039,17 +40130,6 @@ "id": "ia-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(01)", @@ -47138,9 +40218,9 @@ "title": "Multi-factor Authentication to Non-privileged Accounts", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(02)", + "class": "zero-padded" }, { "name": "label", @@ -47175,13 +40255,6 @@ { "id": "ia-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement multi-factor authentication for access to non-privileged accounts.", "parts": [ { @@ -47235,17 +40308,6 @@ "id": "ia-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(02)", @@ -47334,9 +40396,9 @@ "title": "Individual Authentication with Group Authentication", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(05)", + "class": "zero-padded" }, { "name": "label", @@ -47372,13 +40434,6 @@ { "id": "ia-2.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "When shared accounts or authenticators are employed, require users to be individually authenticated before granting access to the shared accounts or resources." }, { @@ -47390,17 +40445,6 @@ "id": "ia-2.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(05)", @@ -47536,9 +40580,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(06)", + "class": "zero-padded" }, { "name": "label", @@ -47579,11 +40623,6 @@ "id": "ia-2.6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -47595,11 +40634,6 @@ "id": "ia-2.6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -47658,23 +40692,6 @@ "id": "ia-2.6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(06)(a)", @@ -47693,23 +40710,6 @@ "id": "ia-2.6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(06)(b)", @@ -47823,9 +40823,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(08)", + "class": "zero-padded" }, { "name": "label", @@ -47856,13 +40856,6 @@ { "id": "ia-2.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement replay-resistant authentication mechanisms for access to {{ insert: param, ia-02.08_odp }}." }, { @@ -47874,23 +40867,6 @@ "id": "ia-2.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(08)", @@ -47979,9 +40955,9 @@ "title": "Acceptance of PIV Credentials", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(12)", + "class": "zero-padded" }, { "name": "label", @@ -48012,13 +40988,6 @@ { "id": "ia-2.12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Accept and electronically verify Personal Identity Verification-compliant credentials.", "parts": [ { @@ -48050,23 +41019,6 @@ "id": "ia-2.12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(12)", @@ -48178,6 +41130,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-03", + "class": "zero-padded" + }, { "name": "label", "value": "IA-3" @@ -48251,13 +41208,6 @@ { "id": "ia-3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Uniquely identify and authenticate {{ insert: param, ia-03_odp.01 }} before establishing a {{ insert: param, ia-03_odp.02 }} connection." }, { @@ -48269,23 +41219,6 @@ "id": "ia-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-03", @@ -48404,9 +41337,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-04", + "class": "zero-padded" }, { "name": "label", @@ -48527,11 +41460,6 @@ "id": "ia-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -48543,11 +41471,6 @@ "id": "ia-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -48559,11 +41482,6 @@ "id": "ia-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -48575,11 +41493,6 @@ "id": "ia-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -48609,23 +41522,6 @@ "id": "ia-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04a.", @@ -48644,23 +41540,6 @@ "id": "ia-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04b.", @@ -48679,23 +41558,6 @@ "id": "ia-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04c.", @@ -48714,23 +41576,6 @@ "id": "ia-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04d.", @@ -48842,6 +41687,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-04(04)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-4(4)" @@ -48871,13 +41721,6 @@ { "id": "ia-4.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Manage individual identifiers by uniquely identifying each individual as {{ insert: param, ia-04.04_odp }}." }, { @@ -48889,23 +41732,6 @@ "id": "ia-4.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04(04)", @@ -49016,9 +41842,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-05", + "class": "zero-padded" }, { "name": "label", @@ -49160,11 +41986,6 @@ "id": "ia-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -49176,11 +41997,6 @@ "id": "ia-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -49192,11 +42008,6 @@ "id": "ia-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -49208,11 +42019,6 @@ "id": "ia-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -49224,11 +42030,6 @@ "id": "ia-5_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -49240,11 +42041,6 @@ "id": "ia-5_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -49256,11 +42052,6 @@ "id": "ia-5_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -49272,11 +42063,6 @@ "id": "ia-5_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -49288,11 +42074,6 @@ "id": "ia-5_smt.i", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "i." @@ -49351,23 +42132,6 @@ "id": "ia-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05a.", @@ -49386,23 +42150,6 @@ "id": "ia-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05b.", @@ -49421,23 +42168,6 @@ "id": "ia-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05c.", @@ -49456,23 +42186,6 @@ "id": "ia-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05d.", @@ -49491,23 +42204,6 @@ "id": "ia-5_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05e.", @@ -49526,23 +42222,6 @@ "id": "ia-5_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05f.", @@ -49561,23 +42240,6 @@ "id": "ia-5_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05g.", @@ -49607,23 +42269,6 @@ "id": "ia-5_obj.h-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05h.[01]", @@ -49642,23 +42287,6 @@ "id": "ia-5_obj.h-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05h.[02]", @@ -49685,23 +42313,6 @@ "id": "ia-5_obj.i", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05i.", @@ -49817,6 +42428,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(1)" @@ -49861,11 +42477,6 @@ "id": "ia-5.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -49877,11 +42488,6 @@ "id": "ia-5.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -49893,11 +42499,6 @@ "id": "ia-5.1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -49909,11 +42510,6 @@ "id": "ia-5.1_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -49925,11 +42521,6 @@ "id": "ia-5.1_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(e)" @@ -49941,11 +42532,6 @@ "id": "ia-5.1_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(f)" @@ -49957,11 +42543,6 @@ "id": "ia-5.1_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(g)" @@ -49973,11 +42554,6 @@ "id": "ia-5.1_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(h)" @@ -50010,7 +42586,7 @@ "value": "(h) Requirement:" } ], - "prose": "For cases where technology doesn't allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." + "prose": "For cases where technology doesn\u2019t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." }, { "id": "ia-5.1_fr_gdn.1", @@ -50047,23 +42623,6 @@ "id": "ia-5.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(a)", @@ -50082,23 +42641,6 @@ "id": "ia-5.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(b)", @@ -50117,17 +42659,6 @@ "id": "ia-5.1_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(c)", @@ -50146,17 +42677,6 @@ "id": "ia-5.1_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(d)", @@ -50175,17 +42695,6 @@ "id": "ia-5.1_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(e)", @@ -50204,17 +42713,6 @@ "id": "ia-5.1_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(f)", @@ -50233,17 +42731,6 @@ "id": "ia-5.1_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(g)", @@ -50262,23 +42749,6 @@ "id": "ia-5.1_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(h)", @@ -50374,6 +42844,11 @@ "class": "SP800-53-enhancement", "title": "Public Key-based Authentication", "props": [ + { + "name": "label", + "value": "IA-05(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(2)" @@ -50416,11 +42891,6 @@ "id": "ia-5.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -50456,11 +42926,6 @@ "id": "ia-5.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -50525,17 +42990,6 @@ "id": "ia-5.2_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(02)(a)(01)", @@ -50554,17 +43008,6 @@ "id": "ia-5.2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(02)(a)(02)", @@ -50602,17 +43045,6 @@ "id": "ia-5.2_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(02)(b)(01)", @@ -50631,17 +43063,6 @@ "id": "ia-5.2_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(02)(b)(02)", @@ -50745,6 +43166,11 @@ "class": "SP800-53-enhancement", "title": "Protection of Authenticators", "props": [ + { + "name": "label", + "value": "IA-05(06)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(6)" @@ -50778,13 +43204,6 @@ { "id": "ia-5.6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect authenticators commensurate with the security category of the information to which use of the authenticator permits access." }, { @@ -50796,17 +43215,6 @@ "id": "ia-5.6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(06)", @@ -50894,6 +43302,11 @@ "class": "SP800-53-enhancement", "title": "No Embedded Unencrypted Static Authenticators", "props": [ + { + "name": "label", + "value": "IA-05(07)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(7)" @@ -50923,13 +43336,6 @@ { "id": "ia-5.7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Ensure that unencrypted static authenticators are not embedded in applications or other forms of static storage.", "parts": [ { @@ -50961,17 +43367,6 @@ "id": "ia-5.7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(07)", @@ -51061,6 +43456,11 @@ "class": "SP800-53", "title": "Authentication Feedback", "props": [ + { + "name": "label", + "value": "IA-06", + "class": "zero-padded" + }, { "name": "label", "value": "IA-6" @@ -51090,13 +43490,6 @@ { "id": "ia-6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals." }, { @@ -51108,17 +43501,6 @@ "id": "ia-6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-06", @@ -51206,6 +43588,11 @@ "class": "SP800-53", "title": "Cryptographic Module Authentication", "props": [ + { + "name": "label", + "value": "IA-07", + "class": "zero-padded" + }, { "name": "label", "value": "IA-7" @@ -51255,13 +43642,6 @@ { "id": "ia-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication." }, { @@ -51273,29 +43653,6 @@ "id": "ia-7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-07", @@ -51383,6 +43740,11 @@ "class": "SP800-53", "title": "Identification and Authentication (Non-organizational Users)", "props": [ + { + "name": "label", + "value": "IA-08", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8" @@ -51500,13 +43862,6 @@ { "id": "ia-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users." }, { @@ -51518,17 +43873,6 @@ "id": "ia-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08", @@ -51616,6 +43960,11 @@ "class": "SP800-53-enhancement", "title": "Acceptance of PIV Credentials from Other Agencies", "props": [ + { + "name": "label", + "value": "IA-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(1)" @@ -51649,13 +43998,6 @@ { "id": "ia-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Accept and electronically verify Personal Identity Verification-compliant credentials from other federal agencies." }, { @@ -51667,17 +44009,6 @@ "id": "ia-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(01)", @@ -51802,6 +44133,11 @@ "class": "SP800-53-enhancement", "title": "Acceptance of External Authenticators", "props": [ + { + "name": "label", + "value": "IA-08(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(2)" @@ -51836,11 +44172,6 @@ "id": "ia-8.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -51852,11 +44183,6 @@ "id": "ia-8.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -51886,17 +44212,6 @@ "id": "ia-8.2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(02)(a)", @@ -51915,23 +44230,6 @@ "id": "ia-8.2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(02)(b)", @@ -52075,6 +44373,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-08(04)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(4)" @@ -52104,13 +44407,6 @@ { "id": "ia-8.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Conform to the following profiles for identity management {{ insert: param, ia-08.04_odp }}." }, { @@ -52122,29 +44418,6 @@ "id": "ia-8.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(04)", @@ -52245,6 +44518,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-11", + "class": "zero-padded" + }, { "name": "label", "value": "IA-11" @@ -52299,13 +44577,6 @@ { "id": "ia-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require users to re-authenticate when {{ insert: param, ia-11_odp }}.", "parts": [ { @@ -52337,29 +44608,6 @@ "id": "ia-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-11", @@ -52447,6 +44695,11 @@ "class": "SP800-53", "title": "Identity Proofing", "props": [ + { + "name": "label", + "value": "IA-12", + "class": "zero-padded" + }, { "name": "label", "value": "IA-12" @@ -52529,11 +44782,6 @@ "id": "ia-12_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -52545,11 +44793,6 @@ "id": "ia-12_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -52561,11 +44804,6 @@ "id": "ia-12_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -52613,29 +44851,6 @@ "id": "ia-12_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12a.", @@ -52654,23 +44869,6 @@ "id": "ia-12_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12b.", @@ -52689,23 +44887,6 @@ "id": "ia-12_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12c.", @@ -52856,6 +45037,11 @@ "class": "SP800-53-enhancement", "title": "Identity Evidence", "props": [ + { + "name": "label", + "value": "IA-12(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-12(2)" @@ -52885,13 +45071,6 @@ { "id": "ia-12.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require evidence of individual identification be presented to the registration authority." }, { @@ -52903,23 +45082,6 @@ "id": "ia-12.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12(02)", @@ -53018,6 +45180,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-12(03)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-12(3)" @@ -53047,13 +45214,6 @@ { "id": "ia-12.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require that the presented identity evidence be validated and verified through {{ insert: param, ia-12.03_odp }}." }, { @@ -53065,29 +45225,6 @@ "id": "ia-12.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12(03)", @@ -53186,6 +45323,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-12(05)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-12(5)" @@ -53219,13 +45361,6 @@ { "id": "ia-12.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require that a {{ insert: param, ia-12.05_odp }} be delivered through an out-of-band channel to verify the users address (physical or digital) of record.", "parts": [ { @@ -53257,23 +45392,6 @@ "id": "ia-12.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12(05)", @@ -53465,6 +45583,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-01", + "class": "zero-padded" + }, { "name": "label", "value": "IR-1" @@ -53544,12 +45667,6 @@ "id": "ir-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -53609,11 +45726,6 @@ "id": "ir-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -53625,12 +45737,6 @@ "id": "ir-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -53695,23 +45801,6 @@ "id": "ir-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[01]", @@ -53730,23 +45819,6 @@ "id": "ir-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[02]", @@ -53765,17 +45837,6 @@ "id": "ir-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[03]", @@ -53794,17 +45855,6 @@ "id": "ir-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[04]", @@ -53834,17 +45884,6 @@ "id": "ir-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.01(a)", @@ -53990,17 +46029,6 @@ "id": "ir-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.01(b)", @@ -54035,23 +46063,6 @@ "id": "ir-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01b.", @@ -54081,23 +46092,6 @@ "id": "ir-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01c.01", @@ -54153,23 +46147,6 @@ "id": "ir-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01c.02", @@ -54341,6 +46318,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-02", + "class": "zero-padded" + }, { "name": "label", "value": "IR-2" @@ -54416,11 +46398,6 @@ "id": "ir-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -54467,11 +46444,6 @@ "id": "ir-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -54512,23 +46484,6 @@ "id": "ir-2_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02a.01", @@ -54547,23 +46502,6 @@ "id": "ir-2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02a.02", @@ -54582,23 +46520,6 @@ "id": "ir-2_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02a.03", @@ -54636,23 +46557,6 @@ "id": "ir-2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02b.[01]", @@ -54671,23 +46575,6 @@ "id": "ir-2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02b.[02]", @@ -54795,9 +46682,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-03", + "class": "zero-padded" }, { "name": "label", @@ -54865,13 +46752,6 @@ { "id": "ir-3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Test the effectiveness of the incident response capability for the system {{ insert: param, ir-03_odp.01 }} using the following tests: {{ insert: param, ir-03_odp.02 }}.", "parts": [ { @@ -54903,23 +46783,6 @@ "id": "ir-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-03", @@ -54985,6 +46848,11 @@ "class": "SP800-53-enhancement", "title": "Coordination with Related Plans", "props": [ + { + "name": "label", + "value": "IR-03(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-3(2)" @@ -55019,13 +46887,6 @@ { "id": "ir-3.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Coordinate incident response testing with organizational elements responsible for related plans." }, { @@ -55037,23 +46898,6 @@ "id": "ir-3.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-03(02)", @@ -55122,9 +46966,9 @@ "title": "Incident Handling", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-04", + "class": "zero-padded" }, { "name": "label", @@ -55280,11 +47124,6 @@ "id": "ir-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -55296,11 +47135,6 @@ "id": "ir-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -55312,11 +47146,6 @@ "id": "ir-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -55328,11 +47157,6 @@ "id": "ir-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -55402,23 +47226,6 @@ "id": "ir-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04a.[01]", @@ -55437,23 +47244,6 @@ "id": "ir-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04a.[02]", @@ -55552,23 +47342,6 @@ "id": "ir-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04b.", @@ -55598,23 +47371,6 @@ "id": "ir-4_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04c.[01]", @@ -55633,23 +47389,6 @@ "id": "ir-4_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04c.[02]", @@ -55676,23 +47415,6 @@ "id": "ir-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04d.", @@ -55873,9 +47595,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-04(01)", + "class": "zero-padded" }, { "name": "label", @@ -55906,13 +47628,6 @@ { "id": "ir-4.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Support the incident handling process using {{ insert: param, ir-04.01_odp }}." }, { @@ -55924,23 +47639,6 @@ "id": "ir-4.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04(01)", @@ -56030,6 +47728,11 @@ "class": "SP800-53", "title": "Incident Monitoring", "props": [ + { + "name": "label", + "value": "IR-05", + "class": "zero-padded" + }, { "name": "label", "value": "IR-5" @@ -56112,13 +47815,6 @@ { "id": "ir-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Track and document incidents." }, { @@ -56130,23 +47826,6 @@ "id": "ir-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-05", @@ -56296,6 +47975,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-06", + "class": "zero-padded" + }, { "name": "label", "value": "IR-6" @@ -56366,11 +48050,6 @@ "id": "ir-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -56382,11 +48061,6 @@ "id": "ir-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -56434,23 +48108,6 @@ "id": "ir-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-06a.", @@ -56469,23 +48126,6 @@ "id": "ir-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-06b.", @@ -56592,6 +48232,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-06(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-6(1)" @@ -56625,13 +48270,6 @@ { "id": "ir-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Report incidents using {{ insert: param, ir-06.01_odp }}." }, { @@ -56643,29 +48281,6 @@ "id": "ir-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-06(01)", @@ -56753,6 +48368,11 @@ "class": "SP800-53-enhancement", "title": "Supply Chain Coordination", "props": [ + { + "name": "label", + "value": "IR-06(03)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-6(3)" @@ -56786,13 +48406,6 @@ { "id": "ir-6.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide incident information to the provider of the product or service and other organizations involved in the supply chain or supply chain governance for systems or system components related to the incident." }, { @@ -56804,23 +48417,6 @@ "id": "ir-6.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-06(03)", @@ -56910,6 +48506,11 @@ "class": "SP800-53", "title": "Incident Response Assistance", "props": [ + { + "name": "label", + "value": "IR-07", + "class": "zero-padded" + }, { "name": "label", "value": "IR-7" @@ -56979,13 +48580,6 @@ { "id": "ir-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide an incident response support resource, integral to the organizational incident response capability, that offers advice and assistance to users of the system for the handling and reporting of incidents." }, { @@ -57008,23 +48602,6 @@ "id": "ir-7_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-07[01]", @@ -57043,23 +48620,6 @@ "id": "ir-7_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-07[02]", @@ -57166,6 +48726,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-07(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-7(1)" @@ -57195,13 +48760,6 @@ { "id": "ir-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Increase the availability of incident response information and support using {{ insert: param, ir-07.01_odp }}." }, { @@ -57213,29 +48771,6 @@ "id": "ir-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-07(01)", @@ -57409,6 +48944,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-08", + "class": "zero-padded" + }, { "name": "label", "value": "IR-8" @@ -57495,11 +49035,6 @@ "id": "ir-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -57623,11 +49158,6 @@ "id": "ir-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -57639,11 +49169,6 @@ "id": "ir-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -57655,11 +49180,6 @@ "id": "ir-8_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -57671,11 +49191,6 @@ "id": "ir-8_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -57745,17 +49260,6 @@ "id": "ir-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.01", @@ -57774,17 +49278,6 @@ "id": "ir-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.02", @@ -57803,17 +49296,6 @@ "id": "ir-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.03", @@ -57832,17 +49314,6 @@ "id": "ir-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.04", @@ -57861,17 +49332,6 @@ "id": "ir-8_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.05", @@ -57890,17 +49350,6 @@ "id": "ir-8_obj.a.6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.06", @@ -57919,17 +49368,6 @@ "id": "ir-8_obj.a.7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.07", @@ -57948,17 +49386,6 @@ "id": "ir-8_obj.a.8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.08", @@ -57977,17 +49404,6 @@ "id": "ir-8_obj.a.9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.09", @@ -58006,17 +49422,6 @@ "id": "ir-8_obj.a.10", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.10", @@ -58043,17 +49448,6 @@ "id": "ir-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-08b.", @@ -58109,23 +49503,6 @@ "id": "ir-8_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-08c.", @@ -58144,23 +49521,6 @@ "id": "ir-8_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-08d.", @@ -58216,17 +49576,6 @@ "id": "ir-8_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-08e.", @@ -58388,6 +49737,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-09", + "class": "zero-padded" + }, { "name": "label", "value": "IR-9" @@ -58451,11 +49805,6 @@ "id": "ir-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -58467,11 +49816,6 @@ "id": "ir-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -58483,11 +49827,6 @@ "id": "ir-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -58499,11 +49838,6 @@ "id": "ir-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -58515,11 +49849,6 @@ "id": "ir-9_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -58531,11 +49860,6 @@ "id": "ir-9_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -58547,11 +49871,6 @@ "id": "ir-9_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -58581,23 +49900,6 @@ "id": "ir-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-09a.", @@ -58616,23 +49918,6 @@ "id": "ir-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-09b.", @@ -58651,23 +49936,6 @@ "id": "ir-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09c.", @@ -58686,23 +49954,6 @@ "id": "ir-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09d.", @@ -58721,23 +49972,6 @@ "id": "ir-9_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09e.", @@ -58756,23 +49990,6 @@ "id": "ir-9_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09f.", @@ -58791,23 +50008,6 @@ "id": "ir-9_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09g.", @@ -58919,6 +50119,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-09(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-9(2)" @@ -58964,13 +50169,6 @@ { "id": "ir-9.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide information spillage response training {{ insert: param, ir-09.02_odp }}." }, { @@ -58982,17 +50180,6 @@ "id": "ir-9.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09(02)", @@ -59069,6 +50256,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-09(03)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-9(3)" @@ -59098,13 +50290,6 @@ { "id": "ir-9.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement the following procedures to ensure that organizational personnel impacted by information spills can continue to carry out assigned tasks while contaminated systems are undergoing corrective actions: {{ insert: param, ir-09.03_odp }}." }, { @@ -59116,17 +50301,6 @@ "id": "ir-9.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-09(03)", @@ -59225,6 +50399,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-09(04)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-9(4)" @@ -59254,13 +50433,6 @@ { "id": "ir-9.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ the following controls for personnel exposed to information not within assigned access authorizations: {{ insert: param, ir-09.04_odp }}." }, { @@ -59272,17 +50444,6 @@ "id": "ir-9.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09(04)", @@ -59474,6 +50635,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-01", + "class": "zero-padded" + }, { "name": "label", "value": "MA-1" @@ -59541,12 +50707,6 @@ "id": "ma-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -59606,11 +50766,6 @@ "id": "ma-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -59622,12 +50777,6 @@ "id": "ma-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -59692,23 +50841,6 @@ "id": "ma-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[01]", @@ -59727,23 +50859,6 @@ "id": "ma-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[02]", @@ -59762,17 +50877,6 @@ "id": "ma-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[03]", @@ -59791,17 +50895,6 @@ "id": "ma-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[04]", @@ -59831,17 +50924,6 @@ "id": "ma-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.01(a)", @@ -59987,17 +51069,6 @@ "id": "ma-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.01(b)", @@ -60032,23 +51103,6 @@ "id": "ma-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01b.", @@ -60078,23 +51132,6 @@ "id": "ma-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01c.01", @@ -60150,23 +51187,6 @@ "id": "ma-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01c.02", @@ -60314,6 +51334,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-02", + "class": "zero-padded" + }, { "name": "label", "value": "MA-2" @@ -60400,11 +51425,6 @@ "id": "ma-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -60416,11 +51436,6 @@ "id": "ma-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -60432,11 +51447,6 @@ "id": "ma-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -60448,11 +51458,6 @@ "id": "ma-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -60464,11 +51469,6 @@ "id": "ma-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -60480,11 +51480,6 @@ "id": "ma-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -60514,29 +51509,6 @@ "id": "ma-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02a.", @@ -60610,23 +51582,6 @@ "id": "ma-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-02b.", @@ -60682,23 +51637,6 @@ "id": "ma-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-02c.", @@ -60717,23 +51655,6 @@ "id": "ma-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-02d.", @@ -60752,17 +51673,6 @@ "id": "ma-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02e.", @@ -60781,17 +51691,6 @@ "id": "ma-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02f.", @@ -60903,6 +51802,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-03", + "class": "zero-padded" + }, { "name": "label", "value": "MA-3" @@ -60945,11 +51849,6 @@ "id": "ma-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -60961,11 +51860,6 @@ "id": "ma-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -60995,29 +51889,6 @@ "id": "ma-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03a.", @@ -61091,29 +51962,6 @@ "id": "ma-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03b.", @@ -61209,6 +52057,11 @@ "class": "SP800-53-enhancement", "title": "Inspect Tools", "props": [ + { + "name": "label", + "value": "MA-03(01)", + "class": "zero-padded" + }, { "name": "label", "value": "MA-3(1)" @@ -61242,13 +52095,6 @@ { "id": "ma-3.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Inspect the maintenance tools used by maintenance personnel for improper or unauthorized modifications." }, { @@ -61260,29 +52106,6 @@ "id": "ma-3.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03(01)", @@ -61371,9 +52194,9 @@ "title": "Inspect Media", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "MA-03(02)", + "class": "zero-padded" }, { "name": "label", @@ -61408,13 +52231,6 @@ { "id": "ma-3.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Check media containing diagnostic and test programs for malicious code before the media are used in the system." }, { @@ -61426,29 +52242,6 @@ "id": "ma-3.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03(02)", @@ -61552,6 +52345,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-03(03)", + "class": "zero-padded" + }, { "name": "label", "value": "MA-3(3)" @@ -61591,11 +52389,6 @@ "id": "ma-3.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -61607,11 +52400,6 @@ "id": "ma-3.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -61623,11 +52411,6 @@ "id": "ma-3.3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -61639,11 +52422,6 @@ "id": "ma-3.3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -61662,29 +52440,6 @@ "id": "ma-3.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03(03)", @@ -61847,6 +52602,11 @@ "class": "SP800-53", "title": "Nonlocal Maintenance", "props": [ + { + "name": "label", + "value": "MA-04", + "class": "zero-padded" + }, { "name": "label", "value": "MA-4" @@ -61957,11 +52717,6 @@ "id": "ma-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -61973,11 +52728,6 @@ "id": "ma-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -61989,11 +52739,6 @@ "id": "ma-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -62005,11 +52750,6 @@ "id": "ma-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -62021,11 +52761,6 @@ "id": "ma-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -62055,23 +52790,6 @@ "id": "ma-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04a.", @@ -62138,23 +52856,6 @@ "id": "ma-4_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04b.[01]", @@ -62173,17 +52874,6 @@ "id": "ma-4_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-04b.[02]", @@ -62210,29 +52900,6 @@ "id": "ma-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04c.", @@ -62251,17 +52918,6 @@ "id": "ma-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04d.", @@ -62280,17 +52936,6 @@ "id": "ma-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04e.", @@ -62423,6 +53068,11 @@ "class": "SP800-53", "title": "Maintenance Personnel", "props": [ + { + "name": "label", + "value": "MA-05", + "class": "zero-padded" + }, { "name": "label", "value": "MA-5" @@ -62501,11 +53151,6 @@ "id": "ma-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -62517,11 +53162,6 @@ "id": "ma-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -62533,11 +53173,6 @@ "id": "ma-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -62567,17 +53202,6 @@ "id": "ma-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-05a.", @@ -62633,29 +53257,6 @@ "id": "ma-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05b.", @@ -62674,29 +53275,6 @@ "id": "ma-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05c.", @@ -62803,6 +53381,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "MA-5(1)" @@ -62845,11 +53428,6 @@ "id": "ma-5.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -62885,11 +53463,6 @@ "id": "ma-5.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -62948,23 +53521,6 @@ "id": "ma-5.1_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05(01)(a)(01)", @@ -62983,23 +53539,6 @@ "id": "ma-5.1_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05(01)(a)(02)", @@ -63026,29 +53565,6 @@ "id": "ma-5.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05(01)(b)", @@ -63171,6 +53687,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-06", + "class": "zero-padded" + }, { "name": "label", "value": "MA-6" @@ -63232,13 +53753,6 @@ { "id": "ma-6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Obtain maintenance support and/or spare parts for {{ insert: param, ma-06_odp.01 }} within {{ insert: param, ma-06_odp.02 }} of failure." }, { @@ -63250,29 +53764,6 @@ "id": "ma-6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-06", @@ -63462,6 +53953,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-01", + "class": "zero-padded" + }, { "name": "label", "value": "MP-1" @@ -63529,12 +54025,6 @@ "id": "mp-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -63594,11 +54084,6 @@ "id": "mp-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -63610,12 +54095,6 @@ "id": "mp-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -63680,23 +54159,6 @@ "id": "mp-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[01]", @@ -63715,23 +54177,6 @@ "id": "mp-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[02]", @@ -63750,17 +54195,6 @@ "id": "mp-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[03]", @@ -63779,17 +54213,6 @@ "id": "mp-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[04]", @@ -63819,17 +54242,6 @@ "id": "mp-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.01(a)", @@ -63975,17 +54387,6 @@ "id": "mp-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.01(b)", @@ -64020,23 +54421,6 @@ "id": "mp-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01b.", @@ -64066,23 +54450,6 @@ "id": "mp-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01c.01", @@ -64138,23 +54505,6 @@ "id": "mp-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01c.02", @@ -64324,6 +54674,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-02", + "class": "zero-padded" + }, { "name": "label", "value": "MP-2" @@ -64417,13 +54772,6 @@ { "id": "mp-2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Restrict access to {{ insert: param, mp-2_prm_1 }} to {{ insert: param, mp-2_prm_2 }}." }, { @@ -64446,29 +54794,6 @@ "id": "mp-2_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-02[01]", @@ -64487,29 +54812,6 @@ "id": "mp-2_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-02[02]", @@ -64635,6 +54937,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-03", + "class": "zero-padded" + }, { "name": "label", "value": "MP-3" @@ -64697,11 +55004,6 @@ "id": "mp-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -64713,11 +55015,6 @@ "id": "mp-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -64765,17 +55062,6 @@ "id": "mp-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-03a.", @@ -64794,17 +55080,6 @@ "id": "mp-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-03b.", @@ -64974,6 +55249,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-04", + "class": "zero-padded" + }, { "name": "label", "value": "MP-4" @@ -65092,11 +55372,6 @@ "id": "mp-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -65108,11 +55383,6 @@ "id": "mp-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -65171,29 +55441,6 @@ "id": "mp-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04a.[01]", @@ -65212,29 +55459,6 @@ "id": "mp-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04a.[02]", @@ -65253,29 +55477,6 @@ "id": "mp-4_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04a.[03]", @@ -65294,29 +55495,6 @@ "id": "mp-4_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04a.[04]", @@ -65343,29 +55521,6 @@ "id": "mp-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04b.", @@ -65504,6 +55659,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-05", + "class": "zero-padded" + }, { "name": "label", "value": "MP-5" @@ -65594,11 +55754,6 @@ "id": "mp-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -65610,11 +55765,6 @@ "id": "mp-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -65626,11 +55776,6 @@ "id": "mp-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -65642,11 +55787,6 @@ "id": "mp-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -65694,29 +55834,6 @@ "id": "mp-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-05a.", @@ -65772,29 +55889,6 @@ "id": "mp-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-05b.", @@ -65813,17 +55907,6 @@ "id": "mp-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-05c.", @@ -65853,23 +55936,6 @@ "id": "mp-5_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-05d.[01]", @@ -65888,17 +55954,6 @@ "id": "mp-5_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-05d.[02]", @@ -66071,6 +56126,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-06", + "class": "zero-padded" + }, { "name": "label", "value": "MP-6" @@ -66189,11 +56249,6 @@ "id": "mp-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -66205,11 +56260,6 @@ "id": "mp-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -66239,29 +56289,6 @@ "id": "mp-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-06a.", @@ -66335,29 +56362,6 @@ "id": "mp-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-06b.", @@ -66491,6 +56495,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-07", + "class": "zero-padded" + }, { "name": "label", "value": "MP-7" @@ -66553,11 +56562,6 @@ "id": "mp-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -66569,11 +56573,6 @@ "id": "mp-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -66603,29 +56602,6 @@ "id": "mp-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-07a.", @@ -66644,29 +56620,6 @@ "id": "mp-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-07b.", @@ -66864,6 +56817,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-01", + "class": "zero-padded" + }, { "name": "label", "value": "PE-1" @@ -66931,12 +56889,6 @@ "id": "pe-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -66996,11 +56948,6 @@ "id": "pe-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -67012,12 +56959,6 @@ "id": "pe-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -67082,23 +57023,6 @@ "id": "pe-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[01]", @@ -67117,23 +57041,6 @@ "id": "pe-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[02]", @@ -67152,17 +57059,6 @@ "id": "pe-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[03]", @@ -67181,17 +57077,6 @@ "id": "pe-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[04]", @@ -67221,17 +57106,6 @@ "id": "pe-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.01(a)", @@ -67377,17 +57251,6 @@ "id": "pe-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.01(b)", @@ -67422,23 +57285,6 @@ "id": "pe-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01b.", @@ -67468,23 +57314,6 @@ "id": "pe-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01c.01", @@ -67540,23 +57369,6 @@ "id": "pe-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01c.02", @@ -67691,6 +57503,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-02", + "class": "zero-padded" + }, { "name": "label", "value": "PE-2" @@ -67793,11 +57610,6 @@ "id": "pe-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -67809,11 +57621,6 @@ "id": "pe-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -67825,11 +57632,6 @@ "id": "pe-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -67841,11 +57643,6 @@ "id": "pe-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -67875,23 +57672,6 @@ "id": "pe-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-02a.", @@ -67965,17 +57745,6 @@ "id": "pe-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-02b.", @@ -67994,17 +57763,6 @@ "id": "pe-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-02c.", @@ -68023,17 +57781,6 @@ "id": "pe-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-02d.", @@ -68247,9 +57994,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "PE-03", + "class": "zero-padded" }, { "name": "label", @@ -68393,11 +58140,6 @@ "id": "pe-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -68433,11 +58175,6 @@ "id": "pe-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -68449,11 +58186,6 @@ "id": "pe-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -68465,11 +58197,6 @@ "id": "pe-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -68481,11 +58208,6 @@ "id": "pe-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -68497,11 +58219,6 @@ "id": "pe-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -68513,11 +58230,6 @@ "id": "pe-3_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -68558,17 +58270,6 @@ "id": "pe-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03a.01", @@ -68587,23 +58288,6 @@ "id": "pe-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03a.02", @@ -68630,23 +58314,6 @@ "id": "pe-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-03b.", @@ -68665,17 +58332,6 @@ "id": "pe-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03c.", @@ -68705,17 +58361,6 @@ "id": "pe-3_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03d.[01]", @@ -68734,23 +58379,6 @@ "id": "pe-3_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03d.[02]", @@ -68788,17 +58416,6 @@ "id": "pe-3_obj.e-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03e.[01]", @@ -68817,17 +58434,6 @@ "id": "pe-3_obj.e-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03e.[02]", @@ -68846,17 +58452,6 @@ "id": "pe-3_obj.e-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03e.[03]", @@ -68883,23 +58478,6 @@ "id": "pe-3_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-03f.", @@ -68929,17 +58507,6 @@ "id": "pe-3_obj.g-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03g.[01]", @@ -68958,17 +58525,6 @@ "id": "pe-3_obj.g-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03g.[02]", @@ -69092,6 +58648,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-04", + "class": "zero-padded" + }, { "name": "label", "value": "PE-4" @@ -69157,13 +58718,6 @@ { "id": "pe-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Control physical access to {{ insert: param, pe-04_odp.01 }} within organizational facilities using {{ insert: param, pe-04_odp.02 }}." }, { @@ -69175,23 +58729,6 @@ "id": "pe-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-04", @@ -69290,6 +58827,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-05", + "class": "zero-padded" + }, { "name": "label", "value": "PE-5" @@ -69335,13 +58877,6 @@ { "id": "pe-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Control physical access to output from {{ insert: param, pe-05_odp }} to prevent unauthorized individuals from obtaining the output." }, { @@ -69353,17 +58888,6 @@ "id": "pe-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-05", @@ -69476,6 +59000,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-06", + "class": "zero-padded" + }, { "name": "label", "value": "PE-6" @@ -69543,11 +59072,6 @@ "id": "pe-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -69559,11 +59083,6 @@ "id": "pe-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -69575,11 +59094,6 @@ "id": "pe-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -69609,23 +59123,6 @@ "id": "pe-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06a.", @@ -69655,17 +59152,6 @@ "id": "pe-6_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06b.[01]", @@ -69684,17 +59170,6 @@ "id": "pe-6_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06b.[02]", @@ -69732,23 +59207,6 @@ "id": "pe-6_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-06c.[01]", @@ -69767,23 +59225,6 @@ "id": "pe-6_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-06c.[02]", @@ -69887,6 +59328,11 @@ "class": "SP800-53-enhancement", "title": "Intrusion Alarms and Surveillance Equipment", "props": [ + { + "name": "label", + "value": "PE-06(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-6(1)" @@ -69921,13 +59367,6 @@ { "id": "pe-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Monitor physical access to the facility where the system resides using physical intrusion alarms and surveillance equipment." }, { @@ -69939,17 +59378,6 @@ "id": "pe-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06(01)", @@ -70115,6 +59543,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-08", + "class": "zero-padded" + }, { "name": "label", "value": "PE-8" @@ -70162,11 +59595,6 @@ "id": "pe-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -70178,11 +59606,6 @@ "id": "pe-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -70194,11 +59617,6 @@ "id": "pe-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -70228,23 +59646,6 @@ "id": "pe-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-08a.", @@ -70263,17 +59664,6 @@ "id": "pe-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-08b.", @@ -70292,23 +59682,6 @@ "id": "pe-8_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-08c.", @@ -70404,6 +59777,11 @@ "class": "SP800-53", "title": "Power Equipment and Cabling", "props": [ + { + "name": "label", + "value": "PE-09", + "class": "zero-padded" + }, { "name": "label", "value": "PE-9" @@ -70433,13 +59811,6 @@ { "id": "pe-9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect power equipment and power cabling for the system from damage and destruction." }, { @@ -70451,17 +59822,6 @@ "id": "pe-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-09", @@ -70611,6 +59971,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-10", + "class": "zero-padded" + }, { "name": "label", "value": "PE-10" @@ -70645,11 +60010,6 @@ "id": "pe-10_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -70661,11 +60021,6 @@ "id": "pe-10_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -70677,11 +60032,6 @@ "id": "pe-10_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -70711,23 +60061,6 @@ "id": "pe-10_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-10a.", @@ -70746,17 +60079,6 @@ "id": "pe-10_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-10b.", @@ -70775,23 +60097,6 @@ "id": "pe-10_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-10c.", @@ -70898,6 +60203,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-11", + "class": "zero-padded" + }, { "name": "label", "value": "PE-11" @@ -70935,13 +60245,6 @@ { "id": "pe-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide an uninterruptible power supply to facilitate {{ insert: param, pe-11_odp }} in the event of a primary power source loss." }, { @@ -70953,23 +60256,6 @@ "id": "pe-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-11", @@ -71057,6 +60343,11 @@ "class": "SP800-53", "title": "Emergency Lighting", "props": [ + { + "name": "label", + "value": "PE-12", + "class": "zero-padded" + }, { "name": "label", "value": "PE-12" @@ -71090,13 +60381,6 @@ { "id": "pe-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ and maintain automatic emergency lighting for the system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility." }, { @@ -71119,17 +60403,6 @@ "id": "pe-12_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[01]", @@ -71148,17 +60421,6 @@ "id": "pe-12_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[02]", @@ -71177,17 +60439,6 @@ "id": "pe-12_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[03]", @@ -71206,17 +60457,6 @@ "id": "pe-12_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[04]", @@ -71312,6 +60552,11 @@ "class": "SP800-53", "title": "Fire Protection", "props": [ + { + "name": "label", + "value": "PE-13", + "class": "zero-padded" + }, { "name": "label", "value": "PE-13" @@ -71341,13 +60586,6 @@ { "id": "pe-13_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ and maintain fire detection and suppression systems that are supported by an independent energy source." }, { @@ -71370,23 +60608,6 @@ "id": "pe-13_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[01]", @@ -71405,23 +60626,6 @@ "id": "pe-13_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[02]", @@ -71440,23 +60644,6 @@ "id": "pe-13_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[03]", @@ -71475,23 +60662,6 @@ "id": "pe-13_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[04]", @@ -71510,23 +60680,6 @@ "id": "pe-13_obj-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[05]", @@ -71545,23 +60698,6 @@ "id": "pe-13_obj-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[06]", @@ -71687,6 +60823,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-13(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-13(1)" @@ -71716,13 +60857,6 @@ { "id": "pe-13.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ fire detection systems that activate automatically and notify {{ insert: param, pe-13.01_odp.01 }} and {{ insert: param, pe-13.01_odp.02 }} in the event of a fire." }, { @@ -71745,17 +60879,6 @@ "id": "pe-13.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(01)[01]", @@ -71774,23 +60897,6 @@ "id": "pe-13.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(01)[02]", @@ -71809,23 +60915,6 @@ "id": "pe-13.1_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(01)[03]", @@ -71941,6 +61030,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-13(02)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-13(2)" @@ -71975,11 +61069,6 @@ "id": "pe-13.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -71991,11 +61080,6 @@ "id": "pe-13.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -72036,17 +61120,6 @@ "id": "pe-13.2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(02)(a)[01]", @@ -72065,23 +61138,6 @@ "id": "pe-13.2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(02)(a)[02]", @@ -72100,23 +61156,6 @@ "id": "pe-13.2_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(02)(a)[03]", @@ -72143,23 +61182,6 @@ "id": "pe-13.2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(02)(b)", @@ -72309,6 +61331,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-14", + "class": "zero-padded" + }, { "name": "label", "value": "PE-14" @@ -72347,11 +61374,6 @@ "id": "pe-14_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -72363,11 +61385,6 @@ "id": "pe-14_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -72415,23 +61432,6 @@ "id": "pe-14_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-14a.", @@ -72450,23 +61450,6 @@ "id": "pe-14_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-14b.", @@ -72562,6 +61545,11 @@ "class": "SP800-53", "title": "Water Damage Protection", "props": [ + { + "name": "label", + "value": "PE-15", + "class": "zero-padded" + }, { "name": "label", "value": "PE-15" @@ -72595,13 +61583,6 @@ { "id": "pe-15_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel." }, { @@ -72624,23 +61605,6 @@ "id": "pe-15_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[01]", @@ -72659,23 +61623,6 @@ "id": "pe-15_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[02]", @@ -72694,23 +61641,6 @@ "id": "pe-15_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[03]", @@ -72729,23 +61659,6 @@ "id": "pe-15_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[04]", @@ -72870,6 +61783,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-16", + "class": "zero-padded" + }, { "name": "label", "value": "PE-16" @@ -72940,11 +61858,6 @@ "id": "pe-16_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -72956,11 +61869,6 @@ "id": "pe-16_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -73001,23 +61909,6 @@ "id": "pe-16_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[01]", @@ -73036,23 +61927,6 @@ "id": "pe-16_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[02]", @@ -73071,23 +61945,6 @@ "id": "pe-16_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[03]", @@ -73106,23 +61963,6 @@ "id": "pe-16_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[04]", @@ -73149,23 +61989,6 @@ "id": "pe-16_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-16b.", @@ -73281,6 +62104,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-17", + "class": "zero-padded" + }, { "name": "label", "value": "PE-17" @@ -73327,11 +62155,6 @@ "id": "pe-17_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -73343,11 +62166,6 @@ "id": "pe-17_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -73359,11 +62177,6 @@ "id": "pe-17_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -73375,11 +62188,6 @@ "id": "pe-17_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -73409,23 +62217,6 @@ "id": "pe-17_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-17a.", @@ -73444,23 +62235,6 @@ "id": "pe-17_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-17b.", @@ -73479,23 +62253,6 @@ "id": "pe-17_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-17c.", @@ -73514,23 +62271,6 @@ "id": "pe-17_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-17d.", @@ -73728,6 +62468,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-01", + "class": "zero-padded" + }, { "name": "label", "value": "PL-1" @@ -73799,12 +62544,6 @@ "id": "pl-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -73864,11 +62603,6 @@ "id": "pl-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -73880,12 +62614,6 @@ "id": "pl-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -73950,23 +62678,6 @@ "id": "pl-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[01]", @@ -73985,23 +62696,6 @@ "id": "pl-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[02]", @@ -74020,17 +62714,6 @@ "id": "pl-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[03]", @@ -74049,17 +62732,6 @@ "id": "pl-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[04]", @@ -74089,17 +62761,6 @@ "id": "pl-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.01(a)", @@ -74245,17 +62906,6 @@ "id": "pl-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.01(b)", @@ -74290,23 +62940,6 @@ "id": "pl-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01b.", @@ -74336,23 +62969,6 @@ "id": "pl-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01c.01", @@ -74408,23 +63024,6 @@ "id": "pl-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01c.02", @@ -74587,6 +63186,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-02", + "class": "zero-padded" + }, { "name": "label", "value": "PL-2" @@ -74790,11 +63394,6 @@ "id": "pl-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -74973,11 +63572,6 @@ "id": "pl-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -74989,11 +63583,6 @@ "id": "pl-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -75005,11 +63594,6 @@ "id": "pl-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -75021,11 +63605,6 @@ "id": "pl-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -75077,57 +63656,6 @@ "id": "pl-2_obj.a.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.01[01]", @@ -75146,57 +63674,6 @@ "id": "pl-2_obj.a.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.01[02]", @@ -75344,17 +63821,6 @@ "id": "pl-2_obj.a.4-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.04[01]", @@ -75373,17 +63839,6 @@ "id": "pl-2_obj.a.4-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.04[02]", @@ -75410,17 +63865,6 @@ "id": "pl-2_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.05", @@ -75476,17 +63920,6 @@ "id": "pl-2_obj.a.6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.06", @@ -75542,17 +63975,6 @@ "id": "pl-2_obj.a.7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.07", @@ -75608,17 +64030,6 @@ "id": "pl-2_obj.a.8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.08", @@ -75674,23 +64085,6 @@ "id": "pl-2_obj.a.9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.09", @@ -75757,17 +64151,6 @@ "id": "pl-2_obj.a.10-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.10[01]", @@ -75786,17 +64169,6 @@ "id": "pl-2_obj.a.10-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.10[02]", @@ -75823,17 +64195,6 @@ "id": "pl-2_obj.a.11", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.11", @@ -75900,17 +64261,6 @@ "id": "pl-2_obj.a.12-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.12[01]", @@ -75929,17 +64279,6 @@ "id": "pl-2_obj.a.12-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.12[02]", @@ -75977,23 +64316,6 @@ "id": "pl-2_obj.a.13-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.13[01]", @@ -76012,23 +64334,6 @@ "id": "pl-2_obj.a.13-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.13[02]", @@ -76066,23 +64371,6 @@ "id": "pl-2_obj.a.14-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.14[01]", @@ -76101,23 +64389,6 @@ "id": "pl-2_obj.a.14-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.14[02]", @@ -76155,23 +64426,6 @@ "id": "pl-2_obj.a.15-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.15[01]", @@ -76190,23 +64444,6 @@ "id": "pl-2_obj.a.15-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.15[02]", @@ -76241,23 +64478,6 @@ "id": "pl-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02b.", @@ -76313,23 +64533,6 @@ "id": "pl-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02c.", @@ -76348,23 +64551,6 @@ "id": "pl-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02d.", @@ -76438,23 +64624,6 @@ "id": "pl-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02e.", @@ -76627,6 +64796,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-04", + "class": "zero-padded" + }, { "name": "label", "value": "PL-4" @@ -76746,11 +64920,6 @@ "id": "pl-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -76762,11 +64931,6 @@ "id": "pl-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -76778,11 +64942,6 @@ "id": "pl-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -76794,11 +64953,6 @@ "id": "pl-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -76828,23 +64982,6 @@ "id": "pl-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04a.", @@ -76900,23 +65037,6 @@ "id": "pl-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04b.", @@ -76935,23 +65055,6 @@ "id": "pl-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-04c.", @@ -76970,23 +65073,6 @@ "id": "pl-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-04d.", @@ -77082,6 +65168,11 @@ "class": "SP800-53-enhancement", "title": "Social Media and External Site/Application Usage Restrictions", "props": [ + { + "name": "label", + "value": "PL-04(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PL-4(1)" @@ -77130,11 +65221,6 @@ "id": "pl-4.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -77146,11 +65232,6 @@ "id": "pl-4.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -77162,11 +65243,6 @@ "id": "pl-4.1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -77196,23 +65272,6 @@ "id": "pl-4.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04(01)(a)", @@ -77231,23 +65290,6 @@ "id": "pl-4.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04(01)(b)", @@ -77266,23 +65308,6 @@ "id": "pl-4.1_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04(01)(c)", @@ -77396,6 +65421,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-08", + "class": "zero-padded" + }, { "name": "label", "value": "PL-8" @@ -77495,11 +65525,6 @@ "id": "pl-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -77557,11 +65582,6 @@ "id": "pl-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -77573,11 +65593,6 @@ "id": "pl-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -77636,23 +65651,6 @@ "id": "pl-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.01", @@ -77671,23 +65669,6 @@ "id": "pl-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.02", @@ -77706,17 +65687,6 @@ "id": "pl-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.03", @@ -77772,17 +65742,6 @@ "id": "pl-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.04", @@ -77846,23 +65805,6 @@ "id": "pl-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-08b.", @@ -77892,23 +65834,6 @@ "id": "pl-8_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[01]", @@ -77927,23 +65852,6 @@ "id": "pl-8_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[02]", @@ -77962,23 +65870,6 @@ "id": "pl-8_obj.c-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[03]", @@ -77997,23 +65888,6 @@ "id": "pl-8_obj.c-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[04]", @@ -78032,23 +65906,6 @@ "id": "pl-8_obj.c-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[05]", @@ -78067,23 +65924,6 @@ "id": "pl-8_obj.c-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[06]", @@ -78187,6 +66027,11 @@ "class": "SP800-53", "title": "Baseline Selection", "props": [ + { + "name": "label", + "value": "PL-10", + "class": "zero-padded" + }, { "name": "label", "value": "PL-10" @@ -78272,13 +66117,6 @@ { "id": "pl-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Select a control baseline for the system.", "parts": [ { @@ -78310,17 +66148,6 @@ "id": "pl-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-10", @@ -78386,6 +66213,11 @@ "class": "SP800-53", "title": "Baseline Tailoring", "props": [ + { + "name": "label", + "value": "PL-11", + "class": "zero-padded" + }, { "name": "label", "value": "PL-11" @@ -78471,13 +66303,6 @@ { "id": "pl-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Tailor the selected control baseline by applying specified tailoring actions." }, { @@ -78489,23 +66314,6 @@ "id": "pl-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-11", @@ -78673,6 +66481,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-01", + "class": "zero-padded" + }, { "name": "label", "value": "PS-1" @@ -78736,12 +66549,6 @@ "id": "ps-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -78801,11 +66608,6 @@ "id": "ps-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -78817,12 +66619,6 @@ "id": "ps-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -78887,23 +66683,6 @@ "id": "ps-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[01]", @@ -78922,23 +66701,6 @@ "id": "ps-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[02]", @@ -78957,17 +66719,6 @@ "id": "ps-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[03]", @@ -78986,17 +66737,6 @@ "id": "ps-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[04]", @@ -79026,17 +66766,6 @@ "id": "ps-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.01(a)", @@ -79182,17 +66911,6 @@ "id": "ps-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.01(b)", @@ -79227,23 +66945,6 @@ "id": "ps-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01b.", @@ -79273,23 +66974,6 @@ "id": "ps-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01c.01", @@ -79345,23 +67029,6 @@ "id": "ps-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01c.02", @@ -79496,6 +67163,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-02", + "class": "zero-padded" + }, { "name": "label", "value": "PS-2" @@ -79574,11 +67246,6 @@ "id": "ps-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -79590,11 +67257,6 @@ "id": "ps-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -79606,11 +67268,6 @@ "id": "ps-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -79640,23 +67297,6 @@ "id": "ps-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-02a.", @@ -79675,23 +67315,6 @@ "id": "ps-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-02b.", @@ -79710,23 +67333,6 @@ "id": "ps-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-02c.", @@ -79851,6 +67457,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-03", + "class": "zero-padded" + }, { "name": "label", "value": "PS-3" @@ -79953,11 +67564,6 @@ "id": "ps-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -79969,11 +67575,6 @@ "id": "ps-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -80003,23 +67604,6 @@ "id": "ps-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03a.", @@ -80049,23 +67633,6 @@ "id": "ps-3_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03b.[01]", @@ -80084,23 +67651,6 @@ "id": "ps-3_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03b.[02]", @@ -80209,7 +67759,7 @@ "label": "additional personnel screening criteria", "constraints": [ { - "description": "personnel screening criteria - as required by specific information" + "description": "personnel screening criteria \u2013 as required by specific information" } ], "guidelines": [ @@ -80220,6 +67770,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-03(03)", + "class": "zero-padded" + }, { "name": "label", "value": "PS-3(3)" @@ -80255,11 +67810,6 @@ "id": "ps-3.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -80271,11 +67821,6 @@ "id": "ps-3.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -80305,23 +67850,6 @@ "id": "ps-3.3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03(03)(a)", @@ -80340,23 +67868,6 @@ "id": "ps-3.3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03(03)(b)", @@ -80479,6 +67990,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-04", + "class": "zero-padded" + }, { "name": "label", "value": "PS-4" @@ -80534,11 +68050,6 @@ "id": "ps-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -80550,11 +68061,6 @@ "id": "ps-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -80566,11 +68072,6 @@ "id": "ps-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -80582,11 +68083,6 @@ "id": "ps-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -80598,11 +68094,6 @@ "id": "ps-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -80632,17 +68123,6 @@ "id": "ps-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04a.", @@ -80661,17 +68141,6 @@ "id": "ps-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04b.", @@ -80690,23 +68159,6 @@ "id": "ps-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04c.", @@ -80725,23 +68177,6 @@ "id": "ps-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-04d.", @@ -80760,23 +68195,6 @@ "id": "ps-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04e.", @@ -80925,6 +68343,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-05", + "class": "zero-padded" + }, { "name": "label", "value": "PS-5" @@ -80979,11 +68402,6 @@ "id": "ps-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -80995,11 +68413,6 @@ "id": "ps-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -81011,11 +68424,6 @@ "id": "ps-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -81027,11 +68435,6 @@ "id": "ps-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -81061,23 +68464,6 @@ "id": "ps-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-05a.", @@ -81096,23 +68482,6 @@ "id": "ps-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-05b.", @@ -81131,17 +68500,6 @@ "id": "ps-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-05c.", @@ -81160,23 +68518,6 @@ "id": "ps-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-05d.", @@ -81302,6 +68643,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-06", + "class": "zero-padded" + }, { "name": "label", "value": "PS-6" @@ -81377,11 +68723,6 @@ "id": "ps-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -81393,11 +68734,6 @@ "id": "ps-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -81409,11 +68745,6 @@ "id": "ps-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -81467,17 +68798,6 @@ "id": "ps-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-06a.", @@ -81496,23 +68816,6 @@ "id": "ps-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-06b.", @@ -81542,23 +68845,6 @@ "id": "ps-6_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-06c.01", @@ -81577,23 +68863,6 @@ "id": "ps-6_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-06c.02", @@ -81727,6 +68996,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-07", + "class": "zero-padded" + }, { "name": "label", "value": "PS-7" @@ -81818,11 +69092,6 @@ "id": "ps-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -81834,11 +69103,6 @@ "id": "ps-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -81850,11 +69114,6 @@ "id": "ps-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -81866,11 +69125,6 @@ "id": "ps-7_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -81882,11 +69136,6 @@ "id": "ps-7_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -81916,23 +69165,6 @@ "id": "ps-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-07a.", @@ -81951,23 +69183,6 @@ "id": "ps-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-07b.", @@ -81986,17 +69201,6 @@ "id": "ps-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-07c.", @@ -82015,23 +69219,6 @@ "id": "ps-7_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-07d.", @@ -82050,23 +69237,6 @@ "id": "ps-7_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-07e.", @@ -82192,6 +69362,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-08", + "class": "zero-padded" + }, { "name": "label", "value": "PS-8" @@ -82238,11 +69413,6 @@ "id": "ps-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -82254,11 +69424,6 @@ "id": "ps-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -82288,23 +69453,6 @@ "id": "ps-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-08a.", @@ -82323,23 +69471,6 @@ "id": "ps-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-08b.", @@ -82435,6 +69566,11 @@ "class": "SP800-53", "title": "Position Descriptions", "props": [ + { + "name": "label", + "value": "PS-09", + "class": "zero-padded" + }, { "name": "label", "value": "PS-9" @@ -82464,13 +69600,6 @@ { "id": "ps-9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Incorporate security and privacy roles and responsibilities into organizational position descriptions." }, { @@ -82482,17 +69611,6 @@ "id": "ps-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-09", @@ -82719,6 +69837,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-01", + "class": "zero-padded" + }, { "name": "label", "value": "RA-1" @@ -82786,12 +69909,6 @@ "id": "ra-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -82851,11 +69968,6 @@ "id": "ra-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -82867,12 +69979,6 @@ "id": "ra-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -82937,23 +70043,6 @@ "id": "ra-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[01]", @@ -82972,23 +70061,6 @@ "id": "ra-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[02]", @@ -83007,17 +70079,6 @@ "id": "ra-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[03]", @@ -83036,17 +70097,6 @@ "id": "ra-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[04]", @@ -83076,17 +70126,6 @@ "id": "ra-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.01(a)", @@ -83232,17 +70271,6 @@ "id": "ra-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.01(b)", @@ -83277,23 +70305,6 @@ "id": "ra-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01b.", @@ -83323,23 +70334,6 @@ "id": "ra-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01c.01", @@ -83395,23 +70389,6 @@ "id": "ra-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01c.02", @@ -83530,6 +70507,11 @@ "class": "SP800-53", "title": "Security Categorization", "props": [ + { + "name": "label", + "value": "RA-02", + "class": "zero-padded" + }, { "name": "label", "value": "RA-2" @@ -83656,11 +70638,6 @@ "id": "ra-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -83672,11 +70649,6 @@ "id": "ra-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -83688,11 +70660,6 @@ "id": "ra-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -83722,17 +70689,6 @@ "id": "ra-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-02a.", @@ -83751,17 +70707,6 @@ "id": "ra-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-02b.", @@ -83780,23 +70725,6 @@ "id": "ra-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-02c.", @@ -83955,6 +70883,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-03", + "class": "zero-padded" + }, { "name": "label", "value": "RA-3" @@ -84122,11 +71055,6 @@ "id": "ra-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -84173,11 +71101,6 @@ "id": "ra-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -84189,11 +71112,6 @@ "id": "ra-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -84205,11 +71123,6 @@ "id": "ra-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -84221,11 +71134,6 @@ "id": "ra-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -84237,11 +71145,6 @@ "id": "ra-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -84311,23 +71214,6 @@ "id": "ra-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03a.01", @@ -84346,23 +71232,6 @@ "id": "ra-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03a.02", @@ -84381,23 +71250,6 @@ "id": "ra-3_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03a.03", @@ -84424,23 +71276,6 @@ "id": "ra-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03b.", @@ -84459,17 +71294,6 @@ "id": "ra-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-03c.", @@ -84488,23 +71312,6 @@ "id": "ra-3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03d.", @@ -84523,23 +71330,6 @@ "id": "ra-3_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03e.", @@ -84558,23 +71348,6 @@ "id": "ra-3_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03f.", @@ -84690,6 +71463,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-03(01)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-3(1)" @@ -84749,11 +71527,6 @@ "id": "ra-3.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -84765,11 +71538,6 @@ "id": "ra-3.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -84799,23 +71567,6 @@ "id": "ra-3.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03(01)(a)", @@ -84834,23 +71585,6 @@ "id": "ra-3.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03(01)(b)", @@ -85001,9 +71735,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "RA-05", + "class": "zero-padded" }, { "name": "label", @@ -85144,11 +71878,6 @@ "id": "ra-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -85160,11 +71889,6 @@ "id": "ra-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -85211,11 +71935,6 @@ "id": "ra-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -85227,11 +71946,6 @@ "id": "ra-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -85243,11 +71957,6 @@ "id": "ra-5_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -85259,11 +71968,6 @@ "id": "ra-5_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -85329,7 +72033,7 @@ "value": "Guidance:" } ], - "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a \\\"warning\\\" as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on \\\"Tracking of Compliance Scans\\\" in FAQs." + "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a \u201cwarning\u201d as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on \u201cTracking of Compliance Scans\u201d in FAQs." } ] } @@ -85355,23 +72059,6 @@ "id": "ra-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05a.", @@ -85427,23 +72114,6 @@ "id": "ra-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.", @@ -85456,23 +72126,6 @@ "id": "ra-5_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.01", @@ -85491,23 +72144,6 @@ "id": "ra-5_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.02", @@ -85526,23 +72162,6 @@ "id": "ra-5_obj.b.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.03", @@ -85569,23 +72188,6 @@ "id": "ra-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05c.", @@ -85604,23 +72206,6 @@ "id": "ra-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05d.", @@ -85639,23 +72224,6 @@ "id": "ra-5_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05e.", @@ -85674,23 +72242,6 @@ "id": "ra-5_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05f.", @@ -85814,9 +72365,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "RA-05(02)", + "class": "zero-padded" }, { "name": "label", @@ -85856,13 +72407,6 @@ { "id": "ra-5.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Update the system vulnerabilities to be scanned {{ insert: param, ra-05.02_odp.01 }}." }, { @@ -85874,23 +72418,6 @@ "id": "ra-5.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(02)", @@ -85979,9 +72506,9 @@ "title": "Breadth and Depth of Coverage", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "RA-05(03)", + "class": "zero-padded" }, { "name": "label", @@ -86017,13 +72544,6 @@ { "id": "ra-5.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Define the breadth and depth of vulnerability scanning coverage." }, { @@ -86035,23 +72555,6 @@ "id": "ra-5.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(03)", @@ -86169,6 +72672,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-05(05)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5(5)" @@ -86203,13 +72711,6 @@ { "id": "ra-5.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement privileged access authorization to {{ insert: param, ra-05.05_odp.01 }} for {{ insert: param, ra-05.05_odp.02 }}." }, { @@ -86221,23 +72722,6 @@ "id": "ra-5.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(05)", @@ -86325,6 +72809,11 @@ "class": "SP800-53-enhancement", "title": "Public Disclosure Program", "props": [ + { + "name": "label", + "value": "RA-05(11)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5(11)" @@ -86359,13 +72848,6 @@ { "id": "ra-5.11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish a public reporting channel for receiving reports of vulnerabilities in organizational systems and system components." }, { @@ -86377,23 +72859,6 @@ "id": "ra-5.11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(11)", @@ -86483,6 +72948,11 @@ "class": "SP800-53", "title": "Risk Response", "props": [ + { + "name": "label", + "value": "RA-07", + "class": "zero-padded" + }, { "name": "label", "value": "RA-7" @@ -86565,13 +73035,6 @@ { "id": "ra-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Respond to findings from security and privacy assessments, monitoring, and audits in accordance with organizational risk tolerance." }, { @@ -86583,23 +73046,6 @@ "id": "ra-7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-07", @@ -86780,6 +73226,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-09", + "class": "zero-padded" + }, { "name": "label", "value": "RA-9" @@ -86853,13 +73304,6 @@ { "id": "ra-9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify critical system components and functions by performing a criticality analysis for {{ insert: param, ra-09_odp.01 }} at {{ insert: param, ra-09_odp.02 }}." }, { @@ -86871,23 +73315,6 @@ "id": "ra-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-09", @@ -87077,6 +73504,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-01", + "class": "zero-padded" + }, { "name": "label", "value": "SA-1" @@ -87152,12 +73584,6 @@ "id": "sa-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -87217,11 +73643,6 @@ "id": "sa-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -87233,12 +73654,6 @@ "id": "sa-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -87303,23 +73718,6 @@ "id": "sa-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[01]", @@ -87338,23 +73736,6 @@ "id": "sa-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[02]", @@ -87373,17 +73754,6 @@ "id": "sa-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[03]", @@ -87402,17 +73772,6 @@ "id": "sa-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[04]", @@ -87442,17 +73801,6 @@ "id": "sa-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.01(a)", @@ -87598,17 +73946,6 @@ "id": "sa-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.01(b)", @@ -87643,23 +73980,6 @@ "id": "sa-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01b.", @@ -87689,23 +74009,6 @@ "id": "sa-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01c.01", @@ -87761,23 +74064,6 @@ "id": "sa-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01c.02", @@ -87896,6 +74182,11 @@ "class": "SP800-53", "title": "Allocation of Resources", "props": [ + { + "name": "label", + "value": "SA-02", + "class": "zero-padded" + }, { "name": "label", "value": "SA-2" @@ -87967,11 +74258,6 @@ "id": "sa-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -87983,11 +74269,6 @@ "id": "sa-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -87999,11 +74280,6 @@ "id": "sa-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -88044,23 +74320,6 @@ "id": "sa-2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02a.[01]", @@ -88079,23 +74338,6 @@ "id": "sa-2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02a.[02]", @@ -88133,23 +74375,6 @@ "id": "sa-2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02b.[01]", @@ -88168,23 +74393,6 @@ "id": "sa-2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02b.[02]", @@ -88222,23 +74430,6 @@ "id": "sa-2_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02c.[01]", @@ -88257,23 +74448,6 @@ "id": "sa-2_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02c.[02]", @@ -88388,6 +74562,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-03", + "class": "zero-padded" + }, { "name": "label", "value": "SA-3" @@ -88503,11 +74682,6 @@ "id": "sa-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -88519,11 +74693,6 @@ "id": "sa-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -88535,11 +74704,6 @@ "id": "sa-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -88551,11 +74715,6 @@ "id": "sa-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -88596,23 +74755,6 @@ "id": "sa-3_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03a.[01]", @@ -88631,23 +74773,6 @@ "id": "sa-3_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03a.[02]", @@ -88685,23 +74810,6 @@ "id": "sa-3_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03b.[01]", @@ -88720,23 +74828,6 @@ "id": "sa-3_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03b.[02]", @@ -88774,23 +74865,6 @@ "id": "sa-3_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03c.[01]", @@ -88809,23 +74883,6 @@ "id": "sa-3_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03c.[02]", @@ -88863,23 +74920,6 @@ "id": "sa-3_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03d.[01]", @@ -88898,23 +74938,6 @@ "id": "sa-3_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03d.[02]", @@ -89039,6 +75062,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-04", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4" @@ -89215,11 +75243,6 @@ "id": "sa-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -89231,11 +75254,6 @@ "id": "sa-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -89247,11 +75265,6 @@ "id": "sa-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -89263,11 +75276,6 @@ "id": "sa-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -89279,11 +75287,6 @@ "id": "sa-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -89295,11 +75298,6 @@ "id": "sa-4_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -89311,11 +75309,6 @@ "id": "sa-4_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -89327,11 +75320,6 @@ "id": "sa-4_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -89343,11 +75331,6 @@ "id": "sa-4_smt.i", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "i." @@ -89417,57 +75400,6 @@ "id": "sa-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04a.[01]", @@ -89486,57 +75418,6 @@ "id": "sa-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04a.[02]", @@ -89563,23 +75444,6 @@ "id": "sa-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04b.", @@ -89708,23 +75572,6 @@ "id": "sa-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04e.", @@ -89780,23 +75627,6 @@ "id": "sa-4_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04f.", @@ -89852,23 +75682,6 @@ "id": "sa-4_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04g.", @@ -89887,23 +75700,6 @@ "id": "sa-4_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04h.", @@ -89977,23 +75773,6 @@ "id": "sa-4_obj.i", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04i.", @@ -90089,6 +75868,11 @@ "class": "SP800-53-enhancement", "title": "Functional Properties of Controls", "props": [ + { + "name": "label", + "value": "SA-04(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(1)" @@ -90123,13 +75907,6 @@ { "id": "sa-4.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require the developer of the system, system component, or system service to provide a description of the functional properties of the controls to be implemented." }, { @@ -90141,23 +75918,6 @@ "id": "sa-4.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(01)", @@ -90283,6 +76043,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-04(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(2)" @@ -90317,13 +76082,6 @@ { "id": "sa-4.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require the developer of the system, system component, or system service to provide design and implementation information for the controls that includes: {{ insert: param, sa-04.02_odp.01 }} at {{ insert: param, sa-04.02_odp.03 }}." }, { @@ -90335,23 +76093,6 @@ "id": "sa-4.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(02)", @@ -90439,6 +76180,11 @@ "class": "SP800-53-enhancement", "title": "Functions, Ports, Protocols, and Services in Use", "props": [ + { + "name": "label", + "value": "SA-04(09)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(9)" @@ -90481,13 +76227,6 @@ { "id": "sa-4.9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require the developer of the system, system component, or system service to identify the functions, ports, protocols, and services intended for organizational use." }, { @@ -90499,23 +76238,6 @@ "id": "sa-4.9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(09)", @@ -90654,6 +76376,11 @@ "class": "SP800-53-enhancement", "title": "Use of Approved PIV Products", "props": [ + { + "name": "label", + "value": "SA-04(10)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(10)" @@ -90700,13 +76427,6 @@ { "id": "sa-4.10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ only information technology products on the FIPS 201-approved products list for Personal Identity Verification (PIV) capability implemented within organizational systems." }, { @@ -90718,23 +76438,6 @@ "id": "sa-4.10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(10)", @@ -90849,6 +76552,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-05", + "class": "zero-padded" + }, { "name": "label", "value": "SA-5" @@ -90964,11 +76672,6 @@ "id": "sa-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -91015,11 +76718,6 @@ "id": "sa-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -91066,11 +76764,6 @@ "id": "sa-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -91082,11 +76775,6 @@ "id": "sa-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -91127,23 +76815,6 @@ "id": "sa-5_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.01", @@ -91228,23 +76899,6 @@ "id": "sa-5_obj.a.2-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[01]", @@ -91263,23 +76917,6 @@ "id": "sa-5_obj.a.2-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[02]", @@ -91298,23 +76935,6 @@ "id": "sa-5_obj.a.2-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[03]", @@ -91333,23 +76953,6 @@ "id": "sa-5_obj.a.2-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[04]", @@ -91376,23 +76979,6 @@ "id": "sa-5_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.03", @@ -91478,23 +77064,6 @@ "id": "sa-5_obj.b.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[01]", @@ -91513,23 +77082,6 @@ "id": "sa-5_obj.b.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[02]", @@ -91548,23 +77100,6 @@ "id": "sa-5_obj.b.1-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[03]", @@ -91583,23 +77118,6 @@ "id": "sa-5_obj.b.1-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[04]", @@ -91637,23 +77155,6 @@ "id": "sa-5_obj.b.2-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.02[01]", @@ -91672,23 +77173,6 @@ "id": "sa-5_obj.b.2-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.02[02]", @@ -91726,23 +77210,6 @@ "id": "sa-5_obj.b.3-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.03[01]", @@ -91761,23 +77228,6 @@ "id": "sa-5_obj.b.3-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.03[02]", @@ -91823,23 +77273,6 @@ "id": "sa-5_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-05c.[01]", @@ -91858,23 +77291,6 @@ "id": "sa-5_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-05c.[02]", @@ -91901,23 +77317,6 @@ "id": "sa-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-05d.", @@ -92037,6 +77436,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-08", + "class": "zero-padded" + }, { "name": "label", "value": "SA-8" @@ -92179,13 +77583,6 @@ { "id": "sa-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Apply the following systems security and privacy engineering principles in the specification, design, development, implementation, and modification of the system and system components: {{ insert: param, sa-8_prm_1 }}." }, { @@ -92208,23 +77605,6 @@ "id": "sa-8_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[01]", @@ -92243,23 +77623,6 @@ "id": "sa-8_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[02]", @@ -92278,23 +77641,6 @@ "id": "sa-8_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[03]", @@ -92313,23 +77659,6 @@ "id": "sa-8_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[04]", @@ -92348,23 +77677,6 @@ "id": "sa-8_obj-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[05]", @@ -92383,23 +77695,6 @@ "id": "sa-8_obj-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[06]", @@ -92418,23 +77713,6 @@ "id": "sa-8_obj-7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[07]", @@ -92453,23 +77731,6 @@ "id": "sa-8_obj-8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[08]", @@ -92488,23 +77749,6 @@ "id": "sa-8_obj-9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[09]", @@ -92523,23 +77767,6 @@ "id": "sa-8_obj-10", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[10]", @@ -92666,9 +77893,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SA-09", + "class": "zero-padded" }, { "name": "label", @@ -92773,11 +78000,6 @@ "id": "sa-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -92789,11 +78011,6 @@ "id": "sa-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -92805,11 +78022,6 @@ "id": "sa-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -92850,23 +78062,6 @@ "id": "sa-9_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09a.[01]", @@ -92885,23 +78080,6 @@ "id": "sa-9_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09a.[02]", @@ -92920,17 +78098,6 @@ "id": "sa-9_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-09a.[03]", @@ -92968,17 +78135,6 @@ "id": "sa-9_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-09b.[01]", @@ -92997,17 +78153,6 @@ "id": "sa-9_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-09b.[02]", @@ -93034,23 +78179,6 @@ "id": "sa-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-09c.", @@ -93157,6 +78285,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-09(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-9(1)" @@ -93208,11 +78341,6 @@ "id": "sa-9.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -93224,11 +78352,6 @@ "id": "sa-9.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -93258,23 +78381,6 @@ "id": "sa-9.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-09(01)(a)", @@ -93293,23 +78399,6 @@ "id": "sa-9.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-09(01)(b)", @@ -93421,6 +78510,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-09(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-9(2)" @@ -93463,13 +78557,6 @@ { "id": "sa-9.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require providers of the following external system services to identify the functions, ports, protocols, and other services required for the use of such services: {{ insert: param, sa-09.02_odp }}." }, { @@ -93481,23 +78568,6 @@ "id": "sa-9.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09(02)", @@ -93599,6 +78669,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-09(05)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-9(5)" @@ -93641,13 +78716,6 @@ { "id": "sa-9.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Restrict the location of {{ insert: param, sa-09.05_odp.01 }} to {{ insert: param, sa-09.05_odp.02 }} based on {{ insert: param, sa-09.05_odp.03 }}." }, { @@ -93659,23 +78727,6 @@ "id": "sa-9.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09(05)", @@ -93803,6 +78854,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-10", + "class": "zero-padded" + }, { "name": "label", "value": "SA-10" @@ -93915,11 +78971,6 @@ "id": "sa-10_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -93931,11 +78982,6 @@ "id": "sa-10_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -93947,11 +78993,6 @@ "id": "sa-10_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -93963,11 +79004,6 @@ "id": "sa-10_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -93979,11 +79015,6 @@ "id": "sa-10_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -94031,23 +79062,6 @@ "id": "sa-10_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-10a.", @@ -94066,29 +79080,6 @@ "id": "sa-10_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-10b.", @@ -94162,23 +79153,6 @@ "id": "sa-10_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-10c.", @@ -94197,23 +79171,6 @@ "id": "sa-10_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-10d.", @@ -94287,23 +79244,6 @@ "id": "sa-10_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-10e.", @@ -94486,6 +79426,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-11", + "class": "zero-padded" + }, { "name": "label", "value": "SA-11" @@ -94594,11 +79539,6 @@ "id": "sa-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -94610,11 +79550,6 @@ "id": "sa-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -94626,11 +79561,6 @@ "id": "sa-11_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -94642,11 +79572,6 @@ "id": "sa-11_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -94658,11 +79583,6 @@ "id": "sa-11_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -94703,29 +79623,6 @@ "id": "sa-11_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11a.[01]", @@ -94744,29 +79641,6 @@ "id": "sa-11_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11a.[02]", @@ -94785,29 +79659,6 @@ "id": "sa-11_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11a.[03]", @@ -94826,29 +79677,6 @@ "id": "sa-11_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11a.[04]", @@ -94875,23 +79703,6 @@ "id": "sa-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11b.", @@ -94910,23 +79721,6 @@ "id": "sa-11_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11c.", @@ -94982,23 +79776,6 @@ "id": "sa-11_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11d.", @@ -95017,23 +79794,6 @@ "id": "sa-11_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11e.", @@ -95130,9 +79890,9 @@ "title": "Static Code Analysis", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SA-11(01)", + "class": "zero-padded" }, { "name": "label", @@ -95168,13 +79928,6 @@ { "id": "sa-11.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require the developer of the system, system component, or system service to employ static code analysis tools to identify common flaws and document the results of the analysis.", "parts": [ { @@ -95206,23 +79959,6 @@ "id": "sa-11.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(01)", @@ -95411,6 +80147,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-11(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-11(2)" @@ -95463,11 +80204,6 @@ "id": "sa-11.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -95479,11 +80215,6 @@ "id": "sa-11.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -95495,11 +80226,6 @@ "id": "sa-11.2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -95511,11 +80237,6 @@ "id": "sa-11.2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -95556,23 +80277,6 @@ "id": "sa-11.2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(a)[01]", @@ -95591,23 +80295,6 @@ "id": "sa-11.2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(a)[02]", @@ -95626,23 +80313,6 @@ "id": "sa-11.2_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(a)[03]", @@ -95661,23 +80331,6 @@ "id": "sa-11.2_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(a)[04]", @@ -95715,23 +80368,6 @@ "id": "sa-11.2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(b)[01]", @@ -95750,23 +80386,6 @@ "id": "sa-11.2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(b)[02]", @@ -95785,23 +80404,6 @@ "id": "sa-11.2_obj.b-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(b)[03]", @@ -95820,23 +80422,6 @@ "id": "sa-11.2_obj.b-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(b)[04]", @@ -95874,23 +80459,6 @@ "id": "sa-11.2_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(c)[01]", @@ -95909,23 +80477,6 @@ "id": "sa-11.2_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(c)[02]", @@ -95963,23 +80514,6 @@ "id": "sa-11.2_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(d)[01]", @@ -95998,23 +80532,6 @@ "id": "sa-11.2_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(d)[02]", @@ -96033,23 +80550,6 @@ "id": "sa-11.2_obj.d-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(d)[03]", @@ -96068,23 +80568,6 @@ "id": "sa-11.2_obj.d-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(d)[04]", @@ -96233,6 +80716,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-15", + "class": "zero-padded" + }, { "name": "label", "value": "SA-15" @@ -96320,11 +80808,6 @@ "id": "sa-15_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -96382,11 +80865,6 @@ "id": "sa-15_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -96438,23 +80916,6 @@ "id": "sa-15_obj.a.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.01[01]", @@ -96473,23 +80934,6 @@ "id": "sa-15_obj.a.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.01[02]", @@ -96516,23 +80960,6 @@ "id": "sa-15_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.02", @@ -96588,23 +81015,6 @@ "id": "sa-15_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.03", @@ -96660,29 +81070,6 @@ "id": "sa-15_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.04", @@ -96720,23 +81107,6 @@ "id": "sa-15_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15b.[01]", @@ -96755,23 +81125,6 @@ "id": "sa-15_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15b.[02]", @@ -96886,6 +81239,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-15(03)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-15(3)" @@ -96930,11 +81288,6 @@ "id": "sa-15.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -96946,11 +81299,6 @@ "id": "sa-15.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -96969,23 +81317,6 @@ "id": "sa-15.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15(03)", @@ -97170,6 +81501,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-22", + "class": "zero-padded" + }, { "name": "label", "value": "SA-22" @@ -97213,11 +81549,6 @@ "id": "sa-22_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -97229,11 +81560,6 @@ "id": "sa-22_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -97263,23 +81589,6 @@ "id": "sa-22_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-22a.", @@ -97298,23 +81607,6 @@ "id": "sa-22_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-22b.", @@ -97512,6 +81804,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-01", + "class": "zero-padded" + }, { "name": "label", "value": "SC-1" @@ -97575,12 +81872,6 @@ "id": "sc-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -97640,11 +81931,6 @@ "id": "sc-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -97656,12 +81942,6 @@ "id": "sc-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -97726,23 +82006,6 @@ "id": "sc-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[01]", @@ -97761,23 +82024,6 @@ "id": "sc-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[02]", @@ -97796,17 +82042,6 @@ "id": "sc-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[03]", @@ -97825,17 +82060,6 @@ "id": "sc-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[04]", @@ -97865,17 +82089,6 @@ "id": "sc-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.01(a)", @@ -98021,17 +82234,6 @@ "id": "sc-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.01(b)", @@ -98066,23 +82268,6 @@ "id": "sc-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01b.", @@ -98112,23 +82297,6 @@ "id": "sc-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01c.01", @@ -98184,23 +82352,6 @@ "id": "sc-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01c.02", @@ -98319,6 +82470,11 @@ "class": "SP800-53", "title": "Separation of System and User Functionality", "props": [ + { + "name": "label", + "value": "SC-02", + "class": "zero-padded" + }, { "name": "label", "value": "SC-2" @@ -98381,13 +82537,6 @@ { "id": "sc-2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Separate user functionality, including user interface services, from system management functionality." }, { @@ -98399,23 +82548,6 @@ "id": "sc-2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-02", @@ -98503,6 +82635,11 @@ "class": "SP800-53", "title": "Information in Shared System Resources", "props": [ + { + "name": "label", + "value": "SC-04", + "class": "zero-padded" + }, { "name": "label", "value": "SC-4" @@ -98540,13 +82677,6 @@ { "id": "sc-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent unauthorized and unintended information transfer via shared system resources." }, { @@ -98558,23 +82688,6 @@ "id": "sc-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-04", @@ -98738,6 +82851,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-05", + "class": "zero-padded" + }, { "name": "label", "value": "SC-5" @@ -98792,11 +82910,6 @@ "id": "sc-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -98808,11 +82921,6 @@ "id": "sc-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -98842,23 +82950,6 @@ "id": "sc-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-05a.", @@ -98877,17 +82968,6 @@ "id": "sc-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-05b.", @@ -98995,9 +83075,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07", + "class": "zero-padded" }, { "name": "label", @@ -99153,11 +83233,6 @@ "id": "sc-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -99169,11 +83244,6 @@ "id": "sc-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -99185,11 +83255,6 @@ "id": "sc-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -99248,23 +83313,6 @@ "id": "sc-7_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[01]", @@ -99283,23 +83331,6 @@ "id": "sc-7_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[02]", @@ -99318,23 +83349,6 @@ "id": "sc-7_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[03]", @@ -99353,23 +83367,6 @@ "id": "sc-7_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[04]", @@ -99396,29 +83393,6 @@ "id": "sc-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07b.", @@ -99437,29 +83411,6 @@ "id": "sc-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07c.", @@ -99556,9 +83507,9 @@ "title": "Access Points", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(03)", + "class": "zero-padded" }, { "name": "label", @@ -99589,13 +83540,6 @@ { "id": "sc-7.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Limit the number of external network connections to the system." }, { @@ -99607,29 +83551,6 @@ "id": "sc-7.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(03)", @@ -99734,9 +83655,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(04)", + "class": "zero-padded" }, { "name": "label", @@ -99792,11 +83713,6 @@ "id": "sc-7.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -99808,11 +83724,6 @@ "id": "sc-7.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -99824,11 +83735,6 @@ "id": "sc-7.4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -99840,11 +83746,6 @@ "id": "sc-7.4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -99856,11 +83757,6 @@ "id": "sc-7.4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(e)" @@ -99872,11 +83768,6 @@ "id": "sc-7.4_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(f)" @@ -99888,11 +83779,6 @@ "id": "sc-7.4_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(g)" @@ -99904,11 +83790,6 @@ "id": "sc-7.4_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(h)" @@ -99938,29 +83819,6 @@ "id": "sc-7.4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(a)", @@ -99979,23 +83837,6 @@ "id": "sc-7.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(b)", @@ -100014,23 +83855,6 @@ "id": "sc-7.4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(c)", @@ -100086,23 +83910,6 @@ "id": "sc-7.4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(d)", @@ -100121,23 +83928,6 @@ "id": "sc-7.4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(e)", @@ -100193,29 +83983,6 @@ "id": "sc-7.4_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(f)", @@ -100234,29 +84001,6 @@ "id": "sc-7.4_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(g)", @@ -100275,29 +84019,6 @@ "id": "sc-7.4_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(h)", @@ -100420,9 +84141,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(05)", + "class": "zero-padded" }, { "name": "label", @@ -100453,13 +84174,6 @@ { "id": "sc-7.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Deny network communications traffic by default and allow network communications traffic by exception {{ insert: param, sc-07.05_odp.01 }}.", "parts": [ { @@ -100491,29 +84205,6 @@ "id": "sc-7.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(05)", @@ -100650,9 +84341,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(07)", + "class": "zero-padded" }, { "name": "label", @@ -100683,13 +84374,6 @@ { "id": "sc-7.7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent split tunneling for remote devices connecting to organizational systems unless the split tunnel is securely provisioned using {{ insert: param, sc-07.07_odp }}." }, { @@ -100701,29 +84385,6 @@ "id": "sc-7.7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(07)", @@ -100837,9 +84498,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(08)", + "class": "zero-padded" }, { "name": "label", @@ -100874,13 +84535,6 @@ { "id": "sc-7.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Route {{ insert: param, sc-07.08_odp.01 }} to {{ insert: param, sc-07.08_odp.02 }} through authenticated proxy servers at managed interfaces." }, { @@ -100892,29 +84546,6 @@ "id": "sc-7.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(08)", @@ -101028,9 +84659,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(12)", + "class": "zero-padded" }, { "name": "label", @@ -101061,13 +84692,6 @@ { "id": "sc-7.12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement {{ insert: param, sc-07.12_odp.01 }} at {{ insert: param, sc-07.12_odp.02 }}." }, { @@ -101079,29 +84703,6 @@ "id": "sc-7.12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(12)", @@ -101190,9 +84791,9 @@ "title": "Fail Secure", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(18)", + "class": "zero-padded" }, { "name": "label", @@ -101240,13 +84841,6 @@ { "id": "sc-7.18_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent systems from entering unsecure states in the event of an operational failure of a boundary protection device." }, { @@ -101258,29 +84852,6 @@ "id": "sc-7.18_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(18)", @@ -101388,9 +84959,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-08", + "class": "zero-padded" }, { "name": "label", @@ -101509,13 +85080,6 @@ { "id": "sc-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the {{ insert: param, sc-08_odp }} of transmitted information.", "parts": [ { @@ -101532,7 +85096,7 @@ "value": "Guidance:" } ], - "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n\n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work - e.g. log collection, scanning, etc.\n\n\n\n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters\n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information]" + "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n\n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work \u2013 e.g. log collection, scanning, etc.\n\n\n\n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters\n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information]" }, { "id": "sc-8_fr_gdn.2", @@ -101543,7 +85107,7 @@ "value": "Guidance:" } ], - "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n\n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n\n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS's Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS' recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n\n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n\n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n\n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf" + "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n\n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n\n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS\u2019s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS\u2019 recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n\n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n\n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n\n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf" } ] } @@ -101558,29 +85122,6 @@ "id": "sc-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-08", @@ -101685,6 +85226,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-8(1)" @@ -101722,13 +85268,6 @@ { "id": "sc-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to {{ insert: param, sc-08.01_odp }} during transmission.", "parts": [ { @@ -101793,29 +85332,6 @@ "id": "sc-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-08(01)", @@ -101921,6 +85437,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-10", + "class": "zero-padded" + }, { "name": "label", "value": "SC-10" @@ -101954,13 +85475,6 @@ { "id": "sc-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Terminate the network connection associated with a communications session at the end of the session or after {{ insert: param, sc-10_odp }} of inactivity." }, { @@ -101972,29 +85486,6 @@ "id": "sc-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-10", @@ -102099,9 +85590,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-12", + "class": "zero-padded" }, { "name": "label", @@ -102216,10 +85707,6 @@ "href": "#sc-11", "rel": "related" }, - { - "href": "#sc-12", - "rel": "related" - }, { "href": "#sc-13", "rel": "related" @@ -102253,13 +85740,6 @@ { "id": "sc-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: {{ insert: param, sc-12_odp }}.", "parts": [ { @@ -102313,29 +85793,6 @@ "id": "sc-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-12", @@ -102486,9 +85943,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-13", + "class": "zero-padded" }, { "name": "label", @@ -102640,11 +86097,6 @@ "id": "sc-13_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -102656,11 +86108,6 @@ "id": "sc-13_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -102752,23 +86199,6 @@ "id": "sc-13_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-13a.", @@ -102787,29 +86217,6 @@ "id": "sc-13_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-13b.", @@ -102921,6 +86328,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-15", + "class": "zero-padded" + }, { "name": "label", "value": "SC-15" @@ -102959,11 +86371,6 @@ "id": "sc-15_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -102975,11 +86382,6 @@ "id": "sc-15_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -103027,23 +86429,6 @@ "id": "sc-15_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-15a.", @@ -103062,29 +86447,6 @@ "id": "sc-15_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-15b.", @@ -103191,6 +86553,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-17", + "class": "zero-padded" + }, { "name": "label", "value": "SC-17" @@ -103258,11 +86625,6 @@ "id": "sc-17_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -103274,11 +86636,6 @@ "id": "sc-17_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -103308,23 +86665,6 @@ "id": "sc-17_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-17a.", @@ -103343,29 +86683,6 @@ "id": "sc-17_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-17b.", @@ -103461,6 +86778,11 @@ "class": "SP800-53", "title": "Mobile Code", "props": [ + { + "name": "label", + "value": "SC-18", + "class": "zero-padded" + }, { "name": "label", "value": "SC-18" @@ -103515,11 +86837,6 @@ "id": "sc-18_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -103531,11 +86848,6 @@ "id": "sc-18_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -103565,17 +86877,6 @@ "id": "sc-18_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-18a.", @@ -103667,23 +86968,6 @@ "id": "sc-18_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-18b.", @@ -103834,6 +87118,11 @@ "class": "SP800-53", "title": "Secure Name/Address Resolution Service (Authoritative Source)", "props": [ + { + "name": "label", + "value": "SC-20", + "class": "zero-padded" + }, { "name": "label", "value": "SC-20" @@ -103900,11 +87189,6 @@ "id": "sc-20_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -103916,11 +87200,6 @@ "id": "sc-20_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -104001,29 +87280,6 @@ "id": "sc-20_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-20a.", @@ -104090,29 +87346,6 @@ "id": "sc-20_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-20b.[01]", @@ -104131,29 +87364,6 @@ "id": "sc-20_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-20b.[02]", @@ -104258,9 +87468,9 @@ "title": "Secure Name/Address Resolution Service (Recursive or Caching Resolver)", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-21", + "class": "zero-padded" }, { "name": "label", @@ -104299,13 +87509,6 @@ { "id": "sc-21_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Request and perform data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources.", "parts": [ { @@ -104370,29 +87573,6 @@ "id": "sc-21_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-21", @@ -104553,6 +87733,11 @@ "class": "SP800-53", "title": "Architecture and Provisioning for Name/Address Resolution Service", "props": [ + { + "name": "label", + "value": "SC-22", + "class": "zero-padded" + }, { "name": "label", "value": "SC-22" @@ -104598,13 +87783,6 @@ { "id": "sc-22_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Ensure the systems that collectively provide name/address resolution service for an organization are fault-tolerant and implement internal and external role separation." }, { @@ -104616,29 +87794,6 @@ "id": "sc-22_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-22", @@ -104781,6 +87936,11 @@ "class": "SP800-53", "title": "Session Authenticity", "props": [ + { + "name": "label", + "value": "SC-23", + "class": "zero-padded" + }, { "name": "label", "value": "SC-23" @@ -104838,13 +87998,6 @@ { "id": "sc-23_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the authenticity of communications sessions." }, { @@ -104856,29 +88009,6 @@ "id": "sc-23_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-23", @@ -104993,9 +88123,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-28", + "class": "zero-padded" }, { "name": "label", @@ -105134,13 +88264,6 @@ { "id": "sc-28_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the {{ insert: param, sc-28_odp.01 }} of the following information at rest: {{ insert: param, sc-28_odp.02 }}.", "parts": [ { @@ -105194,29 +88317,6 @@ "id": "sc-28_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-28", @@ -105329,6 +88429,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-28(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-28(1)" @@ -105370,13 +88475,6 @@ { "id": "sc-28.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of the following information at rest on {{ insert: param, sc-28.01_odp.02 }}: {{ insert: param, sc-28.01_odp.01 }}.", "parts": [ { @@ -105408,29 +88506,6 @@ "id": "sc-28.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-28(01)", @@ -105557,6 +88632,11 @@ "class": "SP800-53", "title": "Process Isolation", "props": [ + { + "name": "label", + "value": "SC-39", + "class": "zero-padded" + }, { "name": "label", "value": "SC-39" @@ -105623,13 +88703,6 @@ { "id": "sc-39_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain a separate execution domain for each executing system process." }, { @@ -105641,29 +88714,6 @@ "id": "sc-39_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-39", @@ -105751,6 +88801,11 @@ "class": "SP800-53", "title": "System Time Synchronization", "props": [ + { + "name": "label", + "value": "SC-45", + "class": "zero-padded" + }, { "name": "label", "value": "SC-45" @@ -105796,13 +88851,6 @@ { "id": "sc-45_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Synchronize system clocks within and between systems and system components." }, { @@ -105814,29 +88862,6 @@ "id": "sc-45_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-45", @@ -105969,9 +88994,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-45(01)", + "class": "zero-padded" }, { "name": "label", @@ -106007,11 +89032,6 @@ "id": "sc-45.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -106023,11 +89043,6 @@ "id": "sc-45.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -106097,23 +89112,6 @@ "id": "sc-45.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-45(01)(a)", @@ -106132,17 +89130,6 @@ "id": "sc-45.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-45(01)(b)", @@ -106342,6 +89329,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-01", + "class": "zero-padded" + }, { "name": "label", "value": "SI-1" @@ -106405,12 +89397,6 @@ "id": "si-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -106470,11 +89456,6 @@ "id": "si-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -106486,12 +89467,6 @@ "id": "si-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -106556,23 +89531,6 @@ "id": "si-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[01]", @@ -106591,23 +89549,6 @@ "id": "si-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[02]", @@ -106626,17 +89567,6 @@ "id": "si-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[03]", @@ -106655,17 +89585,6 @@ "id": "si-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[04]", @@ -106695,17 +89614,6 @@ "id": "si-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.01(a)", @@ -106851,17 +89759,6 @@ "id": "si-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.01(b)", @@ -106896,23 +89793,6 @@ "id": "si-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01b.", @@ -106942,23 +89822,6 @@ "id": "si-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01c.01", @@ -107014,23 +89877,6 @@ "id": "si-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01c.02", @@ -107165,6 +90011,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-02", + "class": "zero-padded" + }, { "name": "label", "value": "SI-2" @@ -107283,11 +90134,6 @@ "id": "si-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -107299,11 +90145,6 @@ "id": "si-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -107315,11 +90156,6 @@ "id": "si-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -107331,11 +90167,6 @@ "id": "si-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -107365,29 +90196,6 @@ "id": "si-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-02a.", @@ -107461,23 +90269,6 @@ "id": "si-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02b.", @@ -107569,23 +90360,6 @@ "id": "si-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02c.", @@ -107641,23 +90415,6 @@ "id": "si-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02d.", @@ -107778,6 +90535,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-2(2)" @@ -107815,13 +90577,6 @@ { "id": "si-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Determine if system components have applicable security-relevant software and firmware updates installed using {{ insert: param, si-02.02_odp.01 }} {{ insert: param, si-02.02_odp.02 }}." }, { @@ -107833,29 +90588,6 @@ "id": "si-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-02(02)", @@ -107954,6 +90686,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-2(3)" @@ -107988,11 +90725,6 @@ "id": "si-2.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -108004,11 +90736,6 @@ "id": "si-2.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -108038,29 +90765,6 @@ "id": "si-2.3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-02(03)(a)", @@ -108079,23 +90783,6 @@ "id": "si-2.3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02(03)(b)", @@ -108279,9 +90966,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-03", + "class": "zero-padded" }, { "name": "label", @@ -108406,11 +91093,6 @@ "id": "si-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -108422,11 +91104,6 @@ "id": "si-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -108438,11 +91115,6 @@ "id": "si-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -108478,11 +91150,6 @@ "id": "si-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -108512,23 +91179,6 @@ "id": "si-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-03a.", @@ -108584,23 +91234,6 @@ "id": "si-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-03b.", @@ -108641,23 +91274,6 @@ "id": "si-3_obj.c.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.01[01]", @@ -108676,23 +91292,6 @@ "id": "si-3_obj.c.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.01[02]", @@ -108730,23 +91329,6 @@ "id": "si-3_obj.c.2-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.02[01]", @@ -108765,23 +91347,6 @@ "id": "si-3_obj.c.2-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.02[02]", @@ -108816,23 +91381,6 @@ "id": "si-3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03d.", @@ -108985,6 +91533,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4" @@ -109209,11 +91762,6 @@ "id": "si-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -109249,11 +91797,6 @@ "id": "si-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -109265,11 +91808,6 @@ "id": "si-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -109305,11 +91843,6 @@ "id": "si-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -109321,11 +91854,6 @@ "id": "si-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -109337,11 +91865,6 @@ "id": "si-4_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -109353,11 +91876,6 @@ "id": "si-4_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -109416,29 +91934,6 @@ "id": "si-4_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04a.01", @@ -109457,29 +91952,6 @@ "id": "si-4_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04a.02", @@ -109561,23 +92033,6 @@ "id": "si-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04b.", @@ -109607,29 +92062,6 @@ "id": "si-4_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04c.01", @@ -109648,29 +92080,6 @@ "id": "si-4_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04c.02", @@ -109697,23 +92106,6 @@ "id": "si-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04d.", @@ -109769,23 +92161,6 @@ "id": "si-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04e.", @@ -109804,23 +92179,6 @@ "id": "si-4_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04f.", @@ -109839,29 +92197,6 @@ "id": "si-4_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04g.", @@ -109958,9 +92293,9 @@ "title": "System-wide Intrusion Detection System", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(01)", + "class": "zero-padded" }, { "name": "label", @@ -110001,13 +92336,6 @@ { "id": "si-4.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Connect and configure individual intrusion detection tools into a system-wide intrusion detection system." }, { @@ -110030,23 +92358,6 @@ "id": "si-4.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(01)[01]", @@ -110065,23 +92376,6 @@ "id": "si-4.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(01)[02]", @@ -110178,9 +92472,9 @@ "title": "Automated Tools and Mechanisms for Real-time Analysis", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(02)", + "class": "zero-padded" }, { "name": "label", @@ -110224,13 +92518,6 @@ { "id": "si-4.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ automated tools and mechanisms to support near real-time analysis of events." }, { @@ -110242,29 +92529,6 @@ "id": "si-4.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(02)", @@ -110403,6 +92667,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04(04)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(4)" @@ -110442,11 +92711,6 @@ "id": "si-4.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -110458,11 +92722,6 @@ "id": "si-4.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -110492,23 +92751,6 @@ "id": "si-4.4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(04)(a)", @@ -110564,29 +92806,6 @@ "id": "si-4.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(04)(b)", @@ -110739,6 +92958,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04(05)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(5)" @@ -110785,13 +93009,6 @@ { "id": "si-4.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Alert {{ insert: param, si-04.05_odp.01 }} when the following system-generated indications of compromise or potential compromise occur: {{ insert: param, si-04.05_odp.02 }}.", "parts": [ { @@ -110823,29 +93040,6 @@ "id": "si-4.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(05)", @@ -110934,9 +93128,9 @@ "title": "Correlate Monitoring Information", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(16)", + "class": "zero-padded" }, { "name": "label", @@ -110981,13 +93175,6 @@ { "id": "si-4.16_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Correlate information from monitoring tools and mechanisms employed throughout the system." }, { @@ -110999,23 +93186,6 @@ "id": "si-4.16_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(16)", @@ -111114,6 +93284,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04(18)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(18)" @@ -111153,13 +93328,6 @@ { "id": "si-4.18_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Analyze outbound communications traffic at external interfaces to the system and at the following interior points to detect covert exfiltration of information: {{ insert: param, si-04.18_odp }}." }, { @@ -111171,23 +93339,6 @@ "id": "si-4.18_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(18)", @@ -111333,9 +93484,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(23)", + "class": "zero-padded" }, { "name": "label", @@ -111379,13 +93530,6 @@ { "id": "si-4.23_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement the following host-based monitoring mechanisms at {{ insert: param, si-04.23_odp.02 }}: {{ insert: param, si-04.23_odp.01 }}." }, { @@ -111397,29 +93541,6 @@ "id": "si-4.23_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(23)", @@ -111568,6 +93689,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-05", + "class": "zero-padded" + }, { "name": "label", "value": "SI-5" @@ -111619,11 +93745,6 @@ "id": "si-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -111635,11 +93756,6 @@ "id": "si-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -111651,11 +93767,6 @@ "id": "si-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -111667,11 +93778,6 @@ "id": "si-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -111713,29 +93819,6 @@ "id": "si-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05a.", @@ -111754,23 +93837,6 @@ "id": "si-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05b.", @@ -111789,29 +93855,6 @@ "id": "si-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05c.", @@ -111830,23 +93873,6 @@ "id": "si-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05d.", @@ -112040,9 +94066,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-06", + "class": "zero-padded" }, { "name": "label", @@ -112099,11 +94125,6 @@ "id": "si-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -112115,11 +94136,6 @@ "id": "si-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -112131,11 +94147,6 @@ "id": "si-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -112147,11 +94158,6 @@ "id": "si-6_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -112181,23 +94187,6 @@ "id": "si-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-06a.", @@ -112253,23 +94242,6 @@ "id": "si-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-06b.", @@ -112325,23 +94297,6 @@ "id": "si-6_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-06c.", @@ -112397,23 +94352,6 @@ "id": "si-6_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-06d.", @@ -112574,9 +94512,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-07", + "class": "zero-padded" }, { "name": "label", @@ -112738,11 +94676,6 @@ "id": "si-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -112754,11 +94687,6 @@ "id": "si-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -112788,23 +94716,6 @@ "id": "si-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-07a.", @@ -112878,23 +94789,6 @@ "id": "si-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-07b.", @@ -113195,9 +95089,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-07(01)", + "class": "zero-padded" }, { "name": "label", @@ -113233,13 +95127,6 @@ { "id": "si-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Perform an integrity check of {{ insert: param, si-7.1_prm_1 }} {{ insert: param, si-7.1_prm_2 }}." }, { @@ -113251,29 +95138,6 @@ "id": "si-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-07(01)", @@ -113427,6 +95291,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-07(07)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-7(7)" @@ -113481,13 +95350,6 @@ { "id": "si-7.7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Incorporate the detection of the following unauthorized changes into the organizational incident response capability: {{ insert: param, si-07.07_odp }}." }, { @@ -113499,23 +95361,6 @@ "id": "si-7.7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-07(07)", @@ -113605,6 +95450,11 @@ "class": "SP800-53", "title": "Spam Protection", "props": [ + { + "name": "label", + "value": "SI-08", + "class": "zero-padded" + }, { "name": "label", "value": "SI-8" @@ -113667,11 +95517,6 @@ "id": "si-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -113683,11 +95528,6 @@ "id": "si-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -113746,23 +95586,6 @@ "id": "si-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-08a.", @@ -113854,23 +95677,6 @@ "id": "si-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-08b.", @@ -113977,6 +95783,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-08(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-8(2)" @@ -114006,13 +95817,6 @@ { "id": "si-8.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Automatically update spam protection mechanisms {{ insert: param, si-08.02_odp }}." }, { @@ -114024,23 +95828,6 @@ "id": "si-8.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-08(02)", @@ -114142,9 +95929,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-10", + "class": "zero-padded" }, { "name": "label", @@ -114180,13 +95967,6 @@ { "id": "si-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Check the validity of the following information inputs: {{ insert: param, si-10_odp }}.", "parts": [ { @@ -114218,17 +95998,6 @@ "id": "si-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-10", @@ -114332,6 +96101,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-11", + "class": "zero-padded" + }, { "name": "label", "value": "SI-11" @@ -114382,11 +96156,6 @@ "id": "si-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -114398,11 +96167,6 @@ "id": "si-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -114432,17 +96196,6 @@ "id": "si-11_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-11a.", @@ -114461,17 +96214,6 @@ "id": "si-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-11b.", @@ -114567,6 +96309,11 @@ "class": "SP800-53", "title": "Information Management and Retention", "props": [ + { + "name": "label", + "value": "SI-12", + "class": "zero-padded" + }, { "name": "label", "value": "SI-12" @@ -114724,13 +96471,6 @@ { "id": "si-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Manage and retain information within the system and information output from the system in accordance with applicable laws, executive orders, directives, regulations, policies, standards, guidelines and operational requirements." }, { @@ -114742,23 +96482,6 @@ "id": "si-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-12", @@ -114930,6 +96653,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-16", + "class": "zero-padded" + }, { "name": "label", "value": "SI-16" @@ -114972,13 +96700,6 @@ { "id": "si-16_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement the following controls to protect the system memory from unauthorized code execution: {{ insert: param, si-16_odp }}." }, { @@ -114990,23 +96711,6 @@ "id": "si-16_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-16", @@ -115201,6 +96905,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-01", + "class": "zero-padded" + }, { "name": "label", "value": "SR-1" @@ -115288,12 +96997,6 @@ "id": "sr-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -115353,11 +97056,6 @@ "id": "sr-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -115369,12 +97067,6 @@ "id": "sr-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -115439,23 +97131,6 @@ "id": "sr-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[01]", @@ -115474,23 +97149,6 @@ "id": "sr-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[02]", @@ -115509,17 +97167,6 @@ "id": "sr-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[03]", @@ -115538,17 +97185,6 @@ "id": "sr-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[04]", @@ -115578,17 +97214,6 @@ "id": "sr-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.01(a)", @@ -115734,17 +97359,6 @@ "id": "sr-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.01(b)", @@ -115779,23 +97393,6 @@ "id": "sr-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01b.", @@ -115825,23 +97422,6 @@ "id": "sr-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01c.01", @@ -115897,23 +97477,6 @@ "id": "sr-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01c.02", @@ -116057,6 +97620,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-02", + "class": "zero-padded" + }, { "name": "label", "value": "SR-2" @@ -116188,11 +97756,6 @@ "id": "sr-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -116204,11 +97767,6 @@ "id": "sr-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -116220,11 +97778,6 @@ "id": "sr-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -116265,23 +97818,6 @@ "id": "sr-2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[01]", @@ -116300,17 +97836,6 @@ "id": "sr-2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[02]", @@ -116329,17 +97854,6 @@ "id": "sr-2_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[03]", @@ -116358,17 +97872,6 @@ "id": "sr-2_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[04]", @@ -116387,17 +97890,6 @@ "id": "sr-2_obj.a-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[05]", @@ -116416,17 +97908,6 @@ "id": "sr-2_obj.a-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[06]", @@ -116445,17 +97926,6 @@ "id": "sr-2_obj.a-7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[07]", @@ -116474,17 +97944,6 @@ "id": "sr-2_obj.a-8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[08]", @@ -116503,17 +97962,6 @@ "id": "sr-2_obj.a-9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[09]", @@ -116540,23 +97988,6 @@ "id": "sr-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-02b.", @@ -116575,23 +98006,6 @@ "id": "sr-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-02c.", @@ -116744,6 +98158,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-2(1)" @@ -116778,13 +98197,6 @@ { "id": "sr-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish a supply chain risk management team consisting of {{ insert: param, sr-02.01_odp.01 }} to lead and support the following SCRM activities: {{ insert: param, sr-02.01_odp.02 }}." }, { @@ -116796,23 +98208,6 @@ "id": "sr-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-02(01)", @@ -116929,6 +98324,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-03", + "class": "zero-padded" + }, { "name": "label", "value": "SR-3" @@ -117089,11 +98489,6 @@ "id": "sr-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -117105,11 +98500,6 @@ "id": "sr-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -117121,11 +98511,6 @@ "id": "sr-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -117184,23 +98569,6 @@ "id": "sr-3_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-03a.[01]", @@ -117219,23 +98587,6 @@ "id": "sr-3_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-03a.[02]", @@ -117262,23 +98613,6 @@ "id": "sr-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-03b.", @@ -117297,23 +98631,6 @@ "id": "sr-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-03c.", @@ -117420,6 +98737,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-05", + "class": "zero-padded" + }, { "name": "label", "value": "SR-5" @@ -117538,13 +98860,6 @@ { "id": "sr-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ the following acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks: {{ insert: param, sr-05_odp }}." }, { @@ -117556,29 +98871,6 @@ "id": "sr-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-05", @@ -117737,6 +99029,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-06", + "class": "zero-padded" + }, { "name": "label", "value": "SR-6" @@ -117827,13 +99124,6 @@ { "id": "sr-6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Assess and review the supply chain-related risks associated with suppliers or contractors and the system, system component, or system service they provide {{ insert: param, sr-06_odp }}.", "parts": [ { @@ -117865,23 +99155,6 @@ "id": "sr-6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-06", @@ -117995,6 +99268,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-08", + "class": "zero-padded" + }, { "name": "label", "value": "SR-8" @@ -118065,13 +99343,6 @@ { "id": "sr-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the {{ insert: param, sr-08_odp.01 }}.", "parts": [ { @@ -118103,23 +99374,6 @@ "id": "sr-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-08", @@ -118247,6 +99501,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-10", + "class": "zero-padded" + }, { "name": "label", "value": "SR-10" @@ -118317,13 +99576,6 @@ { "id": "sr-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Inspect the following systems or system components {{ insert: param, sr-10_odp.02 }} to detect tampering: {{ insert: param, sr-10_odp.01 }}." }, { @@ -118335,23 +99587,6 @@ "id": "sr-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-10", @@ -118470,6 +99705,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11" @@ -118529,11 +99769,6 @@ "id": "sr-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -118545,11 +99780,6 @@ "id": "sr-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -118608,23 +99838,6 @@ "id": "sr-11_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[01]", @@ -118643,23 +99856,6 @@ "id": "sr-11_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[02]", @@ -118678,23 +99874,6 @@ "id": "sr-11_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[03]", @@ -118713,23 +99892,6 @@ "id": "sr-11_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[04]", @@ -118756,23 +99918,6 @@ "id": "sr-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11b.", @@ -118879,6 +100024,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11(1)" @@ -118917,13 +100067,6 @@ { "id": "sr-11.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Train {{ insert: param, sr-11.01_odp }} to detect counterfeit system components (including hardware, software, and firmware)." }, { @@ -118935,23 +100078,6 @@ "id": "sr-11.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11(01)", @@ -119055,6 +100181,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11(2)" @@ -119105,13 +100236,6 @@ { "id": "sr-11.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain configuration control over the following system components awaiting service or repair and serviced or repaired components awaiting return to service: {{ insert: param, sr-11.02_odp }}." }, { @@ -119123,23 +100247,6 @@ "id": "sr-11.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11(02)", @@ -119286,6 +100393,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-12", + "class": "zero-padded" + }, { "name": "label", "value": "SR-12" @@ -119320,13 +100432,6 @@ { "id": "sr-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Dispose of {{ insert: param, sr-12_odp.01 }} using the following techniques and methods: {{ insert: param, sr-12_odp.02 }}." }, { @@ -119338,23 +100443,6 @@ "id": "sr-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-12", diff --git a/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog.json b/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog.json index 134d47fd0..886371c79 100644 --- a/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog.json +++ b/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog.json @@ -1,11 +1,11 @@ { "catalog": { - "uuid": "eb6bef32-6355-473b-bda6-410c70d50797", + "uuid": "1386400e-7824-43de-a156-0c0dceee1c04", "metadata": { "title": "FedRAMP Rev 5 Moderate Baseline", "published": "2023-08-31T00:00:00Z", - "last-modified": "2024-01-19T14:51:19.392491-05:00", - "version": "5.1.1+fedramp-20240111-0", + "last-modified": "2024-02-06T11:19:16.235649-05:00", + "version": "5.1.1+20231218-1", "oscal-version": "1.1.1", "links": [ { @@ -205,6 +205,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-01", + "class": "zero-padded" + }, { "name": "label", "value": "AC-1" @@ -284,12 +289,6 @@ "id": "ac-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -349,11 +348,6 @@ "id": "ac-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -365,12 +359,6 @@ "id": "ac-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -435,23 +423,6 @@ "id": "ac-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[01]", @@ -470,23 +441,6 @@ "id": "ac-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[02]", @@ -505,17 +459,6 @@ "id": "ac-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[03]", @@ -534,17 +477,6 @@ "id": "ac-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.[04]", @@ -574,17 +506,6 @@ "id": "ac-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.01(a)", @@ -730,17 +651,6 @@ "id": "ac-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-01a.01(b)", @@ -775,23 +685,6 @@ "id": "ac-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01b.", @@ -821,23 +714,6 @@ "id": "ac-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01c.01", @@ -893,23 +769,6 @@ "id": "ac-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-01c.02", @@ -1141,9 +1000,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02", + "class": "zero-padded" }, { "name": "label", @@ -1299,11 +1158,6 @@ "id": "ac-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -1315,11 +1169,6 @@ "id": "ac-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -1331,11 +1180,6 @@ "id": "ac-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -1347,11 +1191,6 @@ "id": "ac-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -1398,11 +1237,6 @@ "id": "ac-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -1414,11 +1248,6 @@ "id": "ac-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -1430,11 +1259,6 @@ "id": "ac-2_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -1446,11 +1270,6 @@ "id": "ac-2_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -1497,11 +1316,6 @@ "id": "ac-2_smt.i", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "i." @@ -1548,11 +1362,6 @@ "id": "ac-2_smt.j", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "j." @@ -1564,11 +1373,6 @@ "id": "ac-2_smt.k", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "k." @@ -1580,11 +1384,6 @@ "id": "ac-2_smt.l", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "l." @@ -1625,17 +1424,6 @@ "id": "ac-2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-02a.[01]", @@ -1654,17 +1442,6 @@ "id": "ac-2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-02a.[02]", @@ -1691,23 +1468,6 @@ "id": "ac-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02b.", @@ -1726,23 +1486,6 @@ "id": "ac-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02c.", @@ -1761,17 +1504,6 @@ "id": "ac-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-02d.", @@ -1882,23 +1614,6 @@ "id": "ac-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02e.", @@ -1917,23 +1632,6 @@ "id": "ac-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02f.", @@ -2043,23 +1741,6 @@ "id": "ac-2_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02g.", @@ -2078,23 +1759,6 @@ "id": "ac-2_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02h.", @@ -2179,23 +1843,6 @@ "id": "ac-2_obj.i.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02i.01", @@ -2214,23 +1861,6 @@ "id": "ac-2_obj.i.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02i.02", @@ -2249,23 +1879,6 @@ "id": "ac-2_obj.i.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02i.03", @@ -2292,23 +1905,6 @@ "id": "ac-2_obj.j", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02j.", @@ -2338,23 +1934,6 @@ "id": "ac-2_obj.k-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02k.[01]", @@ -2373,23 +1952,6 @@ "id": "ac-2_obj.k-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02k.[02]", @@ -2416,23 +1978,6 @@ "id": "ac-2_obj.l", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02l.", @@ -2577,9 +2122,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(01)", + "class": "zero-padded" }, { "name": "label", @@ -2610,13 +2155,6 @@ { "id": "ac-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Support the management of system accounts using {{ insert: param, ac-02.01_odp }}." }, { @@ -2628,23 +2166,6 @@ "id": "ac-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(01)", @@ -2763,9 +2284,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(02)", + "class": "zero-padded" }, { "name": "label", @@ -2796,13 +2317,6 @@ { "id": "ac-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Automatically {{ insert: param, ac-02.02_odp.01 }} temporary and emergency accounts after {{ insert: param, ac-02.02_odp.02 }}." }, { @@ -2814,17 +2328,6 @@ "id": "ac-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(02)", @@ -2943,9 +2446,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(03)", + "class": "zero-padded" }, { "name": "label", @@ -2982,11 +2485,6 @@ "id": "ac-2.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -2998,11 +2496,6 @@ "id": "ac-2.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -3014,11 +2507,6 @@ "id": "ac-2.3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -3030,11 +2518,6 @@ "id": "ac-2.3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -3104,23 +2587,6 @@ "id": "ac-2.3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(03)(a)", @@ -3139,23 +2605,6 @@ "id": "ac-2.3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(03)(b)", @@ -3174,23 +2623,6 @@ "id": "ac-2.3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(03)(c)", @@ -3209,23 +2641,6 @@ "id": "ac-2.3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(03)(d)", @@ -3322,9 +2737,9 @@ "title": "Automated Audit Actions", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(04)", + "class": "zero-padded" }, { "name": "label", @@ -3363,41 +2778,17 @@ { "id": "ac-2.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Automatically audit account creation, modification, enabling, disabling, and removal actions." }, { "id": "ac-2.4_gdn", "name": "guidance", - "prose": "Account management audit records are defined in accordance with [AU-2](#au-2) and reviewed, analyzed, and reported in accordance with [AU-6](#au-6)." + "prose": "Account management audit records are defined in accordance with [AU-02](#au-2) and reviewed, analyzed, and reported in accordance with [AU-06](#au-6)." }, { "id": "ac-2.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(04)", @@ -3593,9 +2984,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(05)", + "class": "zero-padded" }, { "name": "label", @@ -3635,13 +3026,6 @@ { "id": "ac-2.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require that users log out when {{ insert: param, ac-02.05_odp }}.", "parts": [ { @@ -3673,23 +3057,6 @@ "id": "ac-2.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(05)", @@ -3767,9 +3134,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(07)", + "class": "zero-padded" }, { "name": "label", @@ -3805,11 +3172,6 @@ "id": "ac-2.7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -3821,11 +3183,6 @@ "id": "ac-2.7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -3837,11 +3194,6 @@ "id": "ac-2.7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -3853,11 +3205,6 @@ "id": "ac-2.7_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -3887,23 +3234,6 @@ "id": "ac-2.7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(07)(a)", @@ -3922,23 +3252,6 @@ "id": "ac-2.7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(07)(b)", @@ -3957,23 +3270,6 @@ "id": "ac-2.7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(07)(c)", @@ -3992,23 +3288,6 @@ "id": "ac-2.7_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(07)(d)", @@ -4121,9 +3400,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(09)", + "class": "zero-padded" }, { "name": "label", @@ -4154,13 +3433,6 @@ { "id": "ac-2.9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Only permit the use of shared and group accounts that meet {{ insert: param, ac-02.09_odp }}.", "parts": [ { @@ -4192,23 +3464,6 @@ "id": "ac-2.9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(09)", @@ -4322,9 +3577,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(12)", + "class": "zero-padded" }, { "name": "label", @@ -4385,11 +3640,6 @@ "id": "ac-2.12_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -4401,11 +3651,6 @@ "id": "ac-2.12_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -4464,23 +3709,6 @@ "id": "ac-2.12_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(12)(a)", @@ -4499,23 +3727,6 @@ "id": "ac-2.12_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(12)(b)", @@ -4637,9 +3848,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-02(13)", + "class": "zero-padded" }, { "name": "label", @@ -4678,13 +3889,6 @@ { "id": "ac-2.13_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Disable accounts of individuals within {{ insert: param, ac-02.13_odp.01 }} of discovery of {{ insert: param, ac-02.13_odp.02 }}." }, { @@ -4696,23 +3900,6 @@ "id": "ac-2.13_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-02(13)", @@ -4803,9 +3990,9 @@ "title": "Access Enforcement", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-03", + "class": "zero-padded" }, { "name": "label", @@ -5040,13 +4227,6 @@ { "id": "ac-3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies." }, { @@ -5058,23 +4238,6 @@ "id": "ac-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-03", @@ -5173,6 +4336,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-04", + "class": "zero-padded" + }, { "name": "label", "value": "AC-4" @@ -5282,13 +4450,6 @@ { "id": "ac-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Enforce approved authorizations for controlling the flow of information within the system and between connected systems based on {{ insert: param, ac-04_odp }}." }, { @@ -5300,23 +4461,6 @@ "id": "ac-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-04", @@ -5437,6 +4581,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-04(21)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-4(21)" @@ -5475,13 +4624,6 @@ { "id": "ac-4.21_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Separate information flows logically or physically using {{ insert: param, ac-4.21_prm_1 }} to accomplish {{ insert: param, ac-04.21_odp.03 }}." }, { @@ -5493,23 +4635,6 @@ "id": "ac-4.21_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-04(21)", @@ -5647,6 +4772,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-05", + "class": "zero-padded" + }, { "name": "label", "value": "AC-5" @@ -5741,11 +4871,6 @@ "id": "ac-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -5757,11 +4882,6 @@ "id": "ac-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -5809,17 +4929,6 @@ "id": "ac-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-05a.", @@ -5838,17 +4947,6 @@ "id": "ac-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-05b.", @@ -5945,9 +5043,9 @@ "title": "Least Privilege", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06", + "class": "zero-padded" }, { "name": "label", @@ -6022,13 +5120,6 @@ { "id": "ac-6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks." }, { @@ -6040,23 +5131,6 @@ "id": "ac-6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06", @@ -6195,6 +5269,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-06(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-6(1)" @@ -6250,11 +5329,6 @@ "id": "ac-6.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -6266,11 +5340,6 @@ "id": "ac-6.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -6300,23 +5369,6 @@ "id": "ac-6.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(01)(a)", @@ -6390,23 +5442,6 @@ "id": "ac-6.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(01)(b)", @@ -6519,9 +5554,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06(02)", + "class": "zero-padded" }, { "name": "label", @@ -6568,13 +5603,6 @@ { "id": "ac-6.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require that users of system accounts (or roles) with access to {{ insert: param, ac-06.02_odp }} use non-privileged accounts or roles, when accessing nonsecurity functions.", "parts": [ { @@ -6606,23 +5634,6 @@ "id": "ac-6.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(02)", @@ -6722,9 +5733,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06(05)", + "class": "zero-padded" }, { "name": "label", @@ -6767,13 +5778,6 @@ { "id": "ac-6.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Restrict privileged accounts on the system to {{ insert: param, ac-06.05_odp }}." }, { @@ -6785,23 +5789,6 @@ "id": "ac-6.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(05)", @@ -6919,6 +5906,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-06(07)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-6(7)" @@ -6957,11 +5949,6 @@ "id": "ac-6.7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -6973,11 +5960,6 @@ "id": "ac-6.7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -7007,23 +5989,6 @@ "id": "ac-6.7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(07)(a)", @@ -7042,23 +6007,6 @@ "id": "ac-6.7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(07)(b)", @@ -7154,6 +6102,11 @@ "class": "SP800-53-enhancement", "title": "Log Use of Privileged Functions", "props": [ + { + "name": "label", + "value": "AC-06(09)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-6(9)" @@ -7195,13 +6148,6 @@ { "id": "ac-6.9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Log the execution of privileged functions." }, { @@ -7213,23 +6159,6 @@ "id": "ac-6.9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(09)", @@ -7318,9 +6247,9 @@ "title": "Prohibit Non-privileged Users from Executing Privileged Functions", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-06(10)", + "class": "zero-padded" }, { "name": "label", @@ -7351,13 +6280,6 @@ { "id": "ac-6.10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent non-privileged users from executing privileged functions." }, { @@ -7369,23 +6291,6 @@ "id": "ac-6.10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-06(10)", @@ -7535,6 +6440,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-07", + "class": "zero-padded" + }, { "name": "label", "value": "AC-7" @@ -7593,11 +6503,6 @@ "id": "ac-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -7609,11 +6514,6 @@ "id": "ac-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -7661,23 +6561,6 @@ "id": "ac-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-07a.", @@ -7696,23 +6579,6 @@ "id": "ac-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-07b.", @@ -7838,6 +6704,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-08", + "class": "zero-padded" + }, { "name": "label", "value": "AC-8" @@ -7885,11 +6756,6 @@ "id": "ac-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -7947,11 +6813,6 @@ "id": "ac-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -7963,11 +6824,6 @@ "id": "ac-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -8083,23 +6939,6 @@ "id": "ac-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.", @@ -8112,17 +6951,6 @@ "id": "ac-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.01", @@ -8141,17 +6969,6 @@ "id": "ac-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.02", @@ -8170,17 +6987,6 @@ "id": "ac-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.03", @@ -8199,17 +7005,6 @@ "id": "ac-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08a.04", @@ -8236,23 +7031,6 @@ "id": "ac-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-08b.", @@ -8271,17 +7049,6 @@ "id": "ac-8_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-08c.", @@ -8458,6 +7225,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-11", + "class": "zero-padded" + }, { "name": "label", "value": "AC-11" @@ -8504,11 +7276,6 @@ "id": "ac-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -8520,11 +7287,6 @@ "id": "ac-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -8554,23 +7316,6 @@ "id": "ac-11_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-11a.", @@ -8589,23 +7334,6 @@ "id": "ac-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-11b.", @@ -8701,6 +7429,11 @@ "class": "SP800-53-enhancement", "title": "Pattern-hiding Displays", "props": [ + { + "name": "label", + "value": "AC-11(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-11(1)" @@ -8730,13 +7463,6 @@ { "id": "ac-11.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Conceal, via the device lock, information previously visible on the display with a publicly viewable image." }, { @@ -8748,23 +7474,6 @@ "id": "ac-11.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-11(01)", @@ -8865,6 +7574,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-12", + "class": "zero-padded" + }, { "name": "label", "value": "AC-12" @@ -8902,13 +7616,6 @@ { "id": "ac-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Automatically terminate a user session after {{ insert: param, ac-12_odp }}." }, { @@ -8920,23 +7627,6 @@ "id": "ac-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-12", @@ -9035,6 +7725,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-14", + "class": "zero-padded" + }, { "name": "label", "value": "AC-14" @@ -9077,11 +7772,6 @@ "id": "ac-14_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -9093,11 +7783,6 @@ "id": "ac-14_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -9127,23 +7812,6 @@ "id": "ac-14_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-14a.", @@ -9162,17 +7830,6 @@ "id": "ac-14_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-14b.", @@ -9283,6 +7940,11 @@ "class": "SP800-53", "title": "Remote Access", "props": [ + { + "name": "label", + "value": "AC-17", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17" @@ -9413,11 +8075,6 @@ "id": "ac-17_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -9429,11 +8086,6 @@ "id": "ac-17_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -9463,23 +8115,6 @@ "id": "ac-17_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-17a.", @@ -9553,23 +8188,6 @@ "id": "ac-17_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17b.", @@ -9665,6 +8283,11 @@ "class": "SP800-53-enhancement", "title": "Monitoring and Control", "props": [ + { + "name": "label", + "value": "AC-17(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17(1)" @@ -9715,13 +8338,6 @@ { "id": "ac-17.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ automated mechanisms to monitor and control remote access methods." }, { @@ -9733,23 +8349,6 @@ "id": "ac-17.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(01)", @@ -9875,9 +8474,9 @@ "title": "Protection of Confidentiality and Integrity Using Encryption", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AC-17(02)", + "class": "zero-padded" }, { "name": "label", @@ -9920,13 +8519,6 @@ { "id": "ac-17.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to protect the confidentiality and integrity of remote access sessions." }, { @@ -9938,23 +8530,6 @@ "id": "ac-17.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(02)", @@ -10042,6 +8617,11 @@ "class": "SP800-53-enhancement", "title": "Managed Access Control Points", "props": [ + { + "name": "label", + "value": "AC-17(03)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17(3)" @@ -10075,13 +8655,6 @@ { "id": "ac-17.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Route remote accesses through authorized and managed network access control points." }, { @@ -10093,23 +8666,6 @@ "id": "ac-17.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(03)", @@ -10221,6 +8777,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-17(04)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-17(4)" @@ -10267,11 +8828,6 @@ "id": "ac-17.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -10283,11 +8839,6 @@ "id": "ac-17.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -10328,23 +8879,6 @@ "id": "ac-17.4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(a)[01]", @@ -10363,23 +8897,6 @@ "id": "ac-17.4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(a)[02]", @@ -10398,23 +8915,6 @@ "id": "ac-17.4_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(a)[03]", @@ -10433,23 +8933,6 @@ "id": "ac-17.4_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(a)[04]", @@ -10476,17 +8959,6 @@ "id": "ac-17.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AC-17(04)(b)", @@ -10584,6 +9056,11 @@ "class": "SP800-53", "title": "Wireless Access", "props": [ + { + "name": "label", + "value": "AC-18", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18" @@ -10674,11 +9151,6 @@ "id": "ac-18_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -10690,11 +9162,6 @@ "id": "ac-18_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -10724,23 +9191,6 @@ "id": "ac-18_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-18a.", @@ -10814,23 +9264,6 @@ "id": "ac-18_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18b.", @@ -10938,6 +9371,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-18(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18(1)" @@ -10979,13 +9417,6 @@ { "id": "ac-18.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect wireless access to the system using authentication of {{ insert: param, ac-18.01_odp }} and encryption." }, { @@ -11008,23 +9439,6 @@ "id": "ac-18.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18(01)[01]", @@ -11043,23 +9457,6 @@ "id": "ac-18.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18(01)[02]", @@ -11155,6 +9552,11 @@ "class": "SP800-53-enhancement", "title": "Disable Wireless Networking", "props": [ + { + "name": "label", + "value": "AC-18(03)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-18(3)" @@ -11189,13 +9591,6 @@ { "id": "ac-18.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Disable, when not intended for use, wireless networking capabilities embedded within system components prior to issuance and deployment." }, { @@ -11207,23 +9602,6 @@ "id": "ac-18.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-18(03)", @@ -11313,6 +9691,11 @@ "class": "SP800-53", "title": "Access Control for Mobile Devices", "props": [ + { + "name": "label", + "value": "AC-19", + "class": "zero-padded" + }, { "name": "label", "value": "AC-19" @@ -11439,11 +9822,6 @@ "id": "ac-19_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -11455,11 +9833,6 @@ "id": "ac-19_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -11489,23 +9862,6 @@ "id": "ac-19_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-19a.", @@ -11579,23 +9935,6 @@ "id": "ac-19_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-19b.", @@ -11711,6 +10050,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-19(05)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-19(5)" @@ -11752,13 +10096,6 @@ { "id": "ac-19.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ {{ insert: param, ac-19.05_odp.01 }} to protect the confidentiality and integrity of information on {{ insert: param, ac-19.05_odp.02 }}." }, { @@ -11770,23 +10107,6 @@ "id": "ac-19.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-19(05)", @@ -11915,6 +10235,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-20", + "class": "zero-padded" + }, { "name": "label", "value": "AC-20" @@ -11993,11 +10318,6 @@ "id": "ac-20_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -12033,11 +10353,6 @@ "id": "ac-20_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -12085,23 +10400,6 @@ "id": "ac-20_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-20a.", @@ -12157,23 +10455,6 @@ "id": "ac-20_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-20b.", @@ -12269,6 +10550,11 @@ "class": "SP800-53-enhancement", "title": "Limits on Authorized Use", "props": [ + { + "name": "label", + "value": "AC-20(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-20(1)" @@ -12308,11 +10594,6 @@ "id": "ac-20.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -12324,11 +10605,6 @@ "id": "ac-20.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -12358,23 +10634,6 @@ "id": "ac-20.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-20(01)(a)", @@ -12393,23 +10652,6 @@ "id": "ac-20.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-20(01)(b)", @@ -12516,6 +10758,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-20(02)", + "class": "zero-padded" + }, { "name": "label", "value": "AC-20(2)" @@ -12553,13 +10800,6 @@ { "id": "ac-20.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Restrict the use of organization-controlled portable storage devices by authorized individuals on external systems using {{ insert: param, ac-20.02_odp }}." }, { @@ -12571,23 +10811,6 @@ "id": "ac-20.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-20(02)", @@ -12697,6 +10920,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-21", + "class": "zero-padded" + }, { "name": "label", "value": "AC-21" @@ -12767,11 +10995,6 @@ "id": "ac-21_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -12783,11 +11006,6 @@ "id": "ac-21_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -12817,23 +11035,6 @@ "id": "ac-21_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-21a.", @@ -12852,23 +11053,6 @@ "id": "ac-21_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-21b.", @@ -12980,6 +11164,11 @@ } ], "props": [ + { + "name": "label", + "value": "AC-22", + "class": "zero-padded" + }, { "name": "label", "value": "AC-22" @@ -13030,11 +11219,6 @@ "id": "ac-22_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -13046,11 +11230,6 @@ "id": "ac-22_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -13062,11 +11241,6 @@ "id": "ac-22_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -13078,11 +11252,6 @@ "id": "ac-22_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -13112,23 +11281,6 @@ "id": "ac-22_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-22a.", @@ -13147,23 +11299,6 @@ "id": "ac-22_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AC-22b.", @@ -13182,23 +11317,6 @@ "id": "ac-22_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-22c.", @@ -13217,23 +11335,6 @@ "id": "ac-22_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AC-22d.", @@ -13468,6 +11569,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-01", + "class": "zero-padded" + }, { "name": "label", "value": "AT-1" @@ -13539,12 +11645,6 @@ "id": "at-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -13604,11 +11704,6 @@ "id": "at-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -13620,12 +11715,6 @@ "id": "at-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -13690,23 +11779,6 @@ "id": "at-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[01]", @@ -13725,23 +11797,6 @@ "id": "at-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[02]", @@ -13760,17 +11815,6 @@ "id": "at-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[03]", @@ -13789,17 +11833,6 @@ "id": "at-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.[04]", @@ -13829,17 +11862,6 @@ "id": "at-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.01(a)", @@ -13985,17 +12007,6 @@ "id": "at-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AT-01a.01(b)", @@ -14030,23 +12041,6 @@ "id": "at-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01b.", @@ -14076,23 +12070,6 @@ "id": "at-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01c.01", @@ -14148,23 +12125,6 @@ "id": "at-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-01c.02", @@ -14366,6 +12326,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-02", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2" @@ -14489,11 +12454,6 @@ "id": "at-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -14529,11 +12489,6 @@ "id": "at-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -14545,11 +12500,6 @@ "id": "at-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -14561,11 +12511,6 @@ "id": "at-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -14617,23 +12562,6 @@ "id": "at-2_obj.a.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[01]", @@ -14652,23 +12580,6 @@ "id": "at-2_obj.a.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[02]", @@ -14687,23 +12598,6 @@ "id": "at-2_obj.a.1-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[03]", @@ -14722,23 +12616,6 @@ "id": "at-2_obj.a.1-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.01[04]", @@ -14765,23 +12642,6 @@ "id": "at-2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02a.02", @@ -14845,17 +12705,6 @@ "id": "at-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AT-02b.", @@ -14874,23 +12723,6 @@ "id": "at-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02c.", @@ -14946,23 +12778,6 @@ "id": "at-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02d.", @@ -15058,6 +12873,11 @@ "class": "SP800-53-enhancement", "title": "Insider Threat", "props": [ + { + "name": "label", + "value": "AT-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2(2)" @@ -15096,13 +12916,6 @@ { "id": "at-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide literacy training on recognizing and reporting potential indicators of insider threat." }, { @@ -15114,23 +12927,6 @@ "id": "at-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02(02)", @@ -15233,6 +13029,11 @@ "class": "SP800-53-enhancement", "title": "Social Engineering and Mining", "props": [ + { + "name": "label", + "value": "AT-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "AT-2(3)" @@ -15267,13 +13068,6 @@ { "id": "at-2.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide literacy training on recognizing and reporting potential and actual instances of social engineering and social mining." }, { @@ -15285,23 +13079,6 @@ "id": "at-2.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-02(03)", @@ -15503,6 +13280,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-03", + "class": "zero-padded" + }, { "name": "label", "value": "AT-3" @@ -15638,11 +13420,6 @@ "id": "at-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -15678,11 +13455,6 @@ "id": "at-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -15694,11 +13466,6 @@ "id": "at-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -15739,23 +13506,6 @@ "id": "at-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-03a.01", @@ -15847,23 +13597,6 @@ "id": "at-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-03a.02", @@ -15927,17 +13660,6 @@ "id": "at-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AT-03b.", @@ -15993,23 +13715,6 @@ "id": "at-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-03c.", @@ -16121,6 +13826,11 @@ } ], "props": [ + { + "name": "label", + "value": "AT-04", + "class": "zero-padded" + }, { "name": "label", "value": "AT-4" @@ -16184,11 +13894,6 @@ "id": "at-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -16200,11 +13905,6 @@ "id": "at-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -16234,23 +13934,6 @@ "id": "at-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AT-04a.", @@ -16306,17 +13989,6 @@ "id": "at-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AT-04b.", @@ -16514,6 +14186,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-01", + "class": "zero-padded" + }, { "name": "label", "value": "AU-1" @@ -16577,12 +14254,6 @@ "id": "au-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -16642,11 +14313,6 @@ "id": "au-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -16658,12 +14324,6 @@ "id": "au-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -16728,23 +14388,6 @@ "id": "au-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[01]", @@ -16763,23 +14406,6 @@ "id": "au-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[02]", @@ -16798,17 +14424,6 @@ "id": "au-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[03]", @@ -16827,17 +14442,6 @@ "id": "au-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.[04]", @@ -16867,17 +14471,6 @@ "id": "au-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.01(a)", @@ -17023,17 +14616,6 @@ "id": "au-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "AU-01a.01(b)", @@ -17068,23 +14650,6 @@ "id": "au-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01b.", @@ -17114,23 +14679,6 @@ "id": "au-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01c.01", @@ -17186,23 +14734,6 @@ "id": "au-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-01c.02", @@ -17379,9 +14910,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-02", + "class": "zero-padded" }, { "name": "label", @@ -17557,11 +15088,6 @@ "id": "au-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -17573,11 +15099,6 @@ "id": "au-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -17589,11 +15110,6 @@ "id": "au-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -17605,11 +15121,6 @@ "id": "au-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -17621,11 +15132,6 @@ "id": "au-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -17684,23 +15190,6 @@ "id": "au-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02a.", @@ -17719,23 +15208,6 @@ "id": "au-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02b.", @@ -17765,23 +15237,6 @@ "id": "au-2_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02c.[01]", @@ -17800,17 +15255,6 @@ "id": "au-2_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-02c.[02]", @@ -17837,23 +15281,6 @@ "id": "au-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-02d.", @@ -17872,17 +15299,6 @@ "id": "au-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-02e.", @@ -17979,9 +15395,9 @@ "title": "Content of Audit Records", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-03", + "class": "zero-padded" }, { "name": "label", @@ -18058,11 +15474,6 @@ "id": "au-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -18074,11 +15485,6 @@ "id": "au-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -18090,11 +15496,6 @@ "id": "au-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -18106,11 +15507,6 @@ "id": "au-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -18122,11 +15518,6 @@ "id": "au-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -18138,11 +15529,6 @@ "id": "au-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -18161,23 +15547,6 @@ "id": "au-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-03", @@ -18391,9 +15760,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-03(01)", + "class": "zero-padded" }, { "name": "label", @@ -18424,13 +15793,6 @@ { "id": "au-3.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Generate audit records containing the following additional information: {{ insert: param, au-03.01_odp }}.", "parts": [ { @@ -18462,23 +15824,6 @@ "id": "au-3.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-03(01)", @@ -18580,9 +15925,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-04", + "class": "zero-padded" }, { "name": "label", @@ -18650,13 +15995,6 @@ { "id": "au-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Allocate audit log storage capacity to accommodate {{ insert: param, au-04_odp }}." }, { @@ -18668,23 +16006,6 @@ "id": "au-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-04", @@ -18807,9 +16128,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-05", + "class": "zero-padded" }, { "name": "label", @@ -18877,11 +16198,6 @@ "id": "au-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -18893,11 +16209,6 @@ "id": "au-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -18927,23 +16238,6 @@ "id": "au-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-05a.", @@ -18962,23 +16256,6 @@ "id": "au-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-05b.", @@ -19109,9 +16386,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06", + "class": "zero-padded" }, { "name": "label", @@ -19276,11 +16553,6 @@ "id": "au-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -19292,11 +16564,6 @@ "id": "au-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -19308,11 +16575,6 @@ "id": "au-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -19360,23 +16622,6 @@ "id": "au-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06a.", @@ -19395,23 +16640,6 @@ "id": "au-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06b.", @@ -19430,23 +16658,6 @@ "id": "au-6_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06c.", @@ -19532,9 +16743,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06(01)", + "class": "zero-padded" }, { "name": "label", @@ -19574,13 +16785,6 @@ { "id": "au-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Integrate audit record review, analysis, and reporting processes using {{ insert: param, au-06.01_odp }}." }, { @@ -19592,23 +16796,6 @@ "id": "au-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06(01)", @@ -19697,9 +16884,9 @@ "title": "Correlate Audit Record Repositories", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-06(03)", + "class": "zero-padded" }, { "name": "label", @@ -19743,13 +16930,6 @@ { "id": "au-6.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Analyze and correlate audit records across different repositories to gain organization-wide situational awareness." }, { @@ -19761,23 +16941,6 @@ "id": "au-6.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-06(03)", @@ -19867,6 +17030,11 @@ "class": "SP800-53", "title": "Audit Record Reduction and Report Generation", "props": [ + { + "name": "label", + "value": "AU-07", + "class": "zero-padded" + }, { "name": "label", "value": "AU-7" @@ -19955,11 +17123,6 @@ "id": "au-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -19971,11 +17134,6 @@ "id": "au-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -20005,29 +17163,6 @@ "id": "au-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-07a.", @@ -20083,23 +17218,6 @@ "id": "au-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-07b.", @@ -20243,6 +17361,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-07(01)", + "class": "zero-padded" + }, { "name": "label", "value": "AU-7(1)" @@ -20277,13 +17400,6 @@ { "id": "au-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide and implement the capability to process, sort, and search audit records for events of interest based on the following content: {{ insert: param, au-07.01_odp }}." }, { @@ -20295,23 +17411,6 @@ "id": "au-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-07(01)", @@ -20455,9 +17554,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-08", + "class": "zero-padded" }, { "name": "label", @@ -20505,11 +17604,6 @@ "id": "au-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -20521,11 +17615,6 @@ "id": "au-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -20555,23 +17644,6 @@ "id": "au-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-08a.", @@ -20590,23 +17662,6 @@ "id": "au-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-08b.", @@ -20713,6 +17768,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-09", + "class": "zero-padded" + }, { "name": "label", "value": "AU-9" @@ -20811,11 +17871,6 @@ "id": "au-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -20827,11 +17882,6 @@ "id": "au-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -20861,23 +17911,6 @@ "id": "au-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09a.", @@ -20896,23 +17929,6 @@ "id": "au-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09b.", @@ -21019,6 +18035,11 @@ } ], "props": [ + { + "name": "label", + "value": "AU-09(04)", + "class": "zero-padded" + }, { "name": "label", "value": "AU-9(4)" @@ -21052,13 +18073,6 @@ { "id": "au-9.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Authorize access to management of audit logging functionality to only {{ insert: param, au-09.04_odp }}." }, { @@ -21070,23 +18084,6 @@ "id": "au-9.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-09(04)", @@ -21193,9 +18190,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-11", + "class": "zero-padded" }, { "name": "label", @@ -21262,13 +18259,6 @@ { "id": "au-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Retain audit records for {{ insert: param, au-11_odp }} to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.", "parts": [ { @@ -21322,23 +18312,6 @@ "id": "au-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-11", @@ -21430,9 +18403,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "AU-12", + "class": "zero-padded" }, { "name": "label", @@ -21540,11 +18513,6 @@ "id": "au-12_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -21556,11 +18524,6 @@ "id": "au-12_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -21572,11 +18535,6 @@ "id": "au-12_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -21606,23 +18564,6 @@ "id": "au-12_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-12a.", @@ -21641,23 +18582,6 @@ "id": "au-12_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "AU-12b.", @@ -21676,17 +18600,6 @@ "id": "au-12_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "AU-12c.", @@ -21884,6 +18797,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-01", + "class": "zero-padded" + }, { "name": "label", "value": "CA-1" @@ -21971,12 +18889,6 @@ "id": "ca-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -22036,11 +18948,6 @@ "id": "ca-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -22052,12 +18959,6 @@ "id": "ca-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -22122,23 +19023,6 @@ "id": "ca-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[01]", @@ -22157,23 +19041,6 @@ "id": "ca-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[02]", @@ -22192,17 +19059,6 @@ "id": "ca-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[03]", @@ -22221,17 +19077,6 @@ "id": "ca-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.[04]", @@ -22261,17 +19106,6 @@ "id": "ca-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.01(a)", @@ -22417,17 +19251,6 @@ "id": "ca-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-01a.01(b)", @@ -22462,23 +19285,6 @@ "id": "ca-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01b.", @@ -22508,23 +19314,6 @@ "id": "ca-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01c.01", @@ -22580,23 +19369,6 @@ "id": "ca-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-01c.02", @@ -22745,6 +19517,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-02", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2" @@ -22872,11 +19649,6 @@ "id": "ca-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -22888,11 +19660,6 @@ "id": "ca-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -22939,11 +19706,6 @@ "id": "ca-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -22955,11 +19717,6 @@ "id": "ca-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -22971,11 +19728,6 @@ "id": "ca-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -22987,11 +19739,6 @@ "id": "ca-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -23039,17 +19786,6 @@ "id": "ca-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-02a.", @@ -23079,23 +19815,6 @@ "id": "ca-2_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02b.01", @@ -23114,23 +19833,6 @@ "id": "ca-2_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02b.02", @@ -23149,23 +19851,6 @@ "id": "ca-2_obj.b.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02b.03", @@ -23247,23 +19932,6 @@ "id": "ca-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02c.", @@ -23282,23 +19950,6 @@ "id": "ca-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02d.", @@ -23354,17 +20005,6 @@ "id": "ca-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-02e.", @@ -23383,17 +20023,6 @@ "id": "ca-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-02f.", @@ -23489,6 +20118,11 @@ "class": "SP800-53-enhancement", "title": "Independent Assessors", "props": [ + { + "name": "label", + "value": "CA-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2(1)" @@ -23523,13 +20157,6 @@ { "id": "ca-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ independent assessors or assessment teams to conduct control assessments.", "parts": [ { @@ -23561,23 +20188,6 @@ "id": "ca-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02(01)", @@ -23682,6 +20292,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-2(3)" @@ -23720,13 +20335,6 @@ { "id": "ca-2.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Leverage the results of control assessments performed by {{ insert: param, ca-02.03_odp.01 }} on {{ insert: param, ca-02.03_odp.02 }} when the assessment meets {{ insert: param, ca-02.03_odp.03 }}." }, { @@ -23738,23 +20346,6 @@ "id": "ca-2.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-02(03)", @@ -23862,6 +20453,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-03", + "class": "zero-padded" + }, { "name": "label", "value": "CA-3" @@ -23957,11 +20553,6 @@ "id": "ca-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -23973,11 +20564,6 @@ "id": "ca-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -23989,11 +20575,6 @@ "id": "ca-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -24023,23 +20604,6 @@ "id": "ca-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-03a.", @@ -24058,17 +20622,6 @@ "id": "ca-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-03b.", @@ -24196,23 +20749,6 @@ "id": "ca-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-03c.", @@ -24302,6 +20838,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-05", + "class": "zero-padded" + }, { "name": "label", "value": "CA-5" @@ -24373,11 +20914,6 @@ "id": "ca-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -24389,11 +20925,6 @@ "id": "ca-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -24452,23 +20983,6 @@ "id": "ca-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-05a.", @@ -24487,23 +21001,6 @@ "id": "ca-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-05b.", @@ -24615,6 +21112,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-06", + "class": "zero-padded" + }, { "name": "label", "value": "CA-6" @@ -24694,11 +21196,6 @@ "id": "ca-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -24710,11 +21207,6 @@ "id": "ca-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -24726,11 +21218,6 @@ "id": "ca-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -24766,11 +21253,6 @@ "id": "ca-6_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -24782,11 +21264,6 @@ "id": "ca-6_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -24834,23 +21311,6 @@ "id": "ca-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06a.", @@ -24869,23 +21329,6 @@ "id": "ca-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06b.", @@ -24915,23 +21358,6 @@ "id": "ca-6_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06c.01", @@ -24950,23 +21376,6 @@ "id": "ca-6_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06c.02", @@ -24993,23 +21402,6 @@ "id": "ca-6_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-06d.", @@ -25028,17 +21420,6 @@ "id": "ca-6_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-06e.", @@ -25212,6 +21593,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-07", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7" @@ -25484,11 +21870,6 @@ "id": "ca-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -25500,11 +21881,6 @@ "id": "ca-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -25516,11 +21892,6 @@ "id": "ca-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -25532,11 +21903,6 @@ "id": "ca-7_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -25548,11 +21914,6 @@ "id": "ca-7_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -25564,11 +21925,6 @@ "id": "ca-7_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -25580,11 +21936,6 @@ "id": "ca-7_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -25654,23 +22005,6 @@ "id": "ca-7_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07[01]", @@ -25689,23 +22023,6 @@ "id": "ca-7_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07[02]", @@ -25724,23 +22041,6 @@ "id": "ca-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07a.", @@ -25759,23 +22059,6 @@ "id": "ca-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07b.", @@ -25831,23 +22114,6 @@ "id": "ca-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07c.", @@ -25866,23 +22132,6 @@ "id": "ca-7_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07d.", @@ -25901,23 +22150,6 @@ "id": "ca-7_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07e.", @@ -25936,23 +22168,6 @@ "id": "ca-7_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07f.", @@ -25971,23 +22186,6 @@ "id": "ca-7_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07g.", @@ -26120,6 +22318,11 @@ "class": "SP800-53-enhancement", "title": "Independent Assessment", "props": [ + { + "name": "label", + "value": "CA-07(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7(1)" @@ -26154,13 +22357,6 @@ { "id": "ca-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ independent assessors or assessment teams to monitor the controls in the system on an ongoing basis." }, { @@ -26172,23 +22368,6 @@ "id": "ca-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(01)", @@ -26254,6 +22433,11 @@ "class": "SP800-53-enhancement", "title": "Risk Monitoring", "props": [ + { + "name": "label", + "value": "CA-07(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-7(4)" @@ -26299,11 +22483,6 @@ "id": "ca-7.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -26315,11 +22494,6 @@ "id": "ca-7.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -26331,11 +22505,6 @@ "id": "ca-7.4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -26354,23 +22523,6 @@ "id": "ca-7.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)", @@ -26383,23 +22535,6 @@ "id": "ca-7.4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)(a)", @@ -26418,23 +22553,6 @@ "id": "ca-7.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)(b)", @@ -26453,23 +22571,6 @@ "id": "ca-7.4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-07(04)(c)", @@ -26592,6 +22693,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-08", + "class": "zero-padded" + }, { "name": "label", "value": "CA-8" @@ -26642,13 +22748,6 @@ { "id": "ca-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Conduct penetration testing {{ insert: param, ca-08_odp.01 }} on {{ insert: param, ca-08_odp.02 }}.", "parts": [ { @@ -26680,23 +22779,6 @@ "id": "ca-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-08", @@ -26784,6 +22866,11 @@ "class": "SP800-53-enhancement", "title": "Independent Penetration Testing Agent or Team", "props": [ + { + "name": "label", + "value": "CA-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CA-8(1)" @@ -26822,13 +22909,6 @@ { "id": "ca-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ an independent penetration testing agent or team to perform penetration testing on the system or system components." }, { @@ -26840,23 +22920,6 @@ "id": "ca-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-08(01)", @@ -26934,9 +22997,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CA-08(02)", + "class": "zero-padded" }, { "name": "label", @@ -26972,19 +23035,12 @@ { "id": "ca-8.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ the following red-team exercises to simulate attempts by adversaries to compromise organizational systems in accordance with applicable rules of engagement: {{ insert: param, ca-08.02_odp }}.", "parts": [ { "id": "ca-8.2_fr", "name": "item", - "title": "CA-8(2) Additional FedRAMP Requirements and Guidance", + "title": "CM-2 Additional FedRAMP Requirements and Guidance", "parts": [ { "id": "ca-8.2_fr_gdn.1", @@ -27010,23 +23066,6 @@ "id": "ca-8.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-08(02)", @@ -27150,6 +23189,11 @@ } ], "props": [ + { + "name": "label", + "value": "CA-09", + "class": "zero-padded" + }, { "name": "label", "value": "CA-9" @@ -27225,11 +23269,6 @@ "id": "ca-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -27241,11 +23280,6 @@ "id": "ca-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -27257,11 +23291,6 @@ "id": "ca-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -27273,11 +23302,6 @@ "id": "ca-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -27307,23 +23331,6 @@ "id": "ca-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-09a.", @@ -27342,17 +23349,6 @@ "id": "ca-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CA-09b.", @@ -27444,23 +23440,6 @@ "id": "ca-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-09c.", @@ -27479,23 +23458,6 @@ "id": "ca-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CA-09d.", @@ -27693,6 +23655,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-01", + "class": "zero-padded" + }, { "name": "label", "value": "CM-1" @@ -27764,12 +23731,6 @@ "id": "cm-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -27829,11 +23790,6 @@ "id": "cm-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -27845,12 +23801,6 @@ "id": "cm-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -27915,23 +23865,6 @@ "id": "cm-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[01]", @@ -27950,23 +23883,6 @@ "id": "cm-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[02]", @@ -27985,17 +23901,6 @@ "id": "cm-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[03]", @@ -28014,17 +23919,6 @@ "id": "cm-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.[04]", @@ -28054,17 +23948,6 @@ "id": "cm-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.01(a)", @@ -28210,17 +24093,6 @@ "id": "cm-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-01a.01(b)", @@ -28255,23 +24127,6 @@ "id": "cm-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01b.", @@ -28301,23 +24156,6 @@ "id": "cm-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01c.01", @@ -28373,23 +24211,6 @@ "id": "cm-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-01c.02", @@ -28538,6 +24359,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2" @@ -28657,11 +24483,6 @@ "id": "cm-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -28673,11 +24494,6 @@ "id": "cm-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -28760,17 +24576,6 @@ "id": "cm-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-02a.", @@ -28837,23 +24642,6 @@ "id": "cm-2_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02b.01", @@ -28872,23 +24660,6 @@ "id": "cm-2_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02b.02", @@ -28907,23 +24678,6 @@ "id": "cm-2_obj.b.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02b.03", @@ -29038,6 +24792,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2(2)" @@ -29084,13 +24843,6 @@ { "id": "cm-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain the currency, completeness, accuracy, and availability of the baseline configuration of the system using {{ insert: param, cm-02.02_odp }}." }, { @@ -29102,23 +24854,6 @@ "id": "cm-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02(02)", @@ -29290,6 +25025,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2(3)" @@ -29324,13 +25064,6 @@ { "id": "cm-2.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Retain {{ insert: param, cm-02.03_odp }} of previous versions of baseline configurations of the system to support rollback." }, { @@ -29342,17 +25075,6 @@ "id": "cm-2.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-02(03)", @@ -29469,6 +25191,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-02(07)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-2(7)" @@ -29516,11 +25243,6 @@ "id": "cm-2.7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -29532,11 +25254,6 @@ "id": "cm-2.7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -29566,23 +25283,6 @@ "id": "cm-2.7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02(07)(a)", @@ -29601,23 +25301,6 @@ "id": "cm-2.7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-02(07)(b)", @@ -29763,6 +25446,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-03", + "class": "zero-padded" + }, { "name": "label", "value": "CM-3" @@ -29902,11 +25590,6 @@ "id": "cm-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -29918,11 +25601,6 @@ "id": "cm-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -29934,11 +25612,6 @@ "id": "cm-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -29950,11 +25623,6 @@ "id": "cm-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -29966,11 +25634,6 @@ "id": "cm-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -29982,11 +25645,6 @@ "id": "cm-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -29998,11 +25656,6 @@ "id": "cm-3_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -30061,23 +25714,6 @@ "id": "cm-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03a.", @@ -30096,23 +25732,6 @@ "id": "cm-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03b.", @@ -30168,23 +25787,6 @@ "id": "cm-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03c.", @@ -30203,17 +25805,6 @@ "id": "cm-3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-03d.", @@ -30232,17 +25823,6 @@ "id": "cm-3_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-03e.", @@ -30261,23 +25841,6 @@ "id": "cm-3_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03f.", @@ -30344,23 +25907,6 @@ "id": "cm-3_obj.g-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03g.[01]", @@ -30379,23 +25925,6 @@ "id": "cm-3_obj.g-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03g.[02]", @@ -30499,6 +26028,11 @@ "class": "SP800-53-enhancement", "title": "Testing, Validation, and Documentation of Changes", "props": [ + { + "name": "label", + "value": "CM-03(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-3(2)" @@ -30533,13 +26067,6 @@ { "id": "cm-3.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Test, validate, and document changes to the system before finalizing the implementation of the changes." }, { @@ -30551,23 +26078,6 @@ "id": "cm-3.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(02)", @@ -30748,6 +26258,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-03(04)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-3(4)" @@ -30777,13 +26292,6 @@ { "id": "cm-3.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require {{ insert: param, cm-3.4_prm_1 }} to be members of the {{ insert: param, cm-03.04_odp.03 }}." }, { @@ -30795,23 +26303,6 @@ "id": "cm-3.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-03(04)", @@ -30938,6 +26429,11 @@ "class": "SP800-53", "title": "Impact Analyses", "props": [ + { + "name": "label", + "value": "CM-04", + "class": "zero-padded" + }, { "name": "label", "value": "CM-4" @@ -31020,13 +26516,6 @@ { "id": "cm-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Analyze changes to the system to determine potential security and privacy impacts prior to change implementation." }, { @@ -31038,23 +26527,6 @@ "id": "cm-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04", @@ -31179,6 +26651,11 @@ "class": "SP800-53-enhancement", "title": "Verification of Controls", "props": [ + { + "name": "label", + "value": "CM-04(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-4(2)" @@ -31225,13 +26702,6 @@ { "id": "cm-4.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "After system changes, verify that the impacted controls are implemented correctly, operating as intended, and producing the desired outcome with regard to meeting the security and privacy requirements for the system." }, { @@ -31243,23 +26713,6 @@ "id": "cm-4.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-04(02)", @@ -31459,9 +26912,9 @@ "title": "Access Restrictions for Change", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-05", + "class": "zero-padded" }, { "name": "label", @@ -31536,13 +26989,6 @@ { "id": "cm-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system." }, { @@ -31554,23 +27000,6 @@ "id": "cm-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-05", @@ -31778,6 +27207,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-5(1)" @@ -31840,11 +27274,6 @@ "id": "cm-5.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -31856,11 +27285,6 @@ "id": "cm-5.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -31890,17 +27314,6 @@ "id": "cm-5.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-05(01)(a)", @@ -31919,23 +27332,6 @@ "id": "cm-5.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-05(01)(b)", @@ -32060,6 +27456,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-05(05)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-5(5)" @@ -32098,11 +27499,6 @@ "id": "cm-5.5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -32114,11 +27510,6 @@ "id": "cm-5.5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -32148,17 +27539,6 @@ "id": "cm-5.5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-05(05)(a)", @@ -32214,23 +27594,6 @@ "id": "cm-5.5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-05(05)(b)", @@ -32395,9 +27758,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-06", + "class": "zero-padded" }, { "name": "label", @@ -32570,11 +27933,6 @@ "id": "cm-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -32586,11 +27944,6 @@ "id": "cm-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -32602,11 +27955,6 @@ "id": "cm-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -32618,11 +27966,6 @@ "id": "cm-6_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -32666,7 +28009,7 @@ "value": "Guidance:" } ], - "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP's Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." + "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP’s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." } ] } @@ -32692,17 +28035,6 @@ "id": "cm-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-06a.", @@ -32721,23 +28053,6 @@ "id": "cm-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06b.", @@ -32756,23 +28071,6 @@ "id": "cm-6_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06c.", @@ -32828,23 +28126,6 @@ "id": "cm-6_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-06d.", @@ -33020,9 +28301,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-06(01)", + "class": "zero-padded" }, { "name": "label", @@ -33057,13 +28338,6 @@ { "id": "cm-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Manage, apply, and verify configuration settings for {{ insert: param, cm-06.01_odp.01 }} using {{ insert: param, cm-6.1_prm_2 }}." }, { @@ -33075,17 +28349,6 @@ "id": "cm-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-06(01)", @@ -33291,9 +28554,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-07", + "class": "zero-padded" }, { "name": "label", @@ -33418,11 +28681,6 @@ "id": "cm-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -33434,11 +28692,6 @@ "id": "cm-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -33486,23 +28739,6 @@ "id": "cm-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07a.", @@ -33521,17 +28757,6 @@ "id": "cm-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-07b.", @@ -33784,9 +29009,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-07(01)", + "class": "zero-padded" }, { "name": "label", @@ -33831,11 +29056,6 @@ "id": "cm-7.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -33847,11 +29067,6 @@ "id": "cm-7.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -33881,23 +29096,6 @@ "id": "cm-7.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(01)(a)", @@ -33916,23 +29114,6 @@ "id": "cm-7.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(01)(b)", @@ -34141,9 +29322,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-07(02)", + "class": "zero-padded" }, { "name": "label", @@ -34194,13 +29375,6 @@ { "id": "cm-7.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent program execution in accordance with {{ insert: param, cm-07.02_odp.01 }}.", "parts": [ { @@ -34232,17 +29406,6 @@ "id": "cm-7.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(02)", @@ -34356,9 +29519,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-07(05)", + "class": "zero-padded" }, { "name": "label", @@ -34435,11 +29598,6 @@ "id": "cm-7.5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -34451,11 +29609,6 @@ "id": "cm-7.5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -34467,11 +29620,6 @@ "id": "cm-7.5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -34501,23 +29649,6 @@ "id": "cm-7.5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(05)(a)", @@ -34536,17 +29667,6 @@ "id": "cm-7.5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(05)(b)", @@ -34565,23 +29685,6 @@ "id": "cm-7.5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-07(05)(c)", @@ -34705,9 +29808,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CM-08", + "class": "zero-padded" }, { "name": "label", @@ -34840,11 +29943,6 @@ "id": "cm-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -34913,11 +30011,6 @@ "id": "cm-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -34976,23 +30069,6 @@ "id": "cm-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.01", @@ -35011,23 +30087,6 @@ "id": "cm-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.02", @@ -35046,23 +30105,6 @@ "id": "cm-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.03", @@ -35081,23 +30123,6 @@ "id": "cm-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.04", @@ -35116,23 +30141,6 @@ "id": "cm-8_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08a.05", @@ -35159,23 +30167,6 @@ "id": "cm-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08b.", @@ -35271,6 +30262,11 @@ "class": "SP800-53-enhancement", "title": "Updates During Installation and Removal", "props": [ + { + "name": "label", + "value": "CM-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-8(1)" @@ -35309,13 +30305,6 @@ { "id": "cm-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Update the inventory of system components as part of component installations, removals, and system updates." }, { @@ -35327,23 +30316,6 @@ "id": "cm-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-08(01)", @@ -35558,6 +30530,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-08(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-8(3)" @@ -35633,11 +30610,6 @@ "id": "cm-8.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -35649,11 +30621,6 @@ "id": "cm-8.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -35683,17 +30650,6 @@ "id": "cm-8.3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-08(03)(a)", @@ -35767,17 +30723,6 @@ "id": "cm-8.3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-08(03)(b)", @@ -35941,6 +30886,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-09", + "class": "zero-padded" + }, { "name": "label", "value": "CM-9" @@ -36012,11 +30962,6 @@ "id": "cm-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -36028,11 +30973,6 @@ "id": "cm-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -36044,11 +30984,6 @@ "id": "cm-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -36060,11 +30995,6 @@ "id": "cm-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -36076,11 +31006,6 @@ "id": "cm-9_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -36110,17 +31035,6 @@ "id": "cm-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09", @@ -36168,17 +31082,6 @@ "id": "cm-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09a.", @@ -36263,23 +31166,6 @@ "id": "cm-9_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-09b.[01]", @@ -36298,17 +31184,6 @@ "id": "cm-9_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09b.[02]", @@ -36346,17 +31221,6 @@ "id": "cm-9_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09c.[01]", @@ -36375,17 +31239,6 @@ "id": "cm-9_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CM-09c.[02]", @@ -36412,23 +31265,6 @@ "id": "cm-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-09d.", @@ -36447,17 +31283,6 @@ "id": "cm-9_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-09e.", @@ -36590,6 +31415,11 @@ "class": "SP800-53", "title": "Software Usage Restrictions", "props": [ + { + "name": "label", + "value": "CM-10", + "class": "zero-padded" + }, { "name": "label", "value": "CM-10" @@ -36644,11 +31474,6 @@ "id": "cm-10_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -36660,11 +31485,6 @@ "id": "cm-10_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -36676,11 +31496,6 @@ "id": "cm-10_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -36710,23 +31525,6 @@ "id": "cm-10_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-10a.", @@ -36745,23 +31543,6 @@ "id": "cm-10_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-10b.", @@ -36780,23 +31561,6 @@ "id": "cm-10_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-10c.", @@ -36926,6 +31690,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-11", + "class": "zero-padded" + }, { "name": "label", "value": "CM-11" @@ -37000,11 +31769,6 @@ "id": "cm-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -37016,11 +31780,6 @@ "id": "cm-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -37032,11 +31791,6 @@ "id": "cm-11_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -37066,23 +31820,6 @@ "id": "cm-11_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-11a.", @@ -37101,23 +31838,6 @@ "id": "cm-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-11b.", @@ -37136,17 +31856,6 @@ "id": "cm-11_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-11c.", @@ -37253,6 +31962,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-12", + "class": "zero-padded" + }, { "name": "label", "value": "CM-12" @@ -37364,11 +32078,6 @@ "id": "cm-12_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -37380,11 +32089,6 @@ "id": "cm-12_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -37396,11 +32100,6 @@ "id": "cm-12_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -37459,23 +32158,6 @@ "id": "cm-12_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12a.[01]", @@ -37494,23 +32176,6 @@ "id": "cm-12_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12a.[02]", @@ -37529,23 +32194,6 @@ "id": "cm-12_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12a.[03]", @@ -37572,23 +32220,6 @@ "id": "cm-12_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12b.", @@ -37644,23 +32275,6 @@ "id": "cm-12_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CM-12c.", @@ -37818,6 +32432,11 @@ } ], "props": [ + { + "name": "label", + "value": "CM-12(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CM-12(1)" @@ -37852,13 +32471,6 @@ { "id": "cm-12.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Use automated tools to identify {{ insert: param, cm-12.01_odp.01 }} on {{ insert: param, cm-12.01_odp.02 }} to ensure controls are in place to protect organizational information and individual privacy.", "parts": [ { @@ -37890,17 +32502,6 @@ "id": "cm-12.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CM-12(01)", @@ -38092,6 +32693,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-01", + "class": "zero-padded" + }, { "name": "label", "value": "CP-1" @@ -38163,12 +32769,6 @@ "id": "cp-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -38228,11 +32828,6 @@ "id": "cp-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -38244,12 +32839,6 @@ "id": "cp-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -38314,23 +32903,6 @@ "id": "cp-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[01]", @@ -38349,23 +32921,6 @@ "id": "cp-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[02]", @@ -38384,17 +32939,6 @@ "id": "cp-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[03]", @@ -38413,17 +32957,6 @@ "id": "cp-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.[04]", @@ -38453,17 +32986,6 @@ "id": "cp-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.01(a)", @@ -38609,17 +33131,6 @@ "id": "cp-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-01a.01(b)", @@ -38654,23 +33165,6 @@ "id": "cp-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01b.", @@ -38700,23 +33194,6 @@ "id": "cp-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01c.01", @@ -38772,23 +33249,6 @@ "id": "cp-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-01c.02", @@ -38989,6 +33449,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-02", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2" @@ -39127,11 +33592,6 @@ "id": "cp-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -39222,11 +33682,6 @@ "id": "cp-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -39238,11 +33693,6 @@ "id": "cp-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -39254,11 +33704,6 @@ "id": "cp-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -39270,11 +33715,6 @@ "id": "cp-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -39286,11 +33726,6 @@ "id": "cp-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -39302,11 +33737,6 @@ "id": "cp-2_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -39318,11 +33748,6 @@ "id": "cp-2_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -39392,17 +33817,6 @@ "id": "cp-2_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.01", @@ -39421,17 +33835,6 @@ "id": "cp-2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.02", @@ -39505,17 +33908,6 @@ "id": "cp-2_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.03", @@ -39589,17 +33981,6 @@ "id": "cp-2_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.04", @@ -39618,17 +33999,6 @@ "id": "cp-2_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.05", @@ -39647,17 +34017,6 @@ "id": "cp-2_obj.a.6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.06", @@ -39676,17 +34035,6 @@ "id": "cp-2_obj.a.7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "CP-02a.07", @@ -39761,23 +34109,6 @@ "id": "cp-2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02b.[01]", @@ -39796,23 +34127,6 @@ "id": "cp-2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02b.[02]", @@ -39839,23 +34153,6 @@ "id": "cp-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02c.", @@ -39874,23 +34171,6 @@ "id": "cp-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02d.", @@ -39920,23 +34200,6 @@ "id": "cp-2_obj.e-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02e.[01]", @@ -39955,23 +34218,6 @@ "id": "cp-2_obj.e-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02e.[02]", @@ -39998,23 +34244,6 @@ "id": "cp-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02f.", @@ -40070,23 +34299,6 @@ "id": "cp-2_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02g.", @@ -40142,29 +34354,6 @@ "id": "cp-2_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-02h.", @@ -40297,6 +34486,11 @@ "class": "SP800-53-enhancement", "title": "Coordinate with Related Plans", "props": [ + { + "name": "label", + "value": "CP-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2(1)" @@ -40326,13 +34520,6 @@ { "id": "cp-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Coordinate contingency plan development with organizational elements responsible for related plans." }, { @@ -40344,23 +34531,6 @@ "id": "cp-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02(01)", @@ -40456,6 +34626,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2(3)" @@ -40485,13 +34660,6 @@ { "id": "cp-2.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Plan for the resumption of {{ insert: param, cp-02.03_odp.01 }} mission and business functions within {{ insert: param, cp-02.03_odp.02 }} of contingency plan activation." }, { @@ -40503,23 +34671,6 @@ "id": "cp-2.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02(03)", @@ -40618,6 +34769,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-02(08)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-2(8)" @@ -40655,13 +34811,6 @@ { "id": "cp-2.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify critical system assets supporting {{ insert: param, cp-02.08_odp }} mission and business functions." }, { @@ -40673,23 +34822,6 @@ "id": "cp-2.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-02(08)", @@ -40810,6 +34942,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-03", + "class": "zero-padded" + }, { "name": "label", "value": "CP-3" @@ -40885,11 +35022,6 @@ "id": "cp-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -40936,11 +35068,6 @@ "id": "cp-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -40999,23 +35126,6 @@ "id": "cp-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-03a.01", @@ -41034,23 +35144,6 @@ "id": "cp-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03a.02", @@ -41069,23 +35162,6 @@ "id": "cp-3_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03a.03", @@ -41123,23 +35199,6 @@ "id": "cp-3_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03b.[01]", @@ -41158,23 +35217,6 @@ "id": "cp-3_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-03b.[02]", @@ -41322,9 +35364,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "CP-04", + "class": "zero-padded" }, { "name": "label", @@ -41417,11 +35459,6 @@ "id": "cp-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -41433,11 +35470,6 @@ "id": "cp-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -41449,11 +35481,6 @@ "id": "cp-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -41523,29 +35550,6 @@ "id": "cp-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04a.[01]", @@ -41564,29 +35568,6 @@ "id": "cp-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04a.[02]", @@ -41605,29 +35586,6 @@ "id": "cp-4_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04a.[03]", @@ -41654,23 +35612,6 @@ "id": "cp-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04b.", @@ -41689,23 +35630,6 @@ "id": "cp-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04c.", @@ -41801,6 +35725,11 @@ "class": "SP800-53-enhancement", "title": "Coordinate with Related Plans", "props": [ + { + "name": "label", + "value": "CP-04(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-4(1)" @@ -41843,13 +35772,6 @@ { "id": "cp-4.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Coordinate contingency plan testing with organizational elements responsible for related plans." }, { @@ -41861,29 +35783,6 @@ "id": "cp-4.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-04(01)", @@ -41951,6 +35850,11 @@ "class": "SP800-53", "title": "Alternate Storage Site", "props": [ + { + "name": "label", + "value": "CP-06", + "class": "zero-padded" + }, { "name": "label", "value": "CP-6" @@ -42025,11 +35929,6 @@ "id": "cp-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -42041,11 +35940,6 @@ "id": "cp-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -42086,29 +35980,6 @@ "id": "cp-6_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-06a.[01]", @@ -42127,29 +35998,6 @@ "id": "cp-6_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-06a.[02]", @@ -42176,29 +36024,6 @@ "id": "cp-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-06b.", @@ -42294,6 +36119,11 @@ "class": "SP800-53-enhancement", "title": "Separation from Primary Site", "props": [ + { + "name": "label", + "value": "CP-06(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-6(1)" @@ -42327,13 +36157,6 @@ { "id": "cp-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify an alternate storage site that is sufficiently separated from the primary storage site to reduce susceptibility to the same threats." }, { @@ -42345,29 +36168,6 @@ "id": "cp-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-06(01)", @@ -42433,6 +36233,11 @@ "class": "SP800-53-enhancement", "title": "Accessibility", "props": [ + { + "name": "label", + "value": "CP-06(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-6(3)" @@ -42466,13 +36271,6 @@ { "id": "cp-6.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outline explicit mitigation actions." }, { @@ -42495,23 +36293,6 @@ "id": "cp-6.3_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-06(03)[01]", @@ -42530,23 +36311,6 @@ "id": "cp-6.3_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-06(03)[02]", @@ -42642,6 +36406,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-07", + "class": "zero-padded" + }, { "name": "label", "value": "CP-7" @@ -42724,11 +36493,6 @@ "id": "cp-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -42740,11 +36504,6 @@ "id": "cp-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -42756,11 +36515,6 @@ "id": "cp-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -42808,29 +36562,6 @@ "id": "cp-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-07a.", @@ -42860,29 +36591,6 @@ "id": "cp-7_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-07b.[01]", @@ -42901,29 +36609,6 @@ "id": "cp-7_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-07b.[02]", @@ -42950,29 +36635,6 @@ "id": "cp-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-07c.", @@ -43068,6 +36730,11 @@ "class": "SP800-53-enhancement", "title": "Separation from Primary Site", "props": [ + { + "name": "label", + "value": "CP-07(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-7(1)" @@ -43101,13 +36768,6 @@ { "id": "cp-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats.", "parts": [ { @@ -43139,23 +36799,6 @@ "id": "cp-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-07(01)", @@ -43221,6 +36864,11 @@ "class": "SP800-53-enhancement", "title": "Accessibility", "props": [ + { + "name": "label", + "value": "CP-07(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-7(2)" @@ -43254,13 +36902,6 @@ { "id": "cp-7.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify potential accessibility problems to alternate processing sites in the event of an area-wide disruption or disaster and outlines explicit mitigation actions." }, { @@ -43283,23 +36924,6 @@ "id": "cp-7.2_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-07(02)[01]", @@ -43318,23 +36942,6 @@ "id": "cp-7.2_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-07(02)[02]", @@ -43408,6 +37015,11 @@ "class": "SP800-53-enhancement", "title": "Priority of Service", "props": [ + { + "name": "label", + "value": "CP-07(03)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-7(3)" @@ -43437,13 +37049,6 @@ { "id": "cp-7.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Develop alternate processing site agreements that contain priority-of-service provisions in accordance with availability requirements (including recovery time objectives)." }, { @@ -43455,23 +37060,6 @@ "id": "cp-7.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-07(03)", @@ -43559,6 +37147,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-08", + "class": "zero-padded" + }, { "name": "label", "value": "CP-8" @@ -43608,13 +37201,6 @@ { "id": "cp-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish alternate telecommunications services, including necessary agreements to permit the resumption of {{ insert: param, cp-08_odp.01 }} for essential mission and business functions within {{ insert: param, cp-08_odp.02 }} when the primary telecommunications capabilities are unavailable at either the primary or alternate processing or storage sites.", "parts": [ { @@ -43646,29 +37232,6 @@ "id": "cp-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-08", @@ -43756,6 +37319,11 @@ "class": "SP800-53-enhancement", "title": "Priority of Service Provisions", "props": [ + { + "name": "label", + "value": "CP-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-8(1)" @@ -43790,11 +37358,6 @@ "id": "cp-8.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -43806,11 +37369,6 @@ "id": "cp-8.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -43840,29 +37398,6 @@ "id": "cp-8.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(01)(a)", @@ -43918,29 +37453,6 @@ "id": "cp-8.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(01)(b)", @@ -44036,6 +37548,11 @@ "class": "SP800-53-enhancement", "title": "Single Points of Failure", "props": [ + { + "name": "label", + "value": "CP-08(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-8(2)" @@ -44065,13 +37582,6 @@ { "id": "cp-8.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Obtain alternate telecommunications services to reduce the likelihood of sharing a single point of failure with primary telecommunications services." }, { @@ -44083,23 +37593,6 @@ "id": "cp-8.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "CP-08(02)", @@ -44220,6 +37713,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9" @@ -44310,11 +37808,6 @@ "id": "cp-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -44326,11 +37819,6 @@ "id": "cp-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -44342,11 +37830,6 @@ "id": "cp-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -44358,11 +37841,6 @@ "id": "cp-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -44443,29 +37921,6 @@ "id": "cp-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09a.", @@ -44484,29 +37939,6 @@ "id": "cp-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09b.", @@ -44525,29 +37957,6 @@ "id": "cp-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09c.", @@ -44566,23 +37975,6 @@ "id": "cp-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09d.", @@ -44762,6 +38154,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09(01)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9(1)" @@ -44795,13 +38192,6 @@ { "id": "cp-9.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Test backup information {{ insert: param, cp-9.1_prm_1 }} to verify media reliability and information integrity." }, { @@ -44813,29 +38203,6 @@ "id": "cp-9.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09(01)", @@ -44976,6 +38343,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-09(08)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-9(8)" @@ -45017,13 +38389,6 @@ { "id": "cp-9.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of {{ insert: param, cp-09.08_odp }}.", "parts": [ { @@ -45055,29 +38420,6 @@ "id": "cp-9.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-09(08)", @@ -45191,6 +38533,11 @@ } ], "props": [ + { + "name": "label", + "value": "CP-10", + "class": "zero-padded" + }, { "name": "label", "value": "CP-10" @@ -45256,13 +38603,6 @@ { "id": "cp-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide for the recovery and reconstitution of the system to a known state within {{ insert: param, cp-10_prm_1 }} after a disruption, compromise, or failure." }, { @@ -45274,29 +38614,6 @@ "id": "cp-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-10", @@ -45421,6 +38738,11 @@ "class": "SP800-53-enhancement", "title": "Transaction Recovery", "props": [ + { + "name": "label", + "value": "CP-10(02)", + "class": "zero-padded" + }, { "name": "label", "value": "CP-10(2)" @@ -45450,13 +38772,6 @@ { "id": "cp-10.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement transaction recovery for systems that are transaction-based." }, { @@ -45468,29 +38783,6 @@ "id": "cp-10.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "CP-10(02)", @@ -45682,6 +38974,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-01", + "class": "zero-padded" + }, { "name": "label", "value": "IA-1" @@ -45777,12 +39074,6 @@ "id": "ia-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -45842,11 +39133,6 @@ "id": "ia-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -45858,12 +39144,6 @@ "id": "ia-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -45928,23 +39208,6 @@ "id": "ia-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[01]", @@ -45963,23 +39226,6 @@ "id": "ia-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[02]", @@ -45998,17 +39244,6 @@ "id": "ia-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[03]", @@ -46027,17 +39262,6 @@ "id": "ia-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.[04]", @@ -46067,17 +39291,6 @@ "id": "ia-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.01(a)", @@ -46223,17 +39436,6 @@ "id": "ia-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IA-01a.01(b)", @@ -46268,23 +39470,6 @@ "id": "ia-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01b.", @@ -46314,23 +39499,6 @@ "id": "ia-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01c.01", @@ -46386,23 +39554,6 @@ "id": "ia-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IA-01c.02", @@ -46522,9 +39673,9 @@ "title": "Identification and Authentication (Organizational Users)", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02", + "class": "zero-padded" }, { "name": "label", @@ -46696,13 +39847,6 @@ { "id": "ia-2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.", "parts": [ { @@ -46778,29 +39922,6 @@ "id": "ia-2_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02[01]", @@ -46819,29 +39940,6 @@ "id": "ia-2_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02[02]", @@ -46938,9 +40036,9 @@ "title": "Multi-factor Authentication to Privileged Accounts", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(01)", + "class": "zero-padded" }, { "name": "label", @@ -46979,13 +40077,6 @@ { "id": "ia-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement multi-factor authentication for access to privileged accounts.", "parts": [ { @@ -47039,17 +40130,6 @@ "id": "ia-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(01)", @@ -47138,9 +40218,9 @@ "title": "Multi-factor Authentication to Non-privileged Accounts", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(02)", + "class": "zero-padded" }, { "name": "label", @@ -47175,13 +40255,6 @@ { "id": "ia-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement multi-factor authentication for access to non-privileged accounts.", "parts": [ { @@ -47235,17 +40308,6 @@ "id": "ia-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(02)", @@ -47334,9 +40396,9 @@ "title": "Individual Authentication with Group Authentication", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(05)", + "class": "zero-padded" }, { "name": "label", @@ -47372,13 +40434,6 @@ { "id": "ia-2.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "When shared accounts or authenticators are employed, require users to be individually authenticated before granting access to the shared accounts or resources." }, { @@ -47390,17 +40445,6 @@ "id": "ia-2.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(05)", @@ -47536,9 +40580,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(06)", + "class": "zero-padded" }, { "name": "label", @@ -47579,11 +40623,6 @@ "id": "ia-2.6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -47595,11 +40634,6 @@ "id": "ia-2.6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -47658,23 +40692,6 @@ "id": "ia-2.6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(06)(a)", @@ -47693,23 +40710,6 @@ "id": "ia-2.6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(06)(b)", @@ -47823,9 +40823,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(08)", + "class": "zero-padded" }, { "name": "label", @@ -47856,13 +40856,6 @@ { "id": "ia-2.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement replay-resistant authentication mechanisms for access to {{ insert: param, ia-02.08_odp }}." }, { @@ -47874,23 +40867,6 @@ "id": "ia-2.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(08)", @@ -47979,9 +40955,9 @@ "title": "Acceptance of PIV Credentials", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-02(12)", + "class": "zero-padded" }, { "name": "label", @@ -48012,13 +40988,6 @@ { "id": "ia-2.12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Accept and electronically verify Personal Identity Verification-compliant credentials.", "parts": [ { @@ -48050,23 +41019,6 @@ "id": "ia-2.12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-02(12)", @@ -48178,6 +41130,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-03", + "class": "zero-padded" + }, { "name": "label", "value": "IA-3" @@ -48251,13 +41208,6 @@ { "id": "ia-3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Uniquely identify and authenticate {{ insert: param, ia-03_odp.01 }} before establishing a {{ insert: param, ia-03_odp.02 }} connection." }, { @@ -48269,23 +41219,6 @@ "id": "ia-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-03", @@ -48404,9 +41337,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-04", + "class": "zero-padded" }, { "name": "label", @@ -48527,11 +41460,6 @@ "id": "ia-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -48543,11 +41471,6 @@ "id": "ia-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -48559,11 +41482,6 @@ "id": "ia-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -48575,11 +41493,6 @@ "id": "ia-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -48609,23 +41522,6 @@ "id": "ia-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04a.", @@ -48644,23 +41540,6 @@ "id": "ia-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04b.", @@ -48679,23 +41558,6 @@ "id": "ia-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04c.", @@ -48714,23 +41576,6 @@ "id": "ia-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04d.", @@ -48842,6 +41687,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-04(04)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-4(4)" @@ -48871,13 +41721,6 @@ { "id": "ia-4.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Manage individual identifiers by uniquely identifying each individual as {{ insert: param, ia-04.04_odp }}." }, { @@ -48889,23 +41732,6 @@ "id": "ia-4.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-04(04)", @@ -49016,9 +41842,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IA-05", + "class": "zero-padded" }, { "name": "label", @@ -49160,11 +41986,6 @@ "id": "ia-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -49176,11 +41997,6 @@ "id": "ia-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -49192,11 +42008,6 @@ "id": "ia-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -49208,11 +42019,6 @@ "id": "ia-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -49224,11 +42030,6 @@ "id": "ia-5_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -49240,11 +42041,6 @@ "id": "ia-5_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -49256,11 +42052,6 @@ "id": "ia-5_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -49272,11 +42063,6 @@ "id": "ia-5_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -49288,11 +42074,6 @@ "id": "ia-5_smt.i", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "i." @@ -49351,23 +42132,6 @@ "id": "ia-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05a.", @@ -49386,23 +42150,6 @@ "id": "ia-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05b.", @@ -49421,23 +42168,6 @@ "id": "ia-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05c.", @@ -49456,23 +42186,6 @@ "id": "ia-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05d.", @@ -49491,23 +42204,6 @@ "id": "ia-5_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05e.", @@ -49526,23 +42222,6 @@ "id": "ia-5_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05f.", @@ -49561,23 +42240,6 @@ "id": "ia-5_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05g.", @@ -49607,23 +42269,6 @@ "id": "ia-5_obj.h-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05h.[01]", @@ -49642,23 +42287,6 @@ "id": "ia-5_obj.h-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05h.[02]", @@ -49685,23 +42313,6 @@ "id": "ia-5_obj.i", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05i.", @@ -49817,6 +42428,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(1)" @@ -49861,11 +42477,6 @@ "id": "ia-5.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -49877,11 +42488,6 @@ "id": "ia-5.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -49893,11 +42499,6 @@ "id": "ia-5.1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -49909,11 +42510,6 @@ "id": "ia-5.1_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -49925,11 +42521,6 @@ "id": "ia-5.1_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(e)" @@ -49941,11 +42532,6 @@ "id": "ia-5.1_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(f)" @@ -49957,11 +42543,6 @@ "id": "ia-5.1_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(g)" @@ -49973,11 +42554,6 @@ "id": "ia-5.1_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(h)" @@ -50010,7 +42586,7 @@ "value": "(h) Requirement:" } ], - "prose": "For cases where technology doesn't allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." + "prose": "For cases where technology doesn’t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." }, { "id": "ia-5.1_fr_gdn.1", @@ -50047,23 +42623,6 @@ "id": "ia-5.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(a)", @@ -50082,23 +42641,6 @@ "id": "ia-5.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(b)", @@ -50117,17 +42659,6 @@ "id": "ia-5.1_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(c)", @@ -50146,17 +42677,6 @@ "id": "ia-5.1_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(d)", @@ -50175,17 +42695,6 @@ "id": "ia-5.1_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(e)", @@ -50204,17 +42713,6 @@ "id": "ia-5.1_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(f)", @@ -50233,17 +42731,6 @@ "id": "ia-5.1_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(g)", @@ -50262,23 +42749,6 @@ "id": "ia-5.1_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(01)(h)", @@ -50374,6 +42844,11 @@ "class": "SP800-53-enhancement", "title": "Public Key-based Authentication", "props": [ + { + "name": "label", + "value": "IA-05(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(2)" @@ -50416,11 +42891,6 @@ "id": "ia-5.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -50456,11 +42926,6 @@ "id": "ia-5.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -50525,17 +42990,6 @@ "id": "ia-5.2_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(02)(a)(01)", @@ -50554,17 +43008,6 @@ "id": "ia-5.2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(02)(a)(02)", @@ -50602,17 +43045,6 @@ "id": "ia-5.2_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(02)(b)(01)", @@ -50631,17 +43063,6 @@ "id": "ia-5.2_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(02)(b)(02)", @@ -50745,6 +43166,11 @@ "class": "SP800-53-enhancement", "title": "Protection of Authenticators", "props": [ + { + "name": "label", + "value": "IA-05(06)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(6)" @@ -50778,13 +43204,6 @@ { "id": "ia-5.6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect authenticators commensurate with the security category of the information to which use of the authenticator permits access." }, { @@ -50796,17 +43215,6 @@ "id": "ia-5.6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(06)", @@ -50894,6 +43302,11 @@ "class": "SP800-53-enhancement", "title": "No Embedded Unencrypted Static Authenticators", "props": [ + { + "name": "label", + "value": "IA-05(07)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-5(7)" @@ -50923,13 +43336,6 @@ { "id": "ia-5.7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Ensure that unencrypted static authenticators are not embedded in applications or other forms of static storage.", "parts": [ { @@ -50961,17 +43367,6 @@ "id": "ia-5.7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-05(07)", @@ -51061,6 +43456,11 @@ "class": "SP800-53", "title": "Authentication Feedback", "props": [ + { + "name": "label", + "value": "IA-06", + "class": "zero-padded" + }, { "name": "label", "value": "IA-6" @@ -51090,13 +43490,6 @@ { "id": "ia-6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals." }, { @@ -51108,17 +43501,6 @@ "id": "ia-6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-06", @@ -51206,6 +43588,11 @@ "class": "SP800-53", "title": "Cryptographic Module Authentication", "props": [ + { + "name": "label", + "value": "IA-07", + "class": "zero-padded" + }, { "name": "label", "value": "IA-7" @@ -51255,13 +43642,6 @@ { "id": "ia-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication." }, { @@ -51273,29 +43653,6 @@ "id": "ia-7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-07", @@ -51383,6 +43740,11 @@ "class": "SP800-53", "title": "Identification and Authentication (Non-organizational Users)", "props": [ + { + "name": "label", + "value": "IA-08", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8" @@ -51500,13 +43862,6 @@ { "id": "ia-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users." }, { @@ -51518,17 +43873,6 @@ "id": "ia-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08", @@ -51616,6 +43960,11 @@ "class": "SP800-53-enhancement", "title": "Acceptance of PIV Credentials from Other Agencies", "props": [ + { + "name": "label", + "value": "IA-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(1)" @@ -51649,13 +43998,6 @@ { "id": "ia-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Accept and electronically verify Personal Identity Verification-compliant credentials from other federal agencies." }, { @@ -51667,17 +44009,6 @@ "id": "ia-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(01)", @@ -51802,6 +44133,11 @@ "class": "SP800-53-enhancement", "title": "Acceptance of External Authenticators", "props": [ + { + "name": "label", + "value": "IA-08(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(2)" @@ -51836,11 +44172,6 @@ "id": "ia-8.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -51852,11 +44183,6 @@ "id": "ia-8.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -51886,17 +44212,6 @@ "id": "ia-8.2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(02)(a)", @@ -51915,23 +44230,6 @@ "id": "ia-8.2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(02)(b)", @@ -52075,6 +44373,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-08(04)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-8(4)" @@ -52104,13 +44407,6 @@ { "id": "ia-8.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Conform to the following profiles for identity management {{ insert: param, ia-08.04_odp }}." }, { @@ -52122,29 +44418,6 @@ "id": "ia-8.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-08(04)", @@ -52245,6 +44518,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-11", + "class": "zero-padded" + }, { "name": "label", "value": "IA-11" @@ -52299,13 +44577,6 @@ { "id": "ia-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require users to re-authenticate when {{ insert: param, ia-11_odp }}.", "parts": [ { @@ -52337,29 +44608,6 @@ "id": "ia-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-11", @@ -52447,6 +44695,11 @@ "class": "SP800-53", "title": "Identity Proofing", "props": [ + { + "name": "label", + "value": "IA-12", + "class": "zero-padded" + }, { "name": "label", "value": "IA-12" @@ -52529,11 +44782,6 @@ "id": "ia-12_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -52545,11 +44793,6 @@ "id": "ia-12_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -52561,11 +44804,6 @@ "id": "ia-12_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -52613,29 +44851,6 @@ "id": "ia-12_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12a.", @@ -52654,23 +44869,6 @@ "id": "ia-12_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12b.", @@ -52689,23 +44887,6 @@ "id": "ia-12_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12c.", @@ -52856,6 +45037,11 @@ "class": "SP800-53-enhancement", "title": "Identity Evidence", "props": [ + { + "name": "label", + "value": "IA-12(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-12(2)" @@ -52885,13 +45071,6 @@ { "id": "ia-12.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require evidence of individual identification be presented to the registration authority." }, { @@ -52903,23 +45082,6 @@ "id": "ia-12.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12(02)", @@ -53018,6 +45180,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-12(03)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-12(3)" @@ -53047,13 +45214,6 @@ { "id": "ia-12.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require that the presented identity evidence be validated and verified through {{ insert: param, ia-12.03_odp }}." }, { @@ -53065,29 +45225,6 @@ "id": "ia-12.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12(03)", @@ -53186,6 +45323,11 @@ } ], "props": [ + { + "name": "label", + "value": "IA-12(05)", + "class": "zero-padded" + }, { "name": "label", "value": "IA-12(5)" @@ -53219,13 +45361,6 @@ { "id": "ia-12.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require that a {{ insert: param, ia-12.05_odp }} be delivered through an out-of-band channel to verify the users address (physical or digital) of record.", "parts": [ { @@ -53257,23 +45392,6 @@ "id": "ia-12.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IA-12(05)", @@ -53465,6 +45583,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-01", + "class": "zero-padded" + }, { "name": "label", "value": "IR-1" @@ -53544,12 +45667,6 @@ "id": "ir-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -53609,11 +45726,6 @@ "id": "ir-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -53625,12 +45737,6 @@ "id": "ir-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -53695,23 +45801,6 @@ "id": "ir-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[01]", @@ -53730,23 +45819,6 @@ "id": "ir-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[02]", @@ -53765,17 +45837,6 @@ "id": "ir-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[03]", @@ -53794,17 +45855,6 @@ "id": "ir-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.[04]", @@ -53834,17 +45884,6 @@ "id": "ir-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.01(a)", @@ -53990,17 +46029,6 @@ "id": "ir-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-01a.01(b)", @@ -54035,23 +46063,6 @@ "id": "ir-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01b.", @@ -54081,23 +46092,6 @@ "id": "ir-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01c.01", @@ -54153,23 +46147,6 @@ "id": "ir-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-01c.02", @@ -54341,6 +46318,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-02", + "class": "zero-padded" + }, { "name": "label", "value": "IR-2" @@ -54416,11 +46398,6 @@ "id": "ir-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -54467,11 +46444,6 @@ "id": "ir-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -54512,23 +46484,6 @@ "id": "ir-2_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02a.01", @@ -54547,23 +46502,6 @@ "id": "ir-2_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02a.02", @@ -54582,23 +46520,6 @@ "id": "ir-2_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02a.03", @@ -54636,23 +46557,6 @@ "id": "ir-2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02b.[01]", @@ -54671,23 +46575,6 @@ "id": "ir-2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-02b.[02]", @@ -54795,9 +46682,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-03", + "class": "zero-padded" }, { "name": "label", @@ -54865,13 +46752,6 @@ { "id": "ir-3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Test the effectiveness of the incident response capability for the system {{ insert: param, ir-03_odp.01 }} using the following tests: {{ insert: param, ir-03_odp.02 }}.", "parts": [ { @@ -54903,23 +46783,6 @@ "id": "ir-3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-03", @@ -54985,6 +46848,11 @@ "class": "SP800-53-enhancement", "title": "Coordination with Related Plans", "props": [ + { + "name": "label", + "value": "IR-03(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-3(2)" @@ -55019,13 +46887,6 @@ { "id": "ir-3.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Coordinate incident response testing with organizational elements responsible for related plans." }, { @@ -55037,23 +46898,6 @@ "id": "ir-3.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-03(02)", @@ -55122,9 +46966,9 @@ "title": "Incident Handling", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-04", + "class": "zero-padded" }, { "name": "label", @@ -55280,11 +47124,6 @@ "id": "ir-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -55296,11 +47135,6 @@ "id": "ir-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -55312,11 +47146,6 @@ "id": "ir-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -55328,11 +47157,6 @@ "id": "ir-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -55402,23 +47226,6 @@ "id": "ir-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04a.[01]", @@ -55437,23 +47244,6 @@ "id": "ir-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04a.[02]", @@ -55552,23 +47342,6 @@ "id": "ir-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04b.", @@ -55598,23 +47371,6 @@ "id": "ir-4_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04c.[01]", @@ -55633,23 +47389,6 @@ "id": "ir-4_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04c.[02]", @@ -55676,23 +47415,6 @@ "id": "ir-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04d.", @@ -55873,9 +47595,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "IR-04(01)", + "class": "zero-padded" }, { "name": "label", @@ -55906,13 +47628,6 @@ { "id": "ir-4.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Support the incident handling process using {{ insert: param, ir-04.01_odp }}." }, { @@ -55924,23 +47639,6 @@ "id": "ir-4.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-04(01)", @@ -56030,6 +47728,11 @@ "class": "SP800-53", "title": "Incident Monitoring", "props": [ + { + "name": "label", + "value": "IR-05", + "class": "zero-padded" + }, { "name": "label", "value": "IR-5" @@ -56112,13 +47815,6 @@ { "id": "ir-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Track and document incidents." }, { @@ -56130,23 +47826,6 @@ "id": "ir-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-05", @@ -56296,6 +47975,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-06", + "class": "zero-padded" + }, { "name": "label", "value": "IR-6" @@ -56366,11 +48050,6 @@ "id": "ir-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -56382,11 +48061,6 @@ "id": "ir-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -56434,23 +48108,6 @@ "id": "ir-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-06a.", @@ -56469,23 +48126,6 @@ "id": "ir-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-06b.", @@ -56592,6 +48232,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-06(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-6(1)" @@ -56625,13 +48270,6 @@ { "id": "ir-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Report incidents using {{ insert: param, ir-06.01_odp }}." }, { @@ -56643,29 +48281,6 @@ "id": "ir-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-06(01)", @@ -56753,6 +48368,11 @@ "class": "SP800-53-enhancement", "title": "Supply Chain Coordination", "props": [ + { + "name": "label", + "value": "IR-06(03)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-6(3)" @@ -56786,13 +48406,6 @@ { "id": "ir-6.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide incident information to the provider of the product or service and other organizations involved in the supply chain or supply chain governance for systems or system components related to the incident." }, { @@ -56804,23 +48417,6 @@ "id": "ir-6.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-06(03)", @@ -56910,6 +48506,11 @@ "class": "SP800-53", "title": "Incident Response Assistance", "props": [ + { + "name": "label", + "value": "IR-07", + "class": "zero-padded" + }, { "name": "label", "value": "IR-7" @@ -56979,13 +48580,6 @@ { "id": "ir-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide an incident response support resource, integral to the organizational incident response capability, that offers advice and assistance to users of the system for the handling and reporting of incidents." }, { @@ -57008,23 +48602,6 @@ "id": "ir-7_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-07[01]", @@ -57043,23 +48620,6 @@ "id": "ir-7_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-07[02]", @@ -57166,6 +48726,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-07(01)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-7(1)" @@ -57195,13 +48760,6 @@ { "id": "ir-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Increase the availability of incident response information and support using {{ insert: param, ir-07.01_odp }}." }, { @@ -57213,29 +48771,6 @@ "id": "ir-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-07(01)", @@ -57409,6 +48944,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-08", + "class": "zero-padded" + }, { "name": "label", "value": "IR-8" @@ -57495,11 +49035,6 @@ "id": "ir-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -57623,11 +49158,6 @@ "id": "ir-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -57639,11 +49169,6 @@ "id": "ir-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -57655,11 +49180,6 @@ "id": "ir-8_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -57671,11 +49191,6 @@ "id": "ir-8_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -57745,17 +49260,6 @@ "id": "ir-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.01", @@ -57774,17 +49278,6 @@ "id": "ir-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.02", @@ -57803,17 +49296,6 @@ "id": "ir-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.03", @@ -57832,17 +49314,6 @@ "id": "ir-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.04", @@ -57861,17 +49332,6 @@ "id": "ir-8_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.05", @@ -57890,17 +49350,6 @@ "id": "ir-8_obj.a.6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.06", @@ -57919,17 +49368,6 @@ "id": "ir-8_obj.a.7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.07", @@ -57948,17 +49386,6 @@ "id": "ir-8_obj.a.8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.08", @@ -57977,17 +49404,6 @@ "id": "ir-8_obj.a.9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.09", @@ -58006,17 +49422,6 @@ "id": "ir-8_obj.a.10", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-08a.10", @@ -58043,17 +49448,6 @@ "id": "ir-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-08b.", @@ -58109,23 +49503,6 @@ "id": "ir-8_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-08c.", @@ -58144,23 +49521,6 @@ "id": "ir-8_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-08d.", @@ -58216,17 +49576,6 @@ "id": "ir-8_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-08e.", @@ -58388,6 +49737,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-09", + "class": "zero-padded" + }, { "name": "label", "value": "IR-9" @@ -58451,11 +49805,6 @@ "id": "ir-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -58467,11 +49816,6 @@ "id": "ir-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -58483,11 +49827,6 @@ "id": "ir-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -58499,11 +49838,6 @@ "id": "ir-9_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -58515,11 +49849,6 @@ "id": "ir-9_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -58531,11 +49860,6 @@ "id": "ir-9_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -58547,11 +49871,6 @@ "id": "ir-9_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -58581,23 +49900,6 @@ "id": "ir-9_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-09a.", @@ -58616,23 +49918,6 @@ "id": "ir-9_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "IR-09b.", @@ -58651,23 +49936,6 @@ "id": "ir-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09c.", @@ -58686,23 +49954,6 @@ "id": "ir-9_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09d.", @@ -58721,23 +49972,6 @@ "id": "ir-9_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09e.", @@ -58756,23 +49990,6 @@ "id": "ir-9_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09f.", @@ -58791,23 +50008,6 @@ "id": "ir-9_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09g.", @@ -58919,6 +50119,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-09(02)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-9(2)" @@ -58964,13 +50169,6 @@ { "id": "ir-9.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide information spillage response training {{ insert: param, ir-09.02_odp }}." }, { @@ -58982,17 +50180,6 @@ "id": "ir-9.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09(02)", @@ -59069,6 +50256,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-09(03)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-9(3)" @@ -59098,13 +50290,6 @@ { "id": "ir-9.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement the following procedures to ensure that organizational personnel impacted by information spills can continue to carry out assigned tasks while contaminated systems are undergoing corrective actions: {{ insert: param, ir-09.03_odp }}." }, { @@ -59116,17 +50301,6 @@ "id": "ir-9.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "IR-09(03)", @@ -59225,6 +50399,11 @@ } ], "props": [ + { + "name": "label", + "value": "IR-09(04)", + "class": "zero-padded" + }, { "name": "label", "value": "IR-9(4)" @@ -59254,13 +50433,6 @@ { "id": "ir-9.4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ the following controls for personnel exposed to information not within assigned access authorizations: {{ insert: param, ir-09.04_odp }}." }, { @@ -59272,17 +50444,6 @@ "id": "ir-9.4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "IR-09(04)", @@ -59474,6 +50635,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-01", + "class": "zero-padded" + }, { "name": "label", "value": "MA-1" @@ -59541,12 +50707,6 @@ "id": "ma-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -59606,11 +50766,6 @@ "id": "ma-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -59622,12 +50777,6 @@ "id": "ma-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -59692,23 +50841,6 @@ "id": "ma-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[01]", @@ -59727,23 +50859,6 @@ "id": "ma-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[02]", @@ -59762,17 +50877,6 @@ "id": "ma-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[03]", @@ -59791,17 +50895,6 @@ "id": "ma-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.[04]", @@ -59831,17 +50924,6 @@ "id": "ma-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.01(a)", @@ -59987,17 +51069,6 @@ "id": "ma-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-01a.01(b)", @@ -60032,23 +51103,6 @@ "id": "ma-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01b.", @@ -60078,23 +51132,6 @@ "id": "ma-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01c.01", @@ -60150,23 +51187,6 @@ "id": "ma-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-01c.02", @@ -60314,6 +51334,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-02", + "class": "zero-padded" + }, { "name": "label", "value": "MA-2" @@ -60400,11 +51425,6 @@ "id": "ma-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -60416,11 +51436,6 @@ "id": "ma-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -60432,11 +51447,6 @@ "id": "ma-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -60448,11 +51458,6 @@ "id": "ma-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -60464,11 +51469,6 @@ "id": "ma-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -60480,11 +51480,6 @@ "id": "ma-2_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -60514,29 +51509,6 @@ "id": "ma-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02a.", @@ -60610,23 +51582,6 @@ "id": "ma-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-02b.", @@ -60682,23 +51637,6 @@ "id": "ma-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-02c.", @@ -60717,23 +51655,6 @@ "id": "ma-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MA-02d.", @@ -60752,17 +51673,6 @@ "id": "ma-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02e.", @@ -60781,17 +51691,6 @@ "id": "ma-2_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-02f.", @@ -60903,6 +51802,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-03", + "class": "zero-padded" + }, { "name": "label", "value": "MA-3" @@ -60945,11 +51849,6 @@ "id": "ma-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -60961,11 +51860,6 @@ "id": "ma-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -60995,29 +51889,6 @@ "id": "ma-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03a.", @@ -61091,29 +51962,6 @@ "id": "ma-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03b.", @@ -61209,6 +52057,11 @@ "class": "SP800-53-enhancement", "title": "Inspect Tools", "props": [ + { + "name": "label", + "value": "MA-03(01)", + "class": "zero-padded" + }, { "name": "label", "value": "MA-3(1)" @@ -61242,13 +52095,6 @@ { "id": "ma-3.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Inspect the maintenance tools used by maintenance personnel for improper or unauthorized modifications." }, { @@ -61260,29 +52106,6 @@ "id": "ma-3.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03(01)", @@ -61371,9 +52194,9 @@ "title": "Inspect Media", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "MA-03(02)", + "class": "zero-padded" }, { "name": "label", @@ -61408,13 +52231,6 @@ { "id": "ma-3.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Check media containing diagnostic and test programs for malicious code before the media are used in the system." }, { @@ -61426,29 +52242,6 @@ "id": "ma-3.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03(02)", @@ -61552,6 +52345,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-03(03)", + "class": "zero-padded" + }, { "name": "label", "value": "MA-3(3)" @@ -61591,11 +52389,6 @@ "id": "ma-3.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -61607,11 +52400,6 @@ "id": "ma-3.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -61623,11 +52411,6 @@ "id": "ma-3.3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -61639,11 +52422,6 @@ "id": "ma-3.3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -61662,29 +52440,6 @@ "id": "ma-3.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-03(03)", @@ -61847,6 +52602,11 @@ "class": "SP800-53", "title": "Nonlocal Maintenance", "props": [ + { + "name": "label", + "value": "MA-04", + "class": "zero-padded" + }, { "name": "label", "value": "MA-4" @@ -61957,11 +52717,6 @@ "id": "ma-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -61973,11 +52728,6 @@ "id": "ma-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -61989,11 +52739,6 @@ "id": "ma-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -62005,11 +52750,6 @@ "id": "ma-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -62021,11 +52761,6 @@ "id": "ma-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -62055,23 +52790,6 @@ "id": "ma-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04a.", @@ -62138,23 +52856,6 @@ "id": "ma-4_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04b.[01]", @@ -62173,17 +52874,6 @@ "id": "ma-4_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-04b.[02]", @@ -62210,29 +52900,6 @@ "id": "ma-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04c.", @@ -62251,17 +52918,6 @@ "id": "ma-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04d.", @@ -62280,17 +52936,6 @@ "id": "ma-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-04e.", @@ -62423,6 +53068,11 @@ "class": "SP800-53", "title": "Maintenance Personnel", "props": [ + { + "name": "label", + "value": "MA-05", + "class": "zero-padded" + }, { "name": "label", "value": "MA-5" @@ -62501,11 +53151,6 @@ "id": "ma-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -62517,11 +53162,6 @@ "id": "ma-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -62533,11 +53173,6 @@ "id": "ma-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -62567,17 +53202,6 @@ "id": "ma-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MA-05a.", @@ -62633,29 +53257,6 @@ "id": "ma-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05b.", @@ -62674,29 +53275,6 @@ "id": "ma-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05c.", @@ -62803,6 +53381,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-05(01)", + "class": "zero-padded" + }, { "name": "label", "value": "MA-5(1)" @@ -62845,11 +53428,6 @@ "id": "ma-5.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -62885,11 +53463,6 @@ "id": "ma-5.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -62948,23 +53521,6 @@ "id": "ma-5.1_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05(01)(a)(01)", @@ -62983,23 +53539,6 @@ "id": "ma-5.1_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05(01)(a)(02)", @@ -63026,29 +53565,6 @@ "id": "ma-5.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-05(01)(b)", @@ -63171,6 +53687,11 @@ } ], "props": [ + { + "name": "label", + "value": "MA-06", + "class": "zero-padded" + }, { "name": "label", "value": "MA-6" @@ -63232,13 +53753,6 @@ { "id": "ma-6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Obtain maintenance support and/or spare parts for {{ insert: param, ma-06_odp.01 }} within {{ insert: param, ma-06_odp.02 }} of failure." }, { @@ -63250,29 +53764,6 @@ "id": "ma-6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MA-06", @@ -63462,6 +53953,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-01", + "class": "zero-padded" + }, { "name": "label", "value": "MP-1" @@ -63529,12 +54025,6 @@ "id": "mp-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -63594,11 +54084,6 @@ "id": "mp-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -63610,12 +54095,6 @@ "id": "mp-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -63680,23 +54159,6 @@ "id": "mp-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[01]", @@ -63715,23 +54177,6 @@ "id": "mp-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[02]", @@ -63750,17 +54195,6 @@ "id": "mp-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[03]", @@ -63779,17 +54213,6 @@ "id": "mp-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.[04]", @@ -63819,17 +54242,6 @@ "id": "mp-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.01(a)", @@ -63975,17 +54387,6 @@ "id": "mp-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-01a.01(b)", @@ -64020,23 +54421,6 @@ "id": "mp-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01b.", @@ -64066,23 +54450,6 @@ "id": "mp-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01c.01", @@ -64138,23 +54505,6 @@ "id": "mp-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-01c.02", @@ -64324,6 +54674,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-02", + "class": "zero-padded" + }, { "name": "label", "value": "MP-2" @@ -64417,13 +54772,6 @@ { "id": "mp-2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Restrict access to {{ insert: param, mp-2_prm_1 }} to {{ insert: param, mp-2_prm_2 }}." }, { @@ -64446,29 +54794,6 @@ "id": "mp-2_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-02[01]", @@ -64487,29 +54812,6 @@ "id": "mp-2_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-02[02]", @@ -64635,6 +54937,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-03", + "class": "zero-padded" + }, { "name": "label", "value": "MP-3" @@ -64697,11 +55004,6 @@ "id": "mp-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -64713,11 +55015,6 @@ "id": "mp-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -64765,17 +55062,6 @@ "id": "mp-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-03a.", @@ -64794,17 +55080,6 @@ "id": "mp-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-03b.", @@ -64974,6 +55249,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-04", + "class": "zero-padded" + }, { "name": "label", "value": "MP-4" @@ -65092,11 +55372,6 @@ "id": "mp-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -65108,11 +55383,6 @@ "id": "mp-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -65171,29 +55441,6 @@ "id": "mp-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04a.[01]", @@ -65212,29 +55459,6 @@ "id": "mp-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04a.[02]", @@ -65253,29 +55477,6 @@ "id": "mp-4_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04a.[03]", @@ -65294,29 +55495,6 @@ "id": "mp-4_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04a.[04]", @@ -65343,29 +55521,6 @@ "id": "mp-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-04b.", @@ -65504,6 +55659,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-05", + "class": "zero-padded" + }, { "name": "label", "value": "MP-5" @@ -65594,11 +55754,6 @@ "id": "mp-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -65610,11 +55765,6 @@ "id": "mp-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -65626,11 +55776,6 @@ "id": "mp-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -65642,11 +55787,6 @@ "id": "mp-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -65694,29 +55834,6 @@ "id": "mp-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-05a.", @@ -65772,29 +55889,6 @@ "id": "mp-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-05b.", @@ -65813,17 +55907,6 @@ "id": "mp-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "MP-05c.", @@ -65853,23 +55936,6 @@ "id": "mp-5_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "MP-05d.[01]", @@ -65888,17 +55954,6 @@ "id": "mp-5_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-05d.[02]", @@ -66071,6 +56126,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-06", + "class": "zero-padded" + }, { "name": "label", "value": "MP-6" @@ -66189,11 +56249,6 @@ "id": "mp-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -66205,11 +56260,6 @@ "id": "mp-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -66239,29 +56289,6 @@ "id": "mp-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-06a.", @@ -66335,29 +56362,6 @@ "id": "mp-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-06b.", @@ -66491,6 +56495,11 @@ } ], "props": [ + { + "name": "label", + "value": "MP-07", + "class": "zero-padded" + }, { "name": "label", "value": "MP-7" @@ -66553,11 +56562,6 @@ "id": "mp-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -66569,11 +56573,6 @@ "id": "mp-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -66603,29 +56602,6 @@ "id": "mp-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-07a.", @@ -66644,29 +56620,6 @@ "id": "mp-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "MP-07b.", @@ -66864,6 +56817,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-01", + "class": "zero-padded" + }, { "name": "label", "value": "PE-1" @@ -66931,12 +56889,6 @@ "id": "pe-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -66996,11 +56948,6 @@ "id": "pe-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -67012,12 +56959,6 @@ "id": "pe-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -67082,23 +57023,6 @@ "id": "pe-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[01]", @@ -67117,23 +57041,6 @@ "id": "pe-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[02]", @@ -67152,17 +57059,6 @@ "id": "pe-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[03]", @@ -67181,17 +57077,6 @@ "id": "pe-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.[04]", @@ -67221,17 +57106,6 @@ "id": "pe-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.01(a)", @@ -67377,17 +57251,6 @@ "id": "pe-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PE-01a.01(b)", @@ -67422,23 +57285,6 @@ "id": "pe-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01b.", @@ -67468,23 +57314,6 @@ "id": "pe-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01c.01", @@ -67540,23 +57369,6 @@ "id": "pe-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-01c.02", @@ -67691,6 +57503,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-02", + "class": "zero-padded" + }, { "name": "label", "value": "PE-2" @@ -67793,11 +57610,6 @@ "id": "pe-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -67809,11 +57621,6 @@ "id": "pe-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -67825,11 +57632,6 @@ "id": "pe-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -67841,11 +57643,6 @@ "id": "pe-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -67875,23 +57672,6 @@ "id": "pe-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-02a.", @@ -67965,17 +57745,6 @@ "id": "pe-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-02b.", @@ -67994,17 +57763,6 @@ "id": "pe-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-02c.", @@ -68023,17 +57781,6 @@ "id": "pe-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-02d.", @@ -68247,9 +57994,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "PE-03", + "class": "zero-padded" }, { "name": "label", @@ -68393,11 +58140,6 @@ "id": "pe-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -68433,11 +58175,6 @@ "id": "pe-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -68449,11 +58186,6 @@ "id": "pe-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -68465,11 +58197,6 @@ "id": "pe-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -68481,11 +58208,6 @@ "id": "pe-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -68497,11 +58219,6 @@ "id": "pe-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -68513,11 +58230,6 @@ "id": "pe-3_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -68558,17 +58270,6 @@ "id": "pe-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03a.01", @@ -68587,23 +58288,6 @@ "id": "pe-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03a.02", @@ -68630,23 +58314,6 @@ "id": "pe-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-03b.", @@ -68665,17 +58332,6 @@ "id": "pe-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03c.", @@ -68705,17 +58361,6 @@ "id": "pe-3_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03d.[01]", @@ -68734,23 +58379,6 @@ "id": "pe-3_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03d.[02]", @@ -68788,17 +58416,6 @@ "id": "pe-3_obj.e-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03e.[01]", @@ -68817,17 +58434,6 @@ "id": "pe-3_obj.e-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03e.[02]", @@ -68846,17 +58452,6 @@ "id": "pe-3_obj.e-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03e.[03]", @@ -68883,23 +58478,6 @@ "id": "pe-3_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-03f.", @@ -68929,17 +58507,6 @@ "id": "pe-3_obj.g-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03g.[01]", @@ -68958,17 +58525,6 @@ "id": "pe-3_obj.g-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-03g.[02]", @@ -69092,6 +58648,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-04", + "class": "zero-padded" + }, { "name": "label", "value": "PE-4" @@ -69157,13 +58718,6 @@ { "id": "pe-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Control physical access to {{ insert: param, pe-04_odp.01 }} within organizational facilities using {{ insert: param, pe-04_odp.02 }}." }, { @@ -69175,23 +58729,6 @@ "id": "pe-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-04", @@ -69290,6 +58827,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-05", + "class": "zero-padded" + }, { "name": "label", "value": "PE-5" @@ -69335,13 +58877,6 @@ { "id": "pe-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Control physical access to output from {{ insert: param, pe-05_odp }} to prevent unauthorized individuals from obtaining the output." }, { @@ -69353,17 +58888,6 @@ "id": "pe-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-05", @@ -69476,6 +59000,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-06", + "class": "zero-padded" + }, { "name": "label", "value": "PE-6" @@ -69543,11 +59072,6 @@ "id": "pe-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -69559,11 +59083,6 @@ "id": "pe-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -69575,11 +59094,6 @@ "id": "pe-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -69609,23 +59123,6 @@ "id": "pe-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06a.", @@ -69655,17 +59152,6 @@ "id": "pe-6_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06b.[01]", @@ -69684,17 +59170,6 @@ "id": "pe-6_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06b.[02]", @@ -69732,23 +59207,6 @@ "id": "pe-6_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-06c.[01]", @@ -69767,23 +59225,6 @@ "id": "pe-6_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-06c.[02]", @@ -69887,6 +59328,11 @@ "class": "SP800-53-enhancement", "title": "Intrusion Alarms and Surveillance Equipment", "props": [ + { + "name": "label", + "value": "PE-06(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-6(1)" @@ -69921,13 +59367,6 @@ { "id": "pe-6.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Monitor physical access to the facility where the system resides using physical intrusion alarms and surveillance equipment." }, { @@ -69939,17 +59378,6 @@ "id": "pe-6.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-06(01)", @@ -70115,6 +59543,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-08", + "class": "zero-padded" + }, { "name": "label", "value": "PE-8" @@ -70162,11 +59595,6 @@ "id": "pe-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -70178,11 +59606,6 @@ "id": "pe-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -70194,11 +59617,6 @@ "id": "pe-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -70228,23 +59646,6 @@ "id": "pe-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-08a.", @@ -70263,17 +59664,6 @@ "id": "pe-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-08b.", @@ -70292,23 +59682,6 @@ "id": "pe-8_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-08c.", @@ -70404,6 +59777,11 @@ "class": "SP800-53", "title": "Power Equipment and Cabling", "props": [ + { + "name": "label", + "value": "PE-09", + "class": "zero-padded" + }, { "name": "label", "value": "PE-9" @@ -70433,13 +59811,6 @@ { "id": "pe-9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect power equipment and power cabling for the system from damage and destruction." }, { @@ -70451,17 +59822,6 @@ "id": "pe-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-09", @@ -70611,6 +59971,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-10", + "class": "zero-padded" + }, { "name": "label", "value": "PE-10" @@ -70645,11 +60010,6 @@ "id": "pe-10_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -70661,11 +60021,6 @@ "id": "pe-10_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -70677,11 +60032,6 @@ "id": "pe-10_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -70711,23 +60061,6 @@ "id": "pe-10_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-10a.", @@ -70746,17 +60079,6 @@ "id": "pe-10_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-10b.", @@ -70775,23 +60097,6 @@ "id": "pe-10_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-10c.", @@ -70898,6 +60203,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-11", + "class": "zero-padded" + }, { "name": "label", "value": "PE-11" @@ -70935,13 +60245,6 @@ { "id": "pe-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Provide an uninterruptible power supply to facilitate {{ insert: param, pe-11_odp }} in the event of a primary power source loss." }, { @@ -70953,23 +60256,6 @@ "id": "pe-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-11", @@ -71057,6 +60343,11 @@ "class": "SP800-53", "title": "Emergency Lighting", "props": [ + { + "name": "label", + "value": "PE-12", + "class": "zero-padded" + }, { "name": "label", "value": "PE-12" @@ -71090,13 +60381,6 @@ { "id": "pe-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ and maintain automatic emergency lighting for the system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility." }, { @@ -71119,17 +60403,6 @@ "id": "pe-12_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[01]", @@ -71148,17 +60421,6 @@ "id": "pe-12_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[02]", @@ -71177,17 +60439,6 @@ "id": "pe-12_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[03]", @@ -71206,17 +60457,6 @@ "id": "pe-12_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-12[04]", @@ -71312,6 +60552,11 @@ "class": "SP800-53", "title": "Fire Protection", "props": [ + { + "name": "label", + "value": "PE-13", + "class": "zero-padded" + }, { "name": "label", "value": "PE-13" @@ -71341,13 +60586,6 @@ { "id": "pe-13_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ and maintain fire detection and suppression systems that are supported by an independent energy source." }, { @@ -71370,23 +60608,6 @@ "id": "pe-13_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[01]", @@ -71405,23 +60626,6 @@ "id": "pe-13_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[02]", @@ -71440,23 +60644,6 @@ "id": "pe-13_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[03]", @@ -71475,23 +60662,6 @@ "id": "pe-13_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[04]", @@ -71510,23 +60680,6 @@ "id": "pe-13_obj-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[05]", @@ -71545,23 +60698,6 @@ "id": "pe-13_obj-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13[06]", @@ -71687,6 +60823,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-13(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-13(1)" @@ -71716,13 +60857,6 @@ { "id": "pe-13.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ fire detection systems that activate automatically and notify {{ insert: param, pe-13.01_odp.01 }} and {{ insert: param, pe-13.01_odp.02 }} in the event of a fire." }, { @@ -71745,17 +60879,6 @@ "id": "pe-13.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(01)[01]", @@ -71774,23 +60897,6 @@ "id": "pe-13.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(01)[02]", @@ -71809,23 +60915,6 @@ "id": "pe-13.1_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(01)[03]", @@ -71941,6 +61030,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-13(02)", + "class": "zero-padded" + }, { "name": "label", "value": "PE-13(2)" @@ -71975,11 +61069,6 @@ "id": "pe-13.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -71991,11 +61080,6 @@ "id": "pe-13.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -72036,17 +61120,6 @@ "id": "pe-13.2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(02)(a)[01]", @@ -72065,23 +61138,6 @@ "id": "pe-13.2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(02)(a)[02]", @@ -72100,23 +61156,6 @@ "id": "pe-13.2_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(02)(a)[03]", @@ -72143,23 +61182,6 @@ "id": "pe-13.2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-13(02)(b)", @@ -72309,6 +61331,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-14", + "class": "zero-padded" + }, { "name": "label", "value": "PE-14" @@ -72347,11 +61374,6 @@ "id": "pe-14_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -72363,11 +61385,6 @@ "id": "pe-14_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -72415,23 +61432,6 @@ "id": "pe-14_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-14a.", @@ -72450,23 +61450,6 @@ "id": "pe-14_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-14b.", @@ -72562,6 +61545,11 @@ "class": "SP800-53", "title": "Water Damage Protection", "props": [ + { + "name": "label", + "value": "PE-15", + "class": "zero-padded" + }, { "name": "label", "value": "PE-15" @@ -72595,13 +61583,6 @@ { "id": "pe-15_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel." }, { @@ -72624,23 +61605,6 @@ "id": "pe-15_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[01]", @@ -72659,23 +61623,6 @@ "id": "pe-15_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[02]", @@ -72694,23 +61641,6 @@ "id": "pe-15_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[03]", @@ -72729,23 +61659,6 @@ "id": "pe-15_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-15[04]", @@ -72870,6 +61783,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-16", + "class": "zero-padded" + }, { "name": "label", "value": "PE-16" @@ -72940,11 +61858,6 @@ "id": "pe-16_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -72956,11 +61869,6 @@ "id": "pe-16_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -73001,23 +61909,6 @@ "id": "pe-16_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[01]", @@ -73036,23 +61927,6 @@ "id": "pe-16_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[02]", @@ -73071,23 +61945,6 @@ "id": "pe-16_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[03]", @@ -73106,23 +61963,6 @@ "id": "pe-16_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-16a.[04]", @@ -73149,23 +61989,6 @@ "id": "pe-16_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-16b.", @@ -73281,6 +62104,11 @@ } ], "props": [ + { + "name": "label", + "value": "PE-17", + "class": "zero-padded" + }, { "name": "label", "value": "PE-17" @@ -73327,11 +62155,6 @@ "id": "pe-17_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -73343,11 +62166,6 @@ "id": "pe-17_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -73359,11 +62177,6 @@ "id": "pe-17_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -73375,11 +62188,6 @@ "id": "pe-17_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -73409,23 +62217,6 @@ "id": "pe-17_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-17a.", @@ -73444,23 +62235,6 @@ "id": "pe-17_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-17b.", @@ -73479,23 +62253,6 @@ "id": "pe-17_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PE-17c.", @@ -73514,23 +62271,6 @@ "id": "pe-17_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PE-17d.", @@ -73728,6 +62468,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-01", + "class": "zero-padded" + }, { "name": "label", "value": "PL-1" @@ -73799,12 +62544,6 @@ "id": "pl-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -73864,11 +62603,6 @@ "id": "pl-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -73880,12 +62614,6 @@ "id": "pl-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -73950,23 +62678,6 @@ "id": "pl-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[01]", @@ -73985,23 +62696,6 @@ "id": "pl-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[02]", @@ -74020,17 +62714,6 @@ "id": "pl-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[03]", @@ -74049,17 +62732,6 @@ "id": "pl-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.[04]", @@ -74089,17 +62761,6 @@ "id": "pl-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.01(a)", @@ -74245,17 +62906,6 @@ "id": "pl-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-01a.01(b)", @@ -74290,23 +62940,6 @@ "id": "pl-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01b.", @@ -74336,23 +62969,6 @@ "id": "pl-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01c.01", @@ -74408,23 +63024,6 @@ "id": "pl-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-01c.02", @@ -74587,6 +63186,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-02", + "class": "zero-padded" + }, { "name": "label", "value": "PL-2" @@ -74790,11 +63394,6 @@ "id": "pl-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -74973,11 +63572,6 @@ "id": "pl-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -74989,11 +63583,6 @@ "id": "pl-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -75005,11 +63594,6 @@ "id": "pl-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -75021,11 +63605,6 @@ "id": "pl-2_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -75077,57 +63656,6 @@ "id": "pl-2_obj.a.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.01[01]", @@ -75146,57 +63674,6 @@ "id": "pl-2_obj.a.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.01[02]", @@ -75344,17 +63821,6 @@ "id": "pl-2_obj.a.4-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.04[01]", @@ -75373,17 +63839,6 @@ "id": "pl-2_obj.a.4-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.04[02]", @@ -75410,17 +63865,6 @@ "id": "pl-2_obj.a.5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.05", @@ -75476,17 +63920,6 @@ "id": "pl-2_obj.a.6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.06", @@ -75542,17 +63975,6 @@ "id": "pl-2_obj.a.7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.07", @@ -75608,17 +64030,6 @@ "id": "pl-2_obj.a.8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.08", @@ -75674,23 +64085,6 @@ "id": "pl-2_obj.a.9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.09", @@ -75757,17 +64151,6 @@ "id": "pl-2_obj.a.10-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.10[01]", @@ -75786,17 +64169,6 @@ "id": "pl-2_obj.a.10-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.10[02]", @@ -75823,17 +64195,6 @@ "id": "pl-2_obj.a.11", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.11", @@ -75900,17 +64261,6 @@ "id": "pl-2_obj.a.12-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.12[01]", @@ -75929,17 +64279,6 @@ "id": "pl-2_obj.a.12-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.12[02]", @@ -75977,23 +64316,6 @@ "id": "pl-2_obj.a.13-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.13[01]", @@ -76012,23 +64334,6 @@ "id": "pl-2_obj.a.13-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.13[02]", @@ -76066,23 +64371,6 @@ "id": "pl-2_obj.a.14-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.14[01]", @@ -76101,23 +64389,6 @@ "id": "pl-2_obj.a.14-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.14[02]", @@ -76155,23 +64426,6 @@ "id": "pl-2_obj.a.15-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.15[01]", @@ -76190,23 +64444,6 @@ "id": "pl-2_obj.a.15-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-02a.15[02]", @@ -76241,23 +64478,6 @@ "id": "pl-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02b.", @@ -76313,23 +64533,6 @@ "id": "pl-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02c.", @@ -76348,23 +64551,6 @@ "id": "pl-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02d.", @@ -76438,23 +64624,6 @@ "id": "pl-2_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-02e.", @@ -76627,6 +64796,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-04", + "class": "zero-padded" + }, { "name": "label", "value": "PL-4" @@ -76746,11 +64920,6 @@ "id": "pl-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -76762,11 +64931,6 @@ "id": "pl-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -76778,11 +64942,6 @@ "id": "pl-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -76794,11 +64953,6 @@ "id": "pl-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -76828,23 +64982,6 @@ "id": "pl-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04a.", @@ -76900,23 +65037,6 @@ "id": "pl-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04b.", @@ -76935,23 +65055,6 @@ "id": "pl-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-04c.", @@ -76970,23 +65073,6 @@ "id": "pl-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-04d.", @@ -77082,6 +65168,11 @@ "class": "SP800-53-enhancement", "title": "Social Media and External Site/Application Usage Restrictions", "props": [ + { + "name": "label", + "value": "PL-04(01)", + "class": "zero-padded" + }, { "name": "label", "value": "PL-4(1)" @@ -77130,11 +65221,6 @@ "id": "pl-4.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -77146,11 +65232,6 @@ "id": "pl-4.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -77162,11 +65243,6 @@ "id": "pl-4.1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -77196,23 +65272,6 @@ "id": "pl-4.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04(01)(a)", @@ -77231,23 +65290,6 @@ "id": "pl-4.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04(01)(b)", @@ -77266,23 +65308,6 @@ "id": "pl-4.1_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-04(01)(c)", @@ -77396,6 +65421,11 @@ } ], "props": [ + { + "name": "label", + "value": "PL-08", + "class": "zero-padded" + }, { "name": "label", "value": "PL-8" @@ -77495,11 +65525,6 @@ "id": "pl-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -77557,11 +65582,6 @@ "id": "pl-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -77573,11 +65593,6 @@ "id": "pl-8_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -77636,23 +65651,6 @@ "id": "pl-8_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.01", @@ -77671,23 +65669,6 @@ "id": "pl-8_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.02", @@ -77706,17 +65687,6 @@ "id": "pl-8_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.03", @@ -77772,17 +65742,6 @@ "id": "pl-8_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-08a.04", @@ -77846,23 +65805,6 @@ "id": "pl-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PL-08b.", @@ -77892,23 +65834,6 @@ "id": "pl-8_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[01]", @@ -77927,23 +65852,6 @@ "id": "pl-8_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[02]", @@ -77962,23 +65870,6 @@ "id": "pl-8_obj.c-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[03]", @@ -77997,23 +65888,6 @@ "id": "pl-8_obj.c-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[04]", @@ -78032,23 +65906,6 @@ "id": "pl-8_obj.c-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[05]", @@ -78067,23 +65924,6 @@ "id": "pl-8_obj.c-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-08c.[06]", @@ -78187,6 +66027,11 @@ "class": "SP800-53", "title": "Baseline Selection", "props": [ + { + "name": "label", + "value": "PL-10", + "class": "zero-padded" + }, { "name": "label", "value": "PL-10" @@ -78272,13 +66117,6 @@ { "id": "pl-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Select a control baseline for the system.", "parts": [ { @@ -78310,17 +66148,6 @@ "id": "pl-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PL-10", @@ -78386,6 +66213,11 @@ "class": "SP800-53", "title": "Baseline Tailoring", "props": [ + { + "name": "label", + "value": "PL-11", + "class": "zero-padded" + }, { "name": "label", "value": "PL-11" @@ -78471,13 +66303,6 @@ { "id": "pl-11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Tailor the selected control baseline by applying specified tailoring actions." }, { @@ -78489,23 +66314,6 @@ "id": "pl-11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PL-11", @@ -78673,6 +66481,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-01", + "class": "zero-padded" + }, { "name": "label", "value": "PS-1" @@ -78736,12 +66549,6 @@ "id": "ps-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -78801,11 +66608,6 @@ "id": "ps-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -78817,12 +66619,6 @@ "id": "ps-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -78887,23 +66683,6 @@ "id": "ps-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[01]", @@ -78922,23 +66701,6 @@ "id": "ps-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[02]", @@ -78957,17 +66719,6 @@ "id": "ps-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[03]", @@ -78986,17 +66737,6 @@ "id": "ps-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.[04]", @@ -79026,17 +66766,6 @@ "id": "ps-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.01(a)", @@ -79182,17 +66911,6 @@ "id": "ps-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-01a.01(b)", @@ -79227,23 +66945,6 @@ "id": "ps-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01b.", @@ -79273,23 +66974,6 @@ "id": "ps-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01c.01", @@ -79345,23 +67029,6 @@ "id": "ps-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-01c.02", @@ -79496,6 +67163,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-02", + "class": "zero-padded" + }, { "name": "label", "value": "PS-2" @@ -79574,11 +67246,6 @@ "id": "ps-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -79590,11 +67257,6 @@ "id": "ps-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -79606,11 +67268,6 @@ "id": "ps-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -79640,23 +67297,6 @@ "id": "ps-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-02a.", @@ -79675,23 +67315,6 @@ "id": "ps-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-02b.", @@ -79710,23 +67333,6 @@ "id": "ps-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-02c.", @@ -79851,6 +67457,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-03", + "class": "zero-padded" + }, { "name": "label", "value": "PS-3" @@ -79953,11 +67564,6 @@ "id": "ps-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -79969,11 +67575,6 @@ "id": "ps-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -80003,23 +67604,6 @@ "id": "ps-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03a.", @@ -80049,23 +67633,6 @@ "id": "ps-3_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03b.[01]", @@ -80084,23 +67651,6 @@ "id": "ps-3_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03b.[02]", @@ -80209,7 +67759,7 @@ "label": "additional personnel screening criteria", "constraints": [ { - "description": "personnel screening criteria - as required by specific information" + "description": "personnel screening criteria – as required by specific information" } ], "guidelines": [ @@ -80220,6 +67770,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-03(03)", + "class": "zero-padded" + }, { "name": "label", "value": "PS-3(3)" @@ -80255,11 +67810,6 @@ "id": "ps-3.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -80271,11 +67821,6 @@ "id": "ps-3.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -80305,23 +67850,6 @@ "id": "ps-3.3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03(03)(a)", @@ -80340,23 +67868,6 @@ "id": "ps-3.3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-03(03)(b)", @@ -80479,6 +67990,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-04", + "class": "zero-padded" + }, { "name": "label", "value": "PS-4" @@ -80534,11 +68050,6 @@ "id": "ps-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -80550,11 +68061,6 @@ "id": "ps-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -80566,11 +68072,6 @@ "id": "ps-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -80582,11 +68083,6 @@ "id": "ps-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -80598,11 +68094,6 @@ "id": "ps-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -80632,17 +68123,6 @@ "id": "ps-4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04a.", @@ -80661,17 +68141,6 @@ "id": "ps-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04b.", @@ -80690,23 +68159,6 @@ "id": "ps-4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04c.", @@ -80725,23 +68177,6 @@ "id": "ps-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-04d.", @@ -80760,23 +68195,6 @@ "id": "ps-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-04e.", @@ -80925,6 +68343,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-05", + "class": "zero-padded" + }, { "name": "label", "value": "PS-5" @@ -80979,11 +68402,6 @@ "id": "ps-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -80995,11 +68413,6 @@ "id": "ps-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -81011,11 +68424,6 @@ "id": "ps-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -81027,11 +68435,6 @@ "id": "ps-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -81061,23 +68464,6 @@ "id": "ps-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-05a.", @@ -81096,23 +68482,6 @@ "id": "ps-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-05b.", @@ -81131,17 +68500,6 @@ "id": "ps-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-05c.", @@ -81160,23 +68518,6 @@ "id": "ps-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-05d.", @@ -81302,6 +68643,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-06", + "class": "zero-padded" + }, { "name": "label", "value": "PS-6" @@ -81377,11 +68723,6 @@ "id": "ps-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -81393,11 +68734,6 @@ "id": "ps-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -81409,11 +68745,6 @@ "id": "ps-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -81467,17 +68798,6 @@ "id": "ps-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-06a.", @@ -81496,23 +68816,6 @@ "id": "ps-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-06b.", @@ -81542,23 +68845,6 @@ "id": "ps-6_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-06c.01", @@ -81577,23 +68863,6 @@ "id": "ps-6_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-06c.02", @@ -81727,6 +68996,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-07", + "class": "zero-padded" + }, { "name": "label", "value": "PS-7" @@ -81818,11 +69092,6 @@ "id": "ps-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -81834,11 +69103,6 @@ "id": "ps-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -81850,11 +69114,6 @@ "id": "ps-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -81866,11 +69125,6 @@ "id": "ps-7_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -81882,11 +69136,6 @@ "id": "ps-7_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -81916,23 +69165,6 @@ "id": "ps-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-07a.", @@ -81951,23 +69183,6 @@ "id": "ps-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-07b.", @@ -81986,17 +69201,6 @@ "id": "ps-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-07c.", @@ -82015,23 +69219,6 @@ "id": "ps-7_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-07d.", @@ -82050,23 +69237,6 @@ "id": "ps-7_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-07e.", @@ -82192,6 +69362,11 @@ } ], "props": [ + { + "name": "label", + "value": "PS-08", + "class": "zero-padded" + }, { "name": "label", "value": "PS-8" @@ -82238,11 +69413,6 @@ "id": "ps-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -82254,11 +69424,6 @@ "id": "ps-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -82288,23 +69453,6 @@ "id": "ps-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "PS-08a.", @@ -82323,23 +69471,6 @@ "id": "ps-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "PS-08b.", @@ -82435,6 +69566,11 @@ "class": "SP800-53", "title": "Position Descriptions", "props": [ + { + "name": "label", + "value": "PS-09", + "class": "zero-padded" + }, { "name": "label", "value": "PS-9" @@ -82464,13 +69600,6 @@ { "id": "ps-9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Incorporate security and privacy roles and responsibilities into organizational position descriptions." }, { @@ -82482,17 +69611,6 @@ "id": "ps-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "PS-09", @@ -82719,6 +69837,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-01", + "class": "zero-padded" + }, { "name": "label", "value": "RA-1" @@ -82786,12 +69909,6 @@ "id": "ra-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -82851,11 +69968,6 @@ "id": "ra-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -82867,12 +69979,6 @@ "id": "ra-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -82937,23 +70043,6 @@ "id": "ra-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[01]", @@ -82972,23 +70061,6 @@ "id": "ra-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[02]", @@ -83007,17 +70079,6 @@ "id": "ra-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[03]", @@ -83036,17 +70097,6 @@ "id": "ra-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.[04]", @@ -83076,17 +70126,6 @@ "id": "ra-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.01(a)", @@ -83232,17 +70271,6 @@ "id": "ra-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-01a.01(b)", @@ -83277,23 +70305,6 @@ "id": "ra-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01b.", @@ -83323,23 +70334,6 @@ "id": "ra-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01c.01", @@ -83395,23 +70389,6 @@ "id": "ra-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-01c.02", @@ -83530,6 +70507,11 @@ "class": "SP800-53", "title": "Security Categorization", "props": [ + { + "name": "label", + "value": "RA-02", + "class": "zero-padded" + }, { "name": "label", "value": "RA-2" @@ -83656,11 +70638,6 @@ "id": "ra-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -83672,11 +70649,6 @@ "id": "ra-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -83688,11 +70660,6 @@ "id": "ra-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -83722,17 +70689,6 @@ "id": "ra-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-02a.", @@ -83751,17 +70707,6 @@ "id": "ra-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-02b.", @@ -83780,23 +70725,6 @@ "id": "ra-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-02c.", @@ -83955,6 +70883,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-03", + "class": "zero-padded" + }, { "name": "label", "value": "RA-3" @@ -84122,11 +71055,6 @@ "id": "ra-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -84173,11 +71101,6 @@ "id": "ra-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -84189,11 +71112,6 @@ "id": "ra-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -84205,11 +71123,6 @@ "id": "ra-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -84221,11 +71134,6 @@ "id": "ra-3_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -84237,11 +71145,6 @@ "id": "ra-3_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -84311,23 +71214,6 @@ "id": "ra-3_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03a.01", @@ -84346,23 +71232,6 @@ "id": "ra-3_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03a.02", @@ -84381,23 +71250,6 @@ "id": "ra-3_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03a.03", @@ -84424,23 +71276,6 @@ "id": "ra-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03b.", @@ -84459,17 +71294,6 @@ "id": "ra-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "RA-03c.", @@ -84488,23 +71312,6 @@ "id": "ra-3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03d.", @@ -84523,23 +71330,6 @@ "id": "ra-3_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03e.", @@ -84558,23 +71348,6 @@ "id": "ra-3_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03f.", @@ -84690,6 +71463,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-03(01)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-3(1)" @@ -84749,11 +71527,6 @@ "id": "ra-3.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -84765,11 +71538,6 @@ "id": "ra-3.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -84799,23 +71567,6 @@ "id": "ra-3.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-03(01)(a)", @@ -84834,23 +71585,6 @@ "id": "ra-3.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-03(01)(b)", @@ -85001,9 +71735,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "RA-05", + "class": "zero-padded" }, { "name": "label", @@ -85144,11 +71878,6 @@ "id": "ra-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -85160,11 +71889,6 @@ "id": "ra-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -85211,11 +71935,6 @@ "id": "ra-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -85227,11 +71946,6 @@ "id": "ra-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -85243,11 +71957,6 @@ "id": "ra-5_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -85259,11 +71968,6 @@ "id": "ra-5_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -85329,7 +72033,7 @@ "value": "Guidance:" } ], - "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a \\\"warning\\\" as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on \\\"Tracking of Compliance Scans\\\" in FAQs." + "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a “warning” as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on “Tracking of Compliance Scans” in FAQs." } ] } @@ -85355,23 +72059,6 @@ "id": "ra-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05a.", @@ -85427,23 +72114,6 @@ "id": "ra-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.", @@ -85456,23 +72126,6 @@ "id": "ra-5_obj.b.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.01", @@ -85491,23 +72144,6 @@ "id": "ra-5_obj.b.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.02", @@ -85526,23 +72162,6 @@ "id": "ra-5_obj.b.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05b.03", @@ -85569,23 +72188,6 @@ "id": "ra-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05c.", @@ -85604,23 +72206,6 @@ "id": "ra-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05d.", @@ -85639,23 +72224,6 @@ "id": "ra-5_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05e.", @@ -85674,23 +72242,6 @@ "id": "ra-5_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05f.", @@ -85814,9 +72365,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "RA-05(02)", + "class": "zero-padded" }, { "name": "label", @@ -85856,13 +72407,6 @@ { "id": "ra-5.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Update the system vulnerabilities to be scanned {{ insert: param, ra-05.02_odp.01 }}." }, { @@ -85874,23 +72418,6 @@ "id": "ra-5.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(02)", @@ -85979,9 +72506,9 @@ "title": "Breadth and Depth of Coverage", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "RA-05(03)", + "class": "zero-padded" }, { "name": "label", @@ -86017,13 +72544,6 @@ { "id": "ra-5.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Define the breadth and depth of vulnerability scanning coverage." }, { @@ -86035,23 +72555,6 @@ "id": "ra-5.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(03)", @@ -86169,6 +72672,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-05(05)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5(5)" @@ -86203,13 +72711,6 @@ { "id": "ra-5.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement privileged access authorization to {{ insert: param, ra-05.05_odp.01 }} for {{ insert: param, ra-05.05_odp.02 }}." }, { @@ -86221,23 +72722,6 @@ "id": "ra-5.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(05)", @@ -86325,6 +72809,11 @@ "class": "SP800-53-enhancement", "title": "Public Disclosure Program", "props": [ + { + "name": "label", + "value": "RA-05(11)", + "class": "zero-padded" + }, { "name": "label", "value": "RA-5(11)" @@ -86359,13 +72848,6 @@ { "id": "ra-5.11_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish a public reporting channel for receiving reports of vulnerabilities in organizational systems and system components." }, { @@ -86377,23 +72859,6 @@ "id": "ra-5.11_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-05(11)", @@ -86483,6 +72948,11 @@ "class": "SP800-53", "title": "Risk Response", "props": [ + { + "name": "label", + "value": "RA-07", + "class": "zero-padded" + }, { "name": "label", "value": "RA-7" @@ -86565,13 +73035,6 @@ { "id": "ra-7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Respond to findings from security and privacy assessments, monitoring, and audits in accordance with organizational risk tolerance." }, { @@ -86583,23 +73046,6 @@ "id": "ra-7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "RA-07", @@ -86780,6 +73226,11 @@ } ], "props": [ + { + "name": "label", + "value": "RA-09", + "class": "zero-padded" + }, { "name": "label", "value": "RA-9" @@ -86853,13 +73304,6 @@ { "id": "ra-9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Identify critical system components and functions by performing a criticality analysis for {{ insert: param, ra-09_odp.01 }} at {{ insert: param, ra-09_odp.02 }}." }, { @@ -86871,23 +73315,6 @@ "id": "ra-9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "RA-09", @@ -87077,6 +73504,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-01", + "class": "zero-padded" + }, { "name": "label", "value": "SA-1" @@ -87152,12 +73584,6 @@ "id": "sa-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -87217,11 +73643,6 @@ "id": "sa-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -87233,12 +73654,6 @@ "id": "sa-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -87303,23 +73718,6 @@ "id": "sa-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[01]", @@ -87338,23 +73736,6 @@ "id": "sa-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[02]", @@ -87373,17 +73754,6 @@ "id": "sa-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[03]", @@ -87402,17 +73772,6 @@ "id": "sa-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.[04]", @@ -87442,17 +73801,6 @@ "id": "sa-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.01(a)", @@ -87598,17 +73946,6 @@ "id": "sa-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-01a.01(b)", @@ -87643,23 +73980,6 @@ "id": "sa-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01b.", @@ -87689,23 +74009,6 @@ "id": "sa-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01c.01", @@ -87761,23 +74064,6 @@ "id": "sa-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-01c.02", @@ -87896,6 +74182,11 @@ "class": "SP800-53", "title": "Allocation of Resources", "props": [ + { + "name": "label", + "value": "SA-02", + "class": "zero-padded" + }, { "name": "label", "value": "SA-2" @@ -87967,11 +74258,6 @@ "id": "sa-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -87983,11 +74269,6 @@ "id": "sa-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -87999,11 +74280,6 @@ "id": "sa-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -88044,23 +74320,6 @@ "id": "sa-2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02a.[01]", @@ -88079,23 +74338,6 @@ "id": "sa-2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02a.[02]", @@ -88133,23 +74375,6 @@ "id": "sa-2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02b.[01]", @@ -88168,23 +74393,6 @@ "id": "sa-2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02b.[02]", @@ -88222,23 +74430,6 @@ "id": "sa-2_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02c.[01]", @@ -88257,23 +74448,6 @@ "id": "sa-2_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-02c.[02]", @@ -88388,6 +74562,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-03", + "class": "zero-padded" + }, { "name": "label", "value": "SA-3" @@ -88503,11 +74682,6 @@ "id": "sa-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -88519,11 +74693,6 @@ "id": "sa-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -88535,11 +74704,6 @@ "id": "sa-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -88551,11 +74715,6 @@ "id": "sa-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -88596,23 +74755,6 @@ "id": "sa-3_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03a.[01]", @@ -88631,23 +74773,6 @@ "id": "sa-3_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03a.[02]", @@ -88685,23 +74810,6 @@ "id": "sa-3_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03b.[01]", @@ -88720,23 +74828,6 @@ "id": "sa-3_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03b.[02]", @@ -88774,23 +74865,6 @@ "id": "sa-3_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03c.[01]", @@ -88809,23 +74883,6 @@ "id": "sa-3_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03c.[02]", @@ -88863,23 +74920,6 @@ "id": "sa-3_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03d.[01]", @@ -88898,23 +74938,6 @@ "id": "sa-3_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-03d.[02]", @@ -89039,6 +75062,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-04", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4" @@ -89215,11 +75243,6 @@ "id": "sa-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -89231,11 +75254,6 @@ "id": "sa-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -89247,11 +75265,6 @@ "id": "sa-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -89263,11 +75276,6 @@ "id": "sa-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -89279,11 +75287,6 @@ "id": "sa-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -89295,11 +75298,6 @@ "id": "sa-4_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -89311,11 +75309,6 @@ "id": "sa-4_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -89327,11 +75320,6 @@ "id": "sa-4_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "h." @@ -89343,11 +75331,6 @@ "id": "sa-4_smt.i", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "i." @@ -89417,57 +75400,6 @@ "id": "sa-4_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04a.[01]", @@ -89486,57 +75418,6 @@ "id": "sa-4_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04a.[02]", @@ -89563,23 +75444,6 @@ "id": "sa-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04b.", @@ -89708,23 +75572,6 @@ "id": "sa-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04e.", @@ -89780,23 +75627,6 @@ "id": "sa-4_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04f.", @@ -89852,23 +75682,6 @@ "id": "sa-4_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04g.", @@ -89887,23 +75700,6 @@ "id": "sa-4_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04h.", @@ -89977,23 +75773,6 @@ "id": "sa-4_obj.i", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04i.", @@ -90089,6 +75868,11 @@ "class": "SP800-53-enhancement", "title": "Functional Properties of Controls", "props": [ + { + "name": "label", + "value": "SA-04(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(1)" @@ -90123,13 +75907,6 @@ { "id": "sa-4.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require the developer of the system, system component, or system service to provide a description of the functional properties of the controls to be implemented." }, { @@ -90141,23 +75918,6 @@ "id": "sa-4.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(01)", @@ -90283,6 +76043,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-04(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(2)" @@ -90317,13 +76082,6 @@ { "id": "sa-4.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require the developer of the system, system component, or system service to provide design and implementation information for the controls that includes: {{ insert: param, sa-04.02_odp.01 }} at {{ insert: param, sa-04.02_odp.03 }}." }, { @@ -90335,23 +76093,6 @@ "id": "sa-4.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(02)", @@ -90439,6 +76180,11 @@ "class": "SP800-53-enhancement", "title": "Functions, Ports, Protocols, and Services in Use", "props": [ + { + "name": "label", + "value": "SA-04(09)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(9)" @@ -90481,13 +76227,6 @@ { "id": "sa-4.9_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require the developer of the system, system component, or system service to identify the functions, ports, protocols, and services intended for organizational use." }, { @@ -90499,23 +76238,6 @@ "id": "sa-4.9_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(09)", @@ -90654,6 +76376,11 @@ "class": "SP800-53-enhancement", "title": "Use of Approved PIV Products", "props": [ + { + "name": "label", + "value": "SA-04(10)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-4(10)" @@ -90700,13 +76427,6 @@ { "id": "sa-4.10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ only information technology products on the FIPS 201-approved products list for Personal Identity Verification (PIV) capability implemented within organizational systems." }, { @@ -90718,23 +76438,6 @@ "id": "sa-4.10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-04(10)", @@ -90849,6 +76552,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-05", + "class": "zero-padded" + }, { "name": "label", "value": "SA-5" @@ -90964,11 +76672,6 @@ "id": "sa-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -91015,11 +76718,6 @@ "id": "sa-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -91066,11 +76764,6 @@ "id": "sa-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -91082,11 +76775,6 @@ "id": "sa-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -91127,23 +76815,6 @@ "id": "sa-5_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.01", @@ -91228,23 +76899,6 @@ "id": "sa-5_obj.a.2-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[01]", @@ -91263,23 +76917,6 @@ "id": "sa-5_obj.a.2-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[02]", @@ -91298,23 +76935,6 @@ "id": "sa-5_obj.a.2-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[03]", @@ -91333,23 +76953,6 @@ "id": "sa-5_obj.a.2-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.02[04]", @@ -91376,23 +76979,6 @@ "id": "sa-5_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05a.03", @@ -91478,23 +77064,6 @@ "id": "sa-5_obj.b.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[01]", @@ -91513,23 +77082,6 @@ "id": "sa-5_obj.b.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[02]", @@ -91548,23 +77100,6 @@ "id": "sa-5_obj.b.1-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[03]", @@ -91583,23 +77118,6 @@ "id": "sa-5_obj.b.1-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.01[04]", @@ -91637,23 +77155,6 @@ "id": "sa-5_obj.b.2-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.02[01]", @@ -91672,23 +77173,6 @@ "id": "sa-5_obj.b.2-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.02[02]", @@ -91726,23 +77210,6 @@ "id": "sa-5_obj.b.3-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.03[01]", @@ -91761,23 +77228,6 @@ "id": "sa-5_obj.b.3-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-05b.03[02]", @@ -91823,23 +77273,6 @@ "id": "sa-5_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-05c.[01]", @@ -91858,23 +77291,6 @@ "id": "sa-5_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-05c.[02]", @@ -91901,23 +77317,6 @@ "id": "sa-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-05d.", @@ -92037,6 +77436,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-08", + "class": "zero-padded" + }, { "name": "label", "value": "SA-8" @@ -92179,13 +77583,6 @@ { "id": "sa-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Apply the following systems security and privacy engineering principles in the specification, design, development, implementation, and modification of the system and system components: {{ insert: param, sa-8_prm_1 }}." }, { @@ -92208,23 +77605,6 @@ "id": "sa-8_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[01]", @@ -92243,23 +77623,6 @@ "id": "sa-8_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[02]", @@ -92278,23 +77641,6 @@ "id": "sa-8_obj-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[03]", @@ -92313,23 +77659,6 @@ "id": "sa-8_obj-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[04]", @@ -92348,23 +77677,6 @@ "id": "sa-8_obj-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[05]", @@ -92383,23 +77695,6 @@ "id": "sa-8_obj-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[06]", @@ -92418,23 +77713,6 @@ "id": "sa-8_obj-7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[07]", @@ -92453,23 +77731,6 @@ "id": "sa-8_obj-8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[08]", @@ -92488,23 +77749,6 @@ "id": "sa-8_obj-9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[09]", @@ -92523,23 +77767,6 @@ "id": "sa-8_obj-10", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-08[10]", @@ -92666,9 +77893,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SA-09", + "class": "zero-padded" }, { "name": "label", @@ -92773,11 +78000,6 @@ "id": "sa-9_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -92789,11 +78011,6 @@ "id": "sa-9_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -92805,11 +78022,6 @@ "id": "sa-9_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -92850,23 +78062,6 @@ "id": "sa-9_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09a.[01]", @@ -92885,23 +78080,6 @@ "id": "sa-9_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09a.[02]", @@ -92920,17 +78098,6 @@ "id": "sa-9_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-09a.[03]", @@ -92968,17 +78135,6 @@ "id": "sa-9_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-09b.[01]", @@ -92997,17 +78153,6 @@ "id": "sa-9_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SA-09b.[02]", @@ -93034,23 +78179,6 @@ "id": "sa-9_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-09c.", @@ -93157,6 +78285,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-09(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-9(1)" @@ -93208,11 +78341,6 @@ "id": "sa-9.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -93224,11 +78352,6 @@ "id": "sa-9.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -93258,23 +78381,6 @@ "id": "sa-9.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-09(01)(a)", @@ -93293,23 +78399,6 @@ "id": "sa-9.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-09(01)(b)", @@ -93421,6 +78510,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-09(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-9(2)" @@ -93463,13 +78557,6 @@ { "id": "sa-9.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require providers of the following external system services to identify the functions, ports, protocols, and other services required for the use of such services: {{ insert: param, sa-09.02_odp }}." }, { @@ -93481,23 +78568,6 @@ "id": "sa-9.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09(02)", @@ -93599,6 +78669,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-09(05)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-9(5)" @@ -93641,13 +78716,6 @@ { "id": "sa-9.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Restrict the location of {{ insert: param, sa-09.05_odp.01 }} to {{ insert: param, sa-09.05_odp.02 }} based on {{ insert: param, sa-09.05_odp.03 }}." }, { @@ -93659,23 +78727,6 @@ "id": "sa-9.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-09(05)", @@ -93803,6 +78854,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-10", + "class": "zero-padded" + }, { "name": "label", "value": "SA-10" @@ -93915,11 +78971,6 @@ "id": "sa-10_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -93931,11 +78982,6 @@ "id": "sa-10_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -93947,11 +78993,6 @@ "id": "sa-10_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -93963,11 +79004,6 @@ "id": "sa-10_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -93979,11 +79015,6 @@ "id": "sa-10_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -94031,23 +79062,6 @@ "id": "sa-10_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-10a.", @@ -94066,29 +79080,6 @@ "id": "sa-10_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-10b.", @@ -94162,23 +79153,6 @@ "id": "sa-10_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-10c.", @@ -94197,23 +79171,6 @@ "id": "sa-10_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-10d.", @@ -94287,23 +79244,6 @@ "id": "sa-10_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-10e.", @@ -94486,6 +79426,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-11", + "class": "zero-padded" + }, { "name": "label", "value": "SA-11" @@ -94594,11 +79539,6 @@ "id": "sa-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -94610,11 +79550,6 @@ "id": "sa-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -94626,11 +79561,6 @@ "id": "sa-11_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -94642,11 +79572,6 @@ "id": "sa-11_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -94658,11 +79583,6 @@ "id": "sa-11_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -94703,29 +79623,6 @@ "id": "sa-11_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11a.[01]", @@ -94744,29 +79641,6 @@ "id": "sa-11_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11a.[02]", @@ -94785,29 +79659,6 @@ "id": "sa-11_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11a.[03]", @@ -94826,29 +79677,6 @@ "id": "sa-11_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11a.[04]", @@ -94875,23 +79703,6 @@ "id": "sa-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11b.", @@ -94910,23 +79721,6 @@ "id": "sa-11_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11c.", @@ -94982,23 +79776,6 @@ "id": "sa-11_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11d.", @@ -95017,23 +79794,6 @@ "id": "sa-11_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11e.", @@ -95130,9 +79890,9 @@ "title": "Static Code Analysis", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SA-11(01)", + "class": "zero-padded" }, { "name": "label", @@ -95168,13 +79928,6 @@ { "id": "sa-11.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Require the developer of the system, system component, or system service to employ static code analysis tools to identify common flaws and document the results of the analysis.", "parts": [ { @@ -95206,23 +79959,6 @@ "id": "sa-11.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(01)", @@ -95411,6 +80147,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-11(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-11(2)" @@ -95463,11 +80204,6 @@ "id": "sa-11.2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -95479,11 +80215,6 @@ "id": "sa-11.2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -95495,11 +80226,6 @@ "id": "sa-11.2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -95511,11 +80237,6 @@ "id": "sa-11.2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -95556,23 +80277,6 @@ "id": "sa-11.2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(a)[01]", @@ -95591,23 +80295,6 @@ "id": "sa-11.2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(a)[02]", @@ -95626,23 +80313,6 @@ "id": "sa-11.2_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(a)[03]", @@ -95661,23 +80331,6 @@ "id": "sa-11.2_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(a)[04]", @@ -95715,23 +80368,6 @@ "id": "sa-11.2_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(b)[01]", @@ -95750,23 +80386,6 @@ "id": "sa-11.2_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(b)[02]", @@ -95785,23 +80404,6 @@ "id": "sa-11.2_obj.b-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(b)[03]", @@ -95820,23 +80422,6 @@ "id": "sa-11.2_obj.b-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(b)[04]", @@ -95874,23 +80459,6 @@ "id": "sa-11.2_obj.c-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(c)[01]", @@ -95909,23 +80477,6 @@ "id": "sa-11.2_obj.c-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(c)[02]", @@ -95963,23 +80514,6 @@ "id": "sa-11.2_obj.d-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(d)[01]", @@ -95998,23 +80532,6 @@ "id": "sa-11.2_obj.d-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(d)[02]", @@ -96033,23 +80550,6 @@ "id": "sa-11.2_obj.d-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(d)[03]", @@ -96068,23 +80568,6 @@ "id": "sa-11.2_obj.d-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-11(02)(d)[04]", @@ -96233,6 +80716,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-15", + "class": "zero-padded" + }, { "name": "label", "value": "SA-15" @@ -96320,11 +80808,6 @@ "id": "sa-15_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -96382,11 +80865,6 @@ "id": "sa-15_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -96438,23 +80916,6 @@ "id": "sa-15_obj.a.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.01[01]", @@ -96473,23 +80934,6 @@ "id": "sa-15_obj.a.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.01[02]", @@ -96516,23 +80960,6 @@ "id": "sa-15_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.02", @@ -96588,23 +81015,6 @@ "id": "sa-15_obj.a.3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.03", @@ -96660,29 +81070,6 @@ "id": "sa-15_obj.a.4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15a.04", @@ -96720,23 +81107,6 @@ "id": "sa-15_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15b.[01]", @@ -96755,23 +81125,6 @@ "id": "sa-15_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15b.[02]", @@ -96886,6 +81239,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-15(03)", + "class": "zero-padded" + }, { "name": "label", "value": "SA-15(3)" @@ -96930,11 +81288,6 @@ "id": "sa-15.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -96946,11 +81299,6 @@ "id": "sa-15.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -96969,23 +81317,6 @@ "id": "sa-15.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-15(03)", @@ -97170,6 +81501,11 @@ } ], "props": [ + { + "name": "label", + "value": "SA-22", + "class": "zero-padded" + }, { "name": "label", "value": "SA-22" @@ -97213,11 +81549,6 @@ "id": "sa-22_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -97229,11 +81560,6 @@ "id": "sa-22_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -97263,23 +81589,6 @@ "id": "sa-22_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SA-22a.", @@ -97298,23 +81607,6 @@ "id": "sa-22_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SA-22b.", @@ -97512,6 +81804,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-01", + "class": "zero-padded" + }, { "name": "label", "value": "SC-1" @@ -97575,12 +81872,6 @@ "id": "sc-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -97640,11 +81931,6 @@ "id": "sc-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -97656,12 +81942,6 @@ "id": "sc-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -97726,23 +82006,6 @@ "id": "sc-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[01]", @@ -97761,23 +82024,6 @@ "id": "sc-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[02]", @@ -97796,17 +82042,6 @@ "id": "sc-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[03]", @@ -97825,17 +82060,6 @@ "id": "sc-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.[04]", @@ -97865,17 +82089,6 @@ "id": "sc-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.01(a)", @@ -98021,17 +82234,6 @@ "id": "sc-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-01a.01(b)", @@ -98066,23 +82268,6 @@ "id": "sc-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01b.", @@ -98112,23 +82297,6 @@ "id": "sc-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01c.01", @@ -98184,23 +82352,6 @@ "id": "sc-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-01c.02", @@ -98319,6 +82470,11 @@ "class": "SP800-53", "title": "Separation of System and User Functionality", "props": [ + { + "name": "label", + "value": "SC-02", + "class": "zero-padded" + }, { "name": "label", "value": "SC-2" @@ -98381,13 +82537,6 @@ { "id": "sc-2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Separate user functionality, including user interface services, from system management functionality." }, { @@ -98399,23 +82548,6 @@ "id": "sc-2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-02", @@ -98503,6 +82635,11 @@ "class": "SP800-53", "title": "Information in Shared System Resources", "props": [ + { + "name": "label", + "value": "SC-04", + "class": "zero-padded" + }, { "name": "label", "value": "SC-4" @@ -98540,13 +82677,6 @@ { "id": "sc-4_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent unauthorized and unintended information transfer via shared system resources." }, { @@ -98558,23 +82688,6 @@ "id": "sc-4_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-04", @@ -98738,6 +82851,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-05", + "class": "zero-padded" + }, { "name": "label", "value": "SC-5" @@ -98792,11 +82910,6 @@ "id": "sc-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -98808,11 +82921,6 @@ "id": "sc-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -98842,23 +82950,6 @@ "id": "sc-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-05a.", @@ -98877,17 +82968,6 @@ "id": "sc-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-05b.", @@ -98995,9 +83075,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07", + "class": "zero-padded" }, { "name": "label", @@ -99153,11 +83233,6 @@ "id": "sc-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -99169,11 +83244,6 @@ "id": "sc-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -99185,11 +83255,6 @@ "id": "sc-7_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -99248,23 +83313,6 @@ "id": "sc-7_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[01]", @@ -99283,23 +83331,6 @@ "id": "sc-7_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[02]", @@ -99318,23 +83349,6 @@ "id": "sc-7_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[03]", @@ -99353,23 +83367,6 @@ "id": "sc-7_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07a.[04]", @@ -99396,29 +83393,6 @@ "id": "sc-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07b.", @@ -99437,29 +83411,6 @@ "id": "sc-7_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07c.", @@ -99556,9 +83507,9 @@ "title": "Access Points", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(03)", + "class": "zero-padded" }, { "name": "label", @@ -99589,13 +83540,6 @@ { "id": "sc-7.3_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Limit the number of external network connections to the system." }, { @@ -99607,29 +83551,6 @@ "id": "sc-7.3_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(03)", @@ -99734,9 +83655,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(04)", + "class": "zero-padded" }, { "name": "label", @@ -99792,11 +83713,6 @@ "id": "sc-7.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -99808,11 +83724,6 @@ "id": "sc-7.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -99824,11 +83735,6 @@ "id": "sc-7.4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(c)" @@ -99840,11 +83746,6 @@ "id": "sc-7.4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(d)" @@ -99856,11 +83757,6 @@ "id": "sc-7.4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(e)" @@ -99872,11 +83768,6 @@ "id": "sc-7.4_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(f)" @@ -99888,11 +83779,6 @@ "id": "sc-7.4_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(g)" @@ -99904,11 +83790,6 @@ "id": "sc-7.4_smt.h", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(h)" @@ -99938,29 +83819,6 @@ "id": "sc-7.4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(a)", @@ -99979,23 +83837,6 @@ "id": "sc-7.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(b)", @@ -100014,23 +83855,6 @@ "id": "sc-7.4_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(c)", @@ -100086,23 +83910,6 @@ "id": "sc-7.4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(d)", @@ -100121,23 +83928,6 @@ "id": "sc-7.4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(e)", @@ -100193,29 +83983,6 @@ "id": "sc-7.4_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(f)", @@ -100234,29 +84001,6 @@ "id": "sc-7.4_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(g)", @@ -100275,29 +84019,6 @@ "id": "sc-7.4_obj.h", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(04)(h)", @@ -100420,9 +84141,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(05)", + "class": "zero-padded" }, { "name": "label", @@ -100453,13 +84174,6 @@ { "id": "sc-7.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Deny network communications traffic by default and allow network communications traffic by exception {{ insert: param, sc-07.05_odp.01 }}.", "parts": [ { @@ -100491,29 +84205,6 @@ "id": "sc-7.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(05)", @@ -100650,9 +84341,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(07)", + "class": "zero-padded" }, { "name": "label", @@ -100683,13 +84374,6 @@ { "id": "sc-7.7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent split tunneling for remote devices connecting to organizational systems unless the split tunnel is securely provisioned using {{ insert: param, sc-07.07_odp }}." }, { @@ -100701,29 +84385,6 @@ "id": "sc-7.7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(07)", @@ -100837,9 +84498,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(08)", + "class": "zero-padded" }, { "name": "label", @@ -100874,13 +84535,6 @@ { "id": "sc-7.8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Route {{ insert: param, sc-07.08_odp.01 }} to {{ insert: param, sc-07.08_odp.02 }} through authenticated proxy servers at managed interfaces." }, { @@ -100892,29 +84546,6 @@ "id": "sc-7.8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(08)", @@ -101028,9 +84659,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(12)", + "class": "zero-padded" }, { "name": "label", @@ -101061,13 +84692,6 @@ { "id": "sc-7.12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement {{ insert: param, sc-07.12_odp.01 }} at {{ insert: param, sc-07.12_odp.02 }}." }, { @@ -101079,29 +84703,6 @@ "id": "sc-7.12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(12)", @@ -101190,9 +84791,9 @@ "title": "Fail Secure", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-07(18)", + "class": "zero-padded" }, { "name": "label", @@ -101240,13 +84841,6 @@ { "id": "sc-7.18_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Prevent systems from entering unsecure states in the event of an operational failure of a boundary protection device." }, { @@ -101258,29 +84852,6 @@ "id": "sc-7.18_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-07(18)", @@ -101388,9 +84959,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-08", + "class": "zero-padded" }, { "name": "label", @@ -101509,13 +85080,6 @@ { "id": "sc-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the {{ insert: param, sc-08_odp }} of transmitted information.", "parts": [ { @@ -101532,7 +85096,7 @@ "value": "Guidance:" } ], - "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n\n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work - e.g. log collection, scanning, etc.\n\n\n\n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters\n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information]" + "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n\n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work – e.g. log collection, scanning, etc.\n\n\n\n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters\n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information]" }, { "id": "sc-8_fr_gdn.2", @@ -101543,7 +85107,7 @@ "value": "Guidance:" } ], - "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n\n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n\n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS's Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS' recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n\n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n\n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n\n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf" + "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n\n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n\n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS’s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS’ recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n\n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n\n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n\n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf" } ] } @@ -101558,29 +85122,6 @@ "id": "sc-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-08", @@ -101685,6 +85226,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-08(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-8(1)" @@ -101722,13 +85268,6 @@ { "id": "sc-8.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to {{ insert: param, sc-08.01_odp }} during transmission.", "parts": [ { @@ -101793,29 +85332,6 @@ "id": "sc-8.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-08(01)", @@ -101921,6 +85437,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-10", + "class": "zero-padded" + }, { "name": "label", "value": "SC-10" @@ -101954,13 +85475,6 @@ { "id": "sc-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Terminate the network connection associated with a communications session at the end of the session or after {{ insert: param, sc-10_odp }} of inactivity." }, { @@ -101972,29 +85486,6 @@ "id": "sc-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-10", @@ -102099,9 +85590,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-12", + "class": "zero-padded" }, { "name": "label", @@ -102216,10 +85707,6 @@ "href": "#sc-11", "rel": "related" }, - { - "href": "#sc-12", - "rel": "related" - }, { "href": "#sc-13", "rel": "related" @@ -102253,13 +85740,6 @@ { "id": "sc-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: {{ insert: param, sc-12_odp }}.", "parts": [ { @@ -102313,29 +85793,6 @@ "id": "sc-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-12", @@ -102486,9 +85943,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-13", + "class": "zero-padded" }, { "name": "label", @@ -102640,11 +86097,6 @@ "id": "sc-13_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -102656,11 +86108,6 @@ "id": "sc-13_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -102752,23 +86199,6 @@ "id": "sc-13_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-13a.", @@ -102787,29 +86217,6 @@ "id": "sc-13_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-13b.", @@ -102921,6 +86328,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-15", + "class": "zero-padded" + }, { "name": "label", "value": "SC-15" @@ -102959,11 +86371,6 @@ "id": "sc-15_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -102975,11 +86382,6 @@ "id": "sc-15_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -103027,23 +86429,6 @@ "id": "sc-15_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-15a.", @@ -103062,29 +86447,6 @@ "id": "sc-15_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-15b.", @@ -103191,6 +86553,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-17", + "class": "zero-padded" + }, { "name": "label", "value": "SC-17" @@ -103258,11 +86625,6 @@ "id": "sc-17_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -103274,11 +86636,6 @@ "id": "sc-17_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -103308,23 +86665,6 @@ "id": "sc-17_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-17a.", @@ -103343,29 +86683,6 @@ "id": "sc-17_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-17b.", @@ -103461,6 +86778,11 @@ "class": "SP800-53", "title": "Mobile Code", "props": [ + { + "name": "label", + "value": "SC-18", + "class": "zero-padded" + }, { "name": "label", "value": "SC-18" @@ -103515,11 +86837,6 @@ "id": "sc-18_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -103531,11 +86848,6 @@ "id": "sc-18_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -103565,17 +86877,6 @@ "id": "sc-18_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SC-18a.", @@ -103667,23 +86968,6 @@ "id": "sc-18_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-18b.", @@ -103834,6 +87118,11 @@ "class": "SP800-53", "title": "Secure Name/Address Resolution Service (Authoritative Source)", "props": [ + { + "name": "label", + "value": "SC-20", + "class": "zero-padded" + }, { "name": "label", "value": "SC-20" @@ -103900,11 +87189,6 @@ "id": "sc-20_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -103916,11 +87200,6 @@ "id": "sc-20_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -104001,29 +87280,6 @@ "id": "sc-20_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-20a.", @@ -104090,29 +87346,6 @@ "id": "sc-20_obj.b-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-20b.[01]", @@ -104131,29 +87364,6 @@ "id": "sc-20_obj.b-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-20b.[02]", @@ -104258,9 +87468,9 @@ "title": "Secure Name/Address Resolution Service (Recursive or Caching Resolver)", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-21", + "class": "zero-padded" }, { "name": "label", @@ -104299,13 +87509,6 @@ { "id": "sc-21_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Request and perform data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources.", "parts": [ { @@ -104370,29 +87573,6 @@ "id": "sc-21_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-21", @@ -104553,6 +87733,11 @@ "class": "SP800-53", "title": "Architecture and Provisioning for Name/Address Resolution Service", "props": [ + { + "name": "label", + "value": "SC-22", + "class": "zero-padded" + }, { "name": "label", "value": "SC-22" @@ -104598,13 +87783,6 @@ { "id": "sc-22_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Ensure the systems that collectively provide name/address resolution service for an organization are fault-tolerant and implement internal and external role separation." }, { @@ -104616,29 +87794,6 @@ "id": "sc-22_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-22", @@ -104781,6 +87936,11 @@ "class": "SP800-53", "title": "Session Authenticity", "props": [ + { + "name": "label", + "value": "SC-23", + "class": "zero-padded" + }, { "name": "label", "value": "SC-23" @@ -104838,13 +87998,6 @@ { "id": "sc-23_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the authenticity of communications sessions." }, { @@ -104856,29 +88009,6 @@ "id": "sc-23_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-23", @@ -104993,9 +88123,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-28", + "class": "zero-padded" }, { "name": "label", @@ -105134,13 +88264,6 @@ { "id": "sc-28_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Protect the {{ insert: param, sc-28_odp.01 }} of the following information at rest: {{ insert: param, sc-28_odp.02 }}.", "parts": [ { @@ -105194,29 +88317,6 @@ "id": "sc-28_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-28", @@ -105329,6 +88429,11 @@ } ], "props": [ + { + "name": "label", + "value": "SC-28(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SC-28(1)" @@ -105370,13 +88475,6 @@ { "id": "sc-28.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of the following information at rest on {{ insert: param, sc-28.01_odp.02 }}: {{ insert: param, sc-28.01_odp.01 }}.", "parts": [ { @@ -105408,29 +88506,6 @@ "id": "sc-28.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-28(01)", @@ -105557,6 +88632,11 @@ "class": "SP800-53", "title": "Process Isolation", "props": [ + { + "name": "label", + "value": "SC-39", + "class": "zero-padded" + }, { "name": "label", "value": "SC-39" @@ -105623,13 +88703,6 @@ { "id": "sc-39_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain a separate execution domain for each executing system process." }, { @@ -105641,29 +88714,6 @@ "id": "sc-39_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-39", @@ -105751,6 +88801,11 @@ "class": "SP800-53", "title": "System Time Synchronization", "props": [ + { + "name": "label", + "value": "SC-45", + "class": "zero-padded" + }, { "name": "label", "value": "SC-45" @@ -105796,13 +88851,6 @@ { "id": "sc-45_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Synchronize system clocks within and between systems and system components." }, { @@ -105814,29 +88862,6 @@ "id": "sc-45_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-45", @@ -105969,9 +88994,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SC-45(01)", + "class": "zero-padded" }, { "name": "label", @@ -106007,11 +89032,6 @@ "id": "sc-45.1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -106023,11 +89043,6 @@ "id": "sc-45.1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -106097,23 +89112,6 @@ "id": "sc-45.1_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SC-45(01)(a)", @@ -106132,17 +89130,6 @@ "id": "sc-45.1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SC-45(01)(b)", @@ -106342,6 +89329,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-01", + "class": "zero-padded" + }, { "name": "label", "value": "SI-1" @@ -106405,12 +89397,6 @@ "id": "si-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -106470,11 +89456,6 @@ "id": "si-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -106486,12 +89467,6 @@ "id": "si-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -106556,23 +89531,6 @@ "id": "si-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[01]", @@ -106591,23 +89549,6 @@ "id": "si-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[02]", @@ -106626,17 +89567,6 @@ "id": "si-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[03]", @@ -106655,17 +89585,6 @@ "id": "si-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.[04]", @@ -106695,17 +89614,6 @@ "id": "si-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.01(a)", @@ -106851,17 +89759,6 @@ "id": "si-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SI-01a.01(b)", @@ -106896,23 +89793,6 @@ "id": "si-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01b.", @@ -106942,23 +89822,6 @@ "id": "si-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01c.01", @@ -107014,23 +89877,6 @@ "id": "si-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-01c.02", @@ -107165,6 +90011,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-02", + "class": "zero-padded" + }, { "name": "label", "value": "SI-2" @@ -107283,11 +90134,6 @@ "id": "si-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -107299,11 +90145,6 @@ "id": "si-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -107315,11 +90156,6 @@ "id": "si-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -107331,11 +90167,6 @@ "id": "si-2_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -107365,29 +90196,6 @@ "id": "si-2_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-02a.", @@ -107461,23 +90269,6 @@ "id": "si-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02b.", @@ -107569,23 +90360,6 @@ "id": "si-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02c.", @@ -107641,23 +90415,6 @@ "id": "si-2_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02d.", @@ -107778,6 +90535,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-02(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-2(2)" @@ -107815,13 +90577,6 @@ { "id": "si-2.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Determine if system components have applicable security-relevant software and firmware updates installed using {{ insert: param, si-02.02_odp.01 }} {{ insert: param, si-02.02_odp.02 }}." }, { @@ -107833,29 +90588,6 @@ "id": "si-2.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-02(02)", @@ -107954,6 +90686,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-02(03)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-2(3)" @@ -107988,11 +90725,6 @@ "id": "si-2.3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -108004,11 +90736,6 @@ "id": "si-2.3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -108038,29 +90765,6 @@ "id": "si-2.3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-02(03)(a)", @@ -108079,23 +90783,6 @@ "id": "si-2.3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-02(03)(b)", @@ -108279,9 +90966,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-03", + "class": "zero-padded" }, { "name": "label", @@ -108406,11 +91093,6 @@ "id": "si-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -108422,11 +91104,6 @@ "id": "si-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -108438,11 +91115,6 @@ "id": "si-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -108478,11 +91150,6 @@ "id": "si-3_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -108512,23 +91179,6 @@ "id": "si-3_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-03a.", @@ -108584,23 +91234,6 @@ "id": "si-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-03b.", @@ -108641,23 +91274,6 @@ "id": "si-3_obj.c.1-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.01[01]", @@ -108676,23 +91292,6 @@ "id": "si-3_obj.c.1-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.01[02]", @@ -108730,23 +91329,6 @@ "id": "si-3_obj.c.2-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.02[01]", @@ -108765,23 +91347,6 @@ "id": "si-3_obj.c.2-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03c.02[02]", @@ -108816,23 +91381,6 @@ "id": "si-3_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-03d.", @@ -108985,6 +91533,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4" @@ -109209,11 +91762,6 @@ "id": "si-4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -109249,11 +91797,6 @@ "id": "si-4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -109265,11 +91808,6 @@ "id": "si-4_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -109305,11 +91843,6 @@ "id": "si-4_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -109321,11 +91854,6 @@ "id": "si-4_smt.e", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "e." @@ -109337,11 +91865,6 @@ "id": "si-4_smt.f", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "f." @@ -109353,11 +91876,6 @@ "id": "si-4_smt.g", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "g." @@ -109416,29 +91934,6 @@ "id": "si-4_obj.a.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04a.01", @@ -109457,29 +91952,6 @@ "id": "si-4_obj.a.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04a.02", @@ -109561,23 +92033,6 @@ "id": "si-4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04b.", @@ -109607,29 +92062,6 @@ "id": "si-4_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04c.01", @@ -109648,29 +92080,6 @@ "id": "si-4_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04c.02", @@ -109697,23 +92106,6 @@ "id": "si-4_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04d.", @@ -109769,23 +92161,6 @@ "id": "si-4_obj.e", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04e.", @@ -109804,23 +92179,6 @@ "id": "si-4_obj.f", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04f.", @@ -109839,29 +92197,6 @@ "id": "si-4_obj.g", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04g.", @@ -109958,9 +92293,9 @@ "title": "System-wide Intrusion Detection System", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(01)", + "class": "zero-padded" }, { "name": "label", @@ -110001,13 +92336,6 @@ { "id": "si-4.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Connect and configure individual intrusion detection tools into a system-wide intrusion detection system." }, { @@ -110030,23 +92358,6 @@ "id": "si-4.1_obj-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(01)[01]", @@ -110065,23 +92376,6 @@ "id": "si-4.1_obj-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(01)[02]", @@ -110178,9 +92472,9 @@ "title": "Automated Tools and Mechanisms for Real-time Analysis", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(02)", + "class": "zero-padded" }, { "name": "label", @@ -110224,13 +92518,6 @@ { "id": "si-4.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ automated tools and mechanisms to support near real-time analysis of events." }, { @@ -110242,29 +92529,6 @@ "id": "si-4.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(02)", @@ -110403,6 +92667,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04(04)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(4)" @@ -110442,11 +92711,6 @@ "id": "si-4.4_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(a)" @@ -110458,11 +92722,6 @@ "id": "si-4.4_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "(b)" @@ -110492,23 +92751,6 @@ "id": "si-4.4_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(04)(a)", @@ -110564,29 +92806,6 @@ "id": "si-4.4_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(04)(b)", @@ -110739,6 +92958,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04(05)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(5)" @@ -110785,13 +93009,6 @@ { "id": "si-4.5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Alert {{ insert: param, si-04.05_odp.01 }} when the following system-generated indications of compromise or potential compromise occur: {{ insert: param, si-04.05_odp.02 }}.", "parts": [ { @@ -110823,29 +93040,6 @@ "id": "si-4.5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(05)", @@ -110934,9 +93128,9 @@ "title": "Correlate Monitoring Information", "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(16)", + "class": "zero-padded" }, { "name": "label", @@ -110981,13 +93175,6 @@ { "id": "si-4.16_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Correlate information from monitoring tools and mechanisms employed throughout the system." }, { @@ -110999,23 +93186,6 @@ "id": "si-4.16_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(16)", @@ -111114,6 +93284,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-04(18)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-4(18)" @@ -111153,13 +93328,6 @@ { "id": "si-4.18_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Analyze outbound communications traffic at external interfaces to the system and at the following interior points to detect covert exfiltration of information: {{ insert: param, si-04.18_odp }}." }, { @@ -111171,23 +93339,6 @@ "id": "si-4.18_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(18)", @@ -111333,9 +93484,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-04(23)", + "class": "zero-padded" }, { "name": "label", @@ -111379,13 +93530,6 @@ { "id": "si-4.23_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement the following host-based monitoring mechanisms at {{ insert: param, si-04.23_odp.02 }}: {{ insert: param, si-04.23_odp.01 }}." }, { @@ -111397,29 +93541,6 @@ "id": "si-4.23_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-04(23)", @@ -111568,6 +93689,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-05", + "class": "zero-padded" + }, { "name": "label", "value": "SI-5" @@ -111619,11 +93745,6 @@ "id": "si-5_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -111635,11 +93756,6 @@ "id": "si-5_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -111651,11 +93767,6 @@ "id": "si-5_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -111667,11 +93778,6 @@ "id": "si-5_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -111713,29 +93819,6 @@ "id": "si-5_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05a.", @@ -111754,23 +93837,6 @@ "id": "si-5_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05b.", @@ -111789,29 +93855,6 @@ "id": "si-5_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05c.", @@ -111830,23 +93873,6 @@ "id": "si-5_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-05d.", @@ -112040,9 +94066,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-06", + "class": "zero-padded" }, { "name": "label", @@ -112099,11 +94125,6 @@ "id": "si-6_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -112115,11 +94136,6 @@ "id": "si-6_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -112131,11 +94147,6 @@ "id": "si-6_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -112147,11 +94158,6 @@ "id": "si-6_smt.d", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "d." @@ -112181,23 +94187,6 @@ "id": "si-6_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-06a.", @@ -112253,23 +94242,6 @@ "id": "si-6_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-06b.", @@ -112325,23 +94297,6 @@ "id": "si-6_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-06c.", @@ -112397,23 +94352,6 @@ "id": "si-6_obj.d", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-06d.", @@ -112574,9 +94512,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-07", + "class": "zero-padded" }, { "name": "label", @@ -112738,11 +94676,6 @@ "id": "si-7_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -112754,11 +94687,6 @@ "id": "si-7_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -112788,23 +94716,6 @@ "id": "si-7_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-07a.", @@ -112878,23 +94789,6 @@ "id": "si-7_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-07b.", @@ -113195,9 +95089,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-07(01)", + "class": "zero-padded" }, { "name": "label", @@ -113233,13 +95127,6 @@ { "id": "si-7.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Perform an integrity check of {{ insert: param, si-7.1_prm_1 }} {{ insert: param, si-7.1_prm_2 }}." }, { @@ -113251,29 +95138,6 @@ "id": "si-7.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-07(01)", @@ -113427,6 +95291,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-07(07)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-7(7)" @@ -113481,13 +95350,6 @@ { "id": "si-7.7_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Incorporate the detection of the following unauthorized changes into the organizational incident response capability: {{ insert: param, si-07.07_odp }}." }, { @@ -113499,23 +95361,6 @@ "id": "si-7.7_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-07(07)", @@ -113605,6 +95450,11 @@ "class": "SP800-53", "title": "Spam Protection", "props": [ + { + "name": "label", + "value": "SI-08", + "class": "zero-padded" + }, { "name": "label", "value": "SI-8" @@ -113667,11 +95517,6 @@ "id": "si-8_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -113683,11 +95528,6 @@ "id": "si-8_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -113746,23 +95586,6 @@ "id": "si-8_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-08a.", @@ -113854,23 +95677,6 @@ "id": "si-8_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-08b.", @@ -113977,6 +95783,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-08(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SI-8(2)" @@ -114006,13 +95817,6 @@ { "id": "si-8.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Automatically update spam protection mechanisms {{ insert: param, si-08.02_odp }}." }, { @@ -114024,23 +95828,6 @@ "id": "si-8.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SI-08(02)", @@ -114142,9 +95929,9 @@ ], "props": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "name": "label", + "value": "SI-10", + "class": "zero-padded" }, { "name": "label", @@ -114180,13 +95967,6 @@ { "id": "si-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Check the validity of the following information inputs: {{ insert: param, si-10_odp }}.", "parts": [ { @@ -114218,17 +95998,6 @@ "id": "si-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-10", @@ -114332,6 +96101,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-11", + "class": "zero-padded" + }, { "name": "label", "value": "SI-11" @@ -114382,11 +96156,6 @@ "id": "si-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -114398,11 +96167,6 @@ "id": "si-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -114432,17 +96196,6 @@ "id": "si-11_obj.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-11a.", @@ -114461,17 +96214,6 @@ "id": "si-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-11b.", @@ -114567,6 +96309,11 @@ "class": "SP800-53", "title": "Information Management and Retention", "props": [ + { + "name": "label", + "value": "SI-12", + "class": "zero-padded" + }, { "name": "label", "value": "SI-12" @@ -114724,13 +96471,6 @@ { "id": "si-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Manage and retain information within the system and information output from the system in accordance with applicable laws, executive orders, directives, regulations, policies, standards, guidelines and operational requirements." }, { @@ -114742,23 +96482,6 @@ "id": "si-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-12", @@ -114930,6 +96653,11 @@ } ], "props": [ + { + "name": "label", + "value": "SI-16", + "class": "zero-padded" + }, { "name": "label", "value": "SI-16" @@ -114972,13 +96700,6 @@ { "id": "si-16_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Implement the following controls to protect the system memory from unauthorized code execution: {{ insert: param, si-16_odp }}." }, { @@ -114990,23 +96711,6 @@ "id": "si-16_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SI-16", @@ -115201,6 +96905,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-01", + "class": "zero-padded" + }, { "name": "label", "value": "SR-1" @@ -115288,12 +96997,6 @@ "id": "sr-1_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "a." @@ -115353,11 +97056,6 @@ "id": "sr-1_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -115369,12 +97067,6 @@ "id": "sr-1_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - }, { "name": "label", "value": "c." @@ -115439,23 +97131,6 @@ "id": "sr-1_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[01]", @@ -115474,23 +97149,6 @@ "id": "sr-1_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[02]", @@ -115509,17 +97167,6 @@ "id": "sr-1_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[03]", @@ -115538,17 +97185,6 @@ "id": "sr-1_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.[04]", @@ -115578,17 +97214,6 @@ "id": "sr-1_obj.a.1.a", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.01(a)", @@ -115734,17 +97359,6 @@ "id": "sr-1_obj.a.1.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-01a.01(b)", @@ -115779,23 +97393,6 @@ "id": "sr-1_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01b.", @@ -115825,23 +97422,6 @@ "id": "sr-1_obj.c.1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01c.01", @@ -115897,23 +97477,6 @@ "id": "sr-1_obj.c.2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-01c.02", @@ -116057,6 +97620,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-02", + "class": "zero-padded" + }, { "name": "label", "value": "SR-2" @@ -116188,11 +97756,6 @@ "id": "sr-2_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -116204,11 +97767,6 @@ "id": "sr-2_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -116220,11 +97778,6 @@ "id": "sr-2_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -116265,23 +97818,6 @@ "id": "sr-2_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[01]", @@ -116300,17 +97836,6 @@ "id": "sr-2_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[02]", @@ -116329,17 +97854,6 @@ "id": "sr-2_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[03]", @@ -116358,17 +97872,6 @@ "id": "sr-2_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[04]", @@ -116387,17 +97890,6 @@ "id": "sr-2_obj.a-5", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[05]", @@ -116416,17 +97908,6 @@ "id": "sr-2_obj.a-6", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[06]", @@ -116445,17 +97926,6 @@ "id": "sr-2_obj.a-7", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[07]", @@ -116474,17 +97944,6 @@ "id": "sr-2_obj.a-8", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[08]", @@ -116503,17 +97962,6 @@ "id": "sr-2_obj.a-9", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, { "name": "label", "value": "SR-02a.[09]", @@ -116540,23 +97988,6 @@ "id": "sr-2_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-02b.", @@ -116575,23 +98006,6 @@ "id": "sr-2_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-02c.", @@ -116744,6 +98158,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-02(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-2(1)" @@ -116778,13 +98197,6 @@ { "id": "sr-2.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish a supply chain risk management team consisting of {{ insert: param, sr-02.01_odp.01 }} to lead and support the following SCRM activities: {{ insert: param, sr-02.01_odp.02 }}." }, { @@ -116796,23 +98208,6 @@ "id": "sr-2.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-02(01)", @@ -116929,6 +98324,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-03", + "class": "zero-padded" + }, { "name": "label", "value": "SR-3" @@ -117089,11 +98489,6 @@ "id": "sr-3_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -117105,11 +98500,6 @@ "id": "sr-3_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -117121,11 +98511,6 @@ "id": "sr-3_smt.c", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "c." @@ -117184,23 +98569,6 @@ "id": "sr-3_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-03a.[01]", @@ -117219,23 +98587,6 @@ "id": "sr-3_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-03a.[02]", @@ -117262,23 +98613,6 @@ "id": "sr-3_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-03b.", @@ -117297,23 +98631,6 @@ "id": "sr-3_obj.c", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-03c.", @@ -117420,6 +98737,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-05", + "class": "zero-padded" + }, { "name": "label", "value": "SR-5" @@ -117538,13 +98860,6 @@ { "id": "sr-5_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Employ the following acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks: {{ insert: param, sr-05_odp }}." }, { @@ -117556,29 +98871,6 @@ "id": "sr-5_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-05", @@ -117737,6 +99029,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-06", + "class": "zero-padded" + }, { "name": "label", "value": "SR-6" @@ -117827,13 +99124,6 @@ { "id": "sr-6_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Assess and review the supply chain-related risks associated with suppliers or contractors and the system, system component, or system service they provide {{ insert: param, sr-06_odp }}.", "parts": [ { @@ -117865,23 +99155,6 @@ "id": "sr-6_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - }, { "name": "label", "value": "SR-06", @@ -117995,6 +99268,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-08", + "class": "zero-padded" + }, { "name": "label", "value": "SR-8" @@ -118065,13 +99343,6 @@ { "id": "sr-8_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the {{ insert: param, sr-08_odp.01 }}.", "parts": [ { @@ -118103,23 +99374,6 @@ "id": "sr-8_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-08", @@ -118247,6 +99501,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-10", + "class": "zero-padded" + }, { "name": "label", "value": "SR-10" @@ -118317,13 +99576,6 @@ { "id": "sr-10_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Inspect the following systems or system components {{ insert: param, sr-10_odp.02 }} to detect tampering: {{ insert: param, sr-10_odp.01 }}." }, { @@ -118335,23 +99587,6 @@ "id": "sr-10_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-10", @@ -118470,6 +99705,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11" @@ -118529,11 +99769,6 @@ "id": "sr-11_smt.a", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "a." @@ -118545,11 +99780,6 @@ "id": "sr-11_smt.b", "name": "item", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, { "name": "label", "value": "b." @@ -118608,23 +99838,6 @@ "id": "sr-11_obj.a-1", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[01]", @@ -118643,23 +99856,6 @@ "id": "sr-11_obj.a-2", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[02]", @@ -118678,23 +99874,6 @@ "id": "sr-11_obj.a-3", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[03]", @@ -118713,23 +99892,6 @@ "id": "sr-11_obj.a-4", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11a.[04]", @@ -118756,23 +99918,6 @@ "id": "sr-11_obj.b", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11b.", @@ -118879,6 +100024,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11(01)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11(1)" @@ -118917,13 +100067,6 @@ { "id": "sr-11.1_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Train {{ insert: param, sr-11.01_odp }} to detect counterfeit system components (including hardware, software, and firmware)." }, { @@ -118935,23 +100078,6 @@ "id": "sr-11.1_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11(01)", @@ -119055,6 +100181,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-11(02)", + "class": "zero-padded" + }, { "name": "label", "value": "SR-11(2)" @@ -119105,13 +100236,6 @@ { "id": "sr-11.2_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Maintain configuration control over the following system components awaiting service or repair and serviced or repaired components awaiting return to service: {{ insert: param, sr-11.02_odp }}." }, { @@ -119123,23 +100247,6 @@ "id": "sr-11.2_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-11(02)", @@ -119286,6 +100393,11 @@ } ], "props": [ + { + "name": "label", + "value": "SR-12", + "class": "zero-padded" + }, { "name": "label", "value": "SR-12" @@ -119320,13 +100432,6 @@ { "id": "sr-12_smt", "name": "statement", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ], "prose": "Dispose of {{ insert: param, sr-12_odp.01 }} using the following techniques and methods: {{ insert: param, sr-12_odp.02 }}." }, { @@ -119338,23 +100443,6 @@ "id": "sr-12_obj", "name": "assessment-objective", "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, { "name": "label", "value": "SR-12", diff --git a/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline_profile-min.json b/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline_profile-min.json index e8c081fe3..08d6c3d09 100644 --- a/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline_profile-min.json +++ b/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline_profile-min.json @@ -1,11 +1,11 @@ { "profile": { - "uuid": "b3d53132-0160-417a-ae1b-c9da8385d698", + "uuid": "048f1842-3232-4908-b673-41cfa246e465", "metadata": { "title": "FedRAMP Rev 5 Moderate Baseline", "published": "2023-08-31T00:00:00Z", - "last-modified": "2024-01-11T23:40:17Z", - "version": "5.1.1+fedramp-20240111-0", + "last-modified": "2023-12-18T15:21:26Z", + "version": "5.1.1+20231218-1", "oscal-version": "1.1.1", "roles": [ { @@ -1676,7 +1676,7 @@ "param-id": "ps-03.03_odp", "constraints": [ { - "description": "personnel screening criteria - as required by specific information" + "description": "personnel screening criteria \u2013 as required by specific information" } ] }, @@ -2323,30327 +2323,673 @@ ], "alters": [ { - "control-id": "ac-1", + "control-id": "ac-2.3", "adds": [ { - "position": "starting", - "by-id": "ac-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_smt.c", - "props": [ + "position": "ending", + "by-id": "ac-2.3_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." + "id": "ac-2.3_fr", + "name": "item", + "title": "AC-2 (3) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-2.3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider defines the time period for non-user accounts (e.g., accounts associated with devices). The time periods are approved and accepted by the JAB/AO. Where user management is a function of the service, reports of activity of consumer users shall be made available." + }, + { + "id": "ac-2.3_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(d) Requirement:" + } + ], + "prose": "The service provider defines the time period of inactivity for device identifiers." + }, + { + "id": "ac-2.3_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For DoD clouds, see DoD cloud website for specific DoD requirements that go above and beyond FedRAMP https://public.cyber.mil/dccs/." + } + ] } ] } ] }, { - "control-id": "ac-11", + "control-id": "ac-2.5", "adds": [ { - "position": "starting", - "by-id": "ac-11_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-11_smt.b", - "props": [ + "position": "ending", + "by-id": "ac-2.5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-2.5_fr", + "name": "item", + "title": "AC-2 (5) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-2.5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Should use a shorter timeframe than AC-12." + } + ] } ] } ] }, { - "control-id": "ac-11.1", + "control-id": "ac-2.9", "adds": [ { - "position": "starting", - "by-id": "ac-11.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-11.1_smt", - "props": [ + "position": "ending", + "by-id": "ac-2.9_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-2.9_fr", + "name": "item", + "title": "AC-2 (9) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-2.9_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Required if shared/group accounts are deployed." + } + ] } ] } ] }, { - "control-id": "ac-12", + "control-id": "ac-2.12", "adds": [ { - "position": "starting", - "by-id": "ac-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-12_smt", - "props": [ + "position": "ending", + "by-id": "ac-2.12_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-2.12_fr", + "name": "item", + "title": "AC-2 (12) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-2.12_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "Required for privileged accounts." + }, + { + "id": "ac-2.12_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(b) Requirement:" + } + ], + "prose": "Required for privileged accounts." + } + ] } ] } ] }, { - "control-id": "ac-14", + "control-id": "ac-5", "adds": [ { - "position": "starting", - "by-id": "ac-14_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-14_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-14_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-14_smt.b", - "props": [ + "position": "ending", + "by-id": "ac-5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-5_fr", + "name": "item", + "title": "AC-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "CSPs have the option to provide a separation of duties matrix as an attachment to the SSP." + } + ] } ] } ] }, { - "control-id": "ac-17", + "control-id": "ac-6.2", "adds": [ { - "position": "starting", - "by-id": "ac-17_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-17_smt.b", - "props": [ + "position": "ending", + "by-id": "ac-6.2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-6.2_fr", + "name": "item", + "title": "AC-6 (2) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-6.2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Examples of security functions include but are not limited to: establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters, system programming, system and security administration, other privileged functions." + } + ] } ] } ] }, { - "control-id": "ac-17.1", + "control-id": "ac-7", "adds": [ { - "position": "starting", - "by-id": "ac-17.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.1_smt", - "props": [ + "position": "ending", + "by-id": "ac-7_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-7_fr", + "name": "item", + "title": "AC-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-7_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "In alignment with NIST SP 800-63B" + } + ] } ] } ] }, { - "control-id": "ac-17.2", + "control-id": "ac-8", "adds": [ { - "position": "starting", - "by-id": "ac-17.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.2", - "props": [ + "position": "ending", + "by-id": "ac-8_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ac-8_fr", + "name": "item", + "title": "AC-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-8_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider shall determine elements of the cloud environment that require the System Use Notification control. The elements of the cloud environment that require System Use Notification are approved and accepted by the JAB/AO." + }, + { + "id": "ac-8_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider shall determine how System Use Notification is going to be verified and provide appropriate periodicity of the check. The System Use Notification verification and periodicity are approved and accepted by the JAB/AO." + }, + { + "id": "ac-8_fr_smt.3", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "If not performed as part of a Configuration Baseline check, then there must be documented agreement on how to provide results of verification and the necessary periodicity of the verification by the service provider. The documented agreement on how to provide verification of the results are approved and accepted by the JAB/AO." + }, + { + "id": "ac-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "If performed as part of a Configuration Baseline check, then the % of items requiring setting that are checked and that pass (or fail) check can be provided." + } + ] } ] } ] }, { - "control-id": "ac-17.3", + "control-id": "ac-20", "adds": [ { - "position": "starting", - "by-id": "ac-17.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.3_smt", - "props": [ + "position": "ending", + "by-id": "ac-20_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-20_fr", + "name": "item", + "title": "AC-20 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-20_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The interrelated controls of AC-20, CA-3, and SA-9 should be differentiated as follows:\n\nAC-20 describes system access to and from external systems.\n\nCA-3 describes documentation of an agreement between the respective system owners when data is exchanged between the CSO and an external system.\n\nSA-9 describes the responsibilities of external system owners. These responsibilities would typically be captured in the agreement required by CA-3." + } + ] } ] } ] }, { - "control-id": "ac-17.4", + "control-id": "au-2", "adds": [ { - "position": "starting", - "by-id": "ac-17.4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_smt.a", - "props": [ + "position": "ending", + "by-id": "au-2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-2_fr", + "name": "item", + "title": "AU-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-2_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO." + }, + { + "id": "au-2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(e) Guidance:" + } + ], + "prose": "Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO." + } + ] } ] - }, + } + ] + }, + { + "control-id": "au-3.1", + "adds": [ { - "position": "starting", - "by-id": "ac-17.4_smt.b", - "props": [ + "position": "ending", + "by-id": "au-3.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-3.1_fr", + "name": "item", + "title": "AU-3 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-3.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For client-server transactions, the number of bytes sent and received gives bidirectional transfer information that can be helpful during an investigation or inquiry." + } + ] } ] } ] }, { - "control-id": "ac-18", + "control-id": "au-6", "adds": [ { - "position": "starting", - "by-id": "ac-18_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "au-6_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-18_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-6_fr", + "name": "item", + "title": "AU-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-6_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO. In multi-tenant environments, capability and means for providing review, analysis, and reporting to consumer for data pertaining to consumer shall be documented." + } + ] } ] } ] }, { - "control-id": "ac-18.1", + "control-id": "au-11", "adds": [ { - "position": "starting", - "by-id": "ac-18.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18.1_smt", - "props": [ + "position": "ending", + "by-id": "au-11_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-11_fr", + "name": "item", + "title": "AU-11 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-11_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider retains audit records on-line for at least ninety days and further preserves audit records off-line for a period that is in accordance with NARA requirements." + }, + { + "id": "au-11_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf)" + }, + { + "id": "au-11_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The service provider is encouraged to align with M-21-31 where possible" + } + ] } ] } ] }, { - "control-id": "ac-18.3", + "control-id": "ca-2", "adds": [ { - "position": "starting", - "by-id": "ac-18.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18.3_smt", - "props": [ + "position": "ending", + "by-id": "ca-2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ca-2_fr", + "name": "item", + "title": "CA-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Reference FedRAMP Annual Assessment Guidance." + } + ] } ] } ] }, { - "control-id": "ac-19", + "control-id": "ca-2.1", "adds": [ { - "position": "starting", - "by-id": "ac-19_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-19_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-19_smt.a", - "props": [ + "position": "ending", + "by-id": "ca-2.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ca-2.1_fr", + "name": "item", + "title": "CA-2 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-2.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "For JAB Authorization, must use an accredited 3PAO." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ca-5", + "adds": [ { - "position": "starting", - "by-id": "ac-19_smt.b", - "props": [ + "position": "ending", + "by-id": "ca-5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ca-5_fr", + "name": "item", + "title": "CA-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-5_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "POA&Ms must be provided at least monthly." + }, + { + "id": "ca-5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Reference FedRAMP-POAM-Template" + } + ] } ] } ] }, { - "control-id": "ac-19.5", + "control-id": "ca-6", "adds": [ { - "position": "starting", - "by-id": "ac-19.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, + "position": "ending", + "by-id": "ca-6_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" + "id": "ca-6_fr", + "name": "item", + "title": "CA-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-6_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(e) Guidance:" + } + ], + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F and according to FedRAMP Significant Change Policies and Procedures. The service provider describes the types of changes to the information system or the environment of operations that would impact the risk posture. The types of changes are approved and accepted by the JAB/AO." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ca-7", + "adds": [ { - "position": "starting", - "by-id": "ac-19.5_smt", - "props": [ + "position": "ending", + "by-id": "ca-7_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ca-7_fr", + "name": "item", + "title": "CA-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-7_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Operating System, Database, Web Application, Container, and Service Configuration Scans: at least monthly. All scans performed by Independent Assessor: at least annually." + }, + { + "id": "ca-7_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "CSOs with more than one agency ATO must implement a collaborative Continuous Monitoring (Con Mon) approach described in the FedRAMP Guide for Multi-Agency Continuous Monitoring. This requirement applies to CSPs authorized via the Agency path as each agency customer is responsible for performing Con Mon oversight. It does not apply to CSPs authorized via the JAB path because the JAB performs Con Mon oversight." + }, + { + "id": "ca-7_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "FedRAMP does not provide a template for the Continuous Monitoring Plan. CSPs should reference the FedRAMP Continuous Monitoring Strategy Guide when developing the Continuous Monitoring Plan." + } + ] } ] } ] }, { - "control-id": "ac-2", - "adds": [ - { - "position": "starting", - "by-id": "ac-2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.i.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.i.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.i.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.j", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.k-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.k-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.l", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.j", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.k", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.l", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.1", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.13", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.13_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.13_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.13", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.2", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.3", - "adds": [ - { - "position": "ending", - "by-id": "ac-2.3_smt", - "parts": [ - { - "id": "ac-2.3_fr", - "name": "item", - "title": "AC-2 (3) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-2.3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider defines the time period for non-user accounts (e.g., accounts associated with devices). The time periods are approved and accepted by the JAB/AO. Where user management is a function of the service, reports of activity of consumer users shall be made available." - }, - { - "id": "ac-2.3_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(d) Requirement:" - } - ], - "prose": "The service provider defines the time period of inactivity for device identifiers." - }, - { - "id": "ac-2.3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "For DoD clouds, see DoD cloud website for specific DoD requirements that go above and beyond FedRAMP https://public.cyber.mil/dccs/." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.4", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.5", - "adds": [ - { - "position": "ending", - "by-id": "ac-2.5_smt", - "parts": [ - { - "id": "ac-2.5_fr", - "name": "item", - "title": "AC-2 (5) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-2.5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Should use a shorter timeframe than AC-12." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.7", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.9", - "adds": [ - { - "position": "ending", - "by-id": "ac-2.9_smt", - "parts": [ - { - "id": "ac-2.9_fr", - "name": "item", - "title": "AC-2 (9) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-2.9_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Required if shared/group accounts are deployed." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.9", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.12", - "adds": [ - { - "position": "ending", - "by-id": "ac-2.12_smt", - "parts": [ - { - "id": "ac-2.12_fr", - "name": "item", - "title": "AC-2 (12) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-2.12_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "Required for privileged accounts." - }, - { - "id": "ac-2.12_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "Required for privileged accounts." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-20.1", - "adds": [ - { - "position": "starting", - "by-id": "ac-20.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-20.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-20.2", - "adds": [ - { - "position": "starting", - "by-id": "ac-20.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-21", - "adds": [ - { - "position": "starting", - "by-id": "ac-21_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-21_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-21_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-21_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-22", - "adds": [ - { - "position": "starting", - "by-id": "ac-22_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-3", - "adds": [ - { - "position": "starting", - "by-id": "ac-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-4", - "adds": [ - { - "position": "starting", - "by-id": "ac-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-4.21", - "adds": [ - { - "position": "starting", - "by-id": "ac-4.21_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-4.21_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-5", - "adds": [ - { - "position": "ending", - "by-id": "ac-5_smt", - "parts": [ - { - "id": "ac-5_fr", - "name": "item", - "title": "AC-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "CSPs have the option to provide a separation of duties matrix as an attachment to the SSP." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-6", - "adds": [ - { - "position": "starting", - "by-id": "ac-6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.1", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-6.10", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.10", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.2", - "adds": [ - { - "position": "ending", - "by-id": "ac-6.2_smt", - "parts": [ - { - "id": "ac-6.2_fr", - "name": "item", - "title": "AC-6 (2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-6.2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Examples of security functions include but are not limited to: establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters, system programming, system and security administration, other privileged functions." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.5", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.7", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-6.9", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-7", - "adds": [ - { - "position": "ending", - "by-id": "ac-7_smt", - "parts": [ - { - "id": "ac-7_fr", - "name": "item", - "title": "AC-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "In alignment with NIST SP 800-63B" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-8", - "adds": [ - { - "position": "ending", - "by-id": "ac-8_smt", - "parts": [ - { - "id": "ac-8_fr", - "name": "item", - "title": "AC-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider shall determine elements of the cloud environment that require the System Use Notification control. The elements of the cloud environment that require System Use Notification are approved and accepted by the JAB/AO." - }, - { - "id": "ac-8_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider shall determine how System Use Notification is going to be verified and provide appropriate periodicity of the check. The System Use Notification verification and periodicity are approved and accepted by the JAB/AO." - }, - { - "id": "ac-8_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "If not performed as part of a Configuration Baseline check, then there must be documented agreement on how to provide results of verification and the necessary periodicity of the verification by the service provider. The documented agreement on how to provide verification of the results are approved and accepted by the JAB/AO." - }, - { - "id": "ac-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "If performed as part of a Configuration Baseline check, then the % of items requiring setting that are checked and that pass (or fail) check can be provided." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-20", - "adds": [ - { - "position": "ending", - "by-id": "ac-20_smt", - "parts": [ - { - "id": "ac-20_fr", - "name": "item", - "title": "AC-20 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-20_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The interrelated controls of AC-20, CA-3, and SA-9 should be differentiated as follows:\n\nAC-20 describes system access to and from external systems.\n\nCA-3 describes documentation of an agreement between the respective system owners when data is exchanged between the CSO and an external system.\n\nSA-9 describes the responsibilities of external system owners. These responsibilities would typically be captured in the agreement required by CA-3." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-1", - "adds": [ - { - "position": "starting", - "by-id": "at-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "at-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "at-2", - "adds": [ - { - "position": "starting", - "by-id": "at-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.1-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.1-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-2.2", - "adds": [ - { - "position": "starting", - "by-id": "at-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-2.3", - "adds": [ - { - "position": "starting", - "by-id": "at-2.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-3", - "adds": [ - { - "position": "starting", - "by-id": "at-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-4", - "adds": [ - { - "position": "starting", - "by-id": "at-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-1", - "adds": [ - { - "position": "starting", - "by-id": "au-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "au-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "au-12", - "adds": [ - { - "position": "starting", - "by-id": "au-12_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-2", - "adds": [ - { - "position": "ending", - "by-id": "au-2_smt", - "parts": [ - { - "id": "au-2_fr", - "name": "item", - "title": "AU-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO." - }, - { - "id": "au-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(e) Guidance:" - } - ], - "prose": "Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-3", - "adds": [ - { - "position": "starting", - "by-id": "au-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-3.1", - "adds": [ - { - "position": "ending", - "by-id": "au-3.1_smt", - "parts": [ - { - "id": "au-3.1_fr", - "name": "item", - "title": "AU-3 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-3.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "For client-server transactions, the number of bytes sent and received gives bidirectional transfer information that can be helpful during an investigation or inquiry." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-3.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-3.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-4", - "adds": [ - { - "position": "starting", - "by-id": "au-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-5", - "adds": [ - { - "position": "starting", - "by-id": "au-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6", - "adds": [ - { - "position": "ending", - "by-id": "au-6_smt", - "parts": [ - { - "id": "au-6_fr", - "name": "item", - "title": "AU-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO. In multi-tenant environments, capability and means for providing review, analysis, and reporting to consumer for data pertaining to consumer shall be documented." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-11", - "adds": [ - { - "position": "ending", - "by-id": "au-11_smt", - "parts": [ - { - "id": "au-11_fr", - "name": "item", - "title": "AU-11 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-11_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider retains audit records on-line for at least ninety days and further preserves audit records off-line for a period that is in accordance with NARA requirements." - }, - { - "id": "au-11_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf)" - }, - { - "id": "au-11_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The service provider is encouraged to align with M-21-31 where possible" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-11", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6.1", - "adds": [ - { - "position": "starting", - "by-id": "au-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6.3", - "adds": [ - { - "position": "starting", - "by-id": "au-6.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6.3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-7", - "adds": [ - { - "position": "starting", - "by-id": "au-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-7.1", - "adds": [ - { - "position": "starting", - "by-id": "au-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-7.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-8", - "adds": [ - { - "position": "starting", - "by-id": "au-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-9", - "adds": [ - { - "position": "starting", - "by-id": "au-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-9.4", - "adds": [ - { - "position": "starting", - "by-id": "au-9.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-1", - "adds": [ - { - "position": "starting", - "by-id": "ca-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ca-2", - "adds": [ - { - "position": "ending", - "by-id": "ca-2_smt", - "parts": [ - { - "id": "ca-2_fr", - "name": "item", - "title": "CA-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Reference FedRAMP Annual Assessment Guidance." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.b.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-2.1", - "adds": [ - { - "position": "ending", - "by-id": "ca-2.1_smt", - "parts": [ - { - "id": "ca-2.1_fr", - "name": "item", - "title": "CA-2 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-2.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "For JAB Authorization, must use an accredited 3PAO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-2.3", - "adds": [ - { - "position": "starting", - "by-id": "ca-2.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-3", - "adds": [ - { - "position": "starting", - "by-id": "ca-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-5", - "adds": [ - { - "position": "ending", - "by-id": "ca-5_smt", - "parts": [ - { - "id": "ca-5_fr", - "name": "item", - "title": "CA-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "POA&Ms must be provided at least monthly." - }, - { - "id": "ca-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Reference FedRAMP-POAM-Template" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-6", - "adds": [ - { - "position": "ending", - "by-id": "ca-6_smt", - "parts": [ - { - "id": "ca-6_fr", - "name": "item", - "title": "CA-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-6_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(e) Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F and according to FedRAMP Significant Change Policies and Procedures. The service provider describes the types of changes to the information system or the environment of operations that would impact the risk posture. The types of changes are approved and accepted by the JAB/AO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-7", - "adds": [ - { - "position": "ending", - "by-id": "ca-7_smt", - "parts": [ - { - "id": "ca-7_fr", - "name": "item", - "title": "CA-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Operating System, Database, Web Application, Container, and Service Configuration Scans: at least monthly. All scans performed by Independent Assessor: at least annually." - }, - { - "id": "ca-7_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "CSOs with more than one agency ATO must implement a collaborative Continuous Monitoring (Con Mon) approach described in the FedRAMP Guide for Multi-Agency Continuous Monitoring. This requirement applies to CSPs authorized via the Agency path as each agency customer is responsible for performing Con Mon oversight. It does not apply to CSPs authorized via the JAB path because the JAB performs Con Mon oversight." - }, - { - "id": "ca-7_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "FedRAMP does not provide a template for the Continuous Monitoring Plan. CSPs should reference the FedRAMP Continuous Monitoring Strategy Guide when developing the Continuous Monitoring Plan." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-7.1", - "adds": [ - { - "position": "starting", - "by-id": "ca-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-7.4", - "adds": [ - { - "position": "starting", - "by-id": "ca-7.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-8", - "adds": [ - { - "position": "ending", - "by-id": "ca-8_smt", - "parts": [ - { - "id": "ca-8_fr", - "name": "item", - "title": "CA-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Reference the FedRAMP Penetration Test Guidance." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-8.1", - "adds": [ - { - "position": "starting", - "by-id": "ca-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-8.2", - "adds": [ - { - "position": "ending", - "by-id": "ca-8.2_smt", - "parts": [ - { - "id": "ca-8.2_fr", - "name": "item", - "title": "CA-8(2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-8.2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See the FedRAMP Documents page> Penetration Test Guidance\n\nhttps://www.FedRAMP.gov/documents/" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-8.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-8.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-8.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ca-9", - "adds": [ - { - "position": "starting", - "by-id": "ca-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-1", - "adds": [ - { - "position": "starting", - "by-id": "cm-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "cm-10", - "adds": [ - { - "position": "starting", - "by-id": "cm-10_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-11", - "adds": [ - { - "position": "starting", - "by-id": "cm-11_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-2", - "adds": [ - { - "position": "ending", - "by-id": "cm-2_smt", - "parts": [ - { - "id": "cm-2_fr", - "name": "item", - "title": "CM-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(b) (1) Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.b.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-2.2", - "adds": [ - { - "position": "starting", - "by-id": "cm-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-2.3", - "adds": [ - { - "position": "starting", - "by-id": "cm-2.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-2.7", - "adds": [ - { - "position": "starting", - "by-id": "cm-2.7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-3", - "adds": [ - { - "position": "ending", - "by-id": "cm-3_smt", - "parts": [ - { - "id": "cm-3_fr", - "name": "item", - "title": "CM-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider establishes a central means of communicating major changes to or developments in the information system or environment of operations that may affect its services to the federal government and associated service consumers (e.g., electronic bulletin board, web status page). The means of communication are approved and accepted by the JAB/AO." - }, - { - "id": "cm-3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(e) Guidance:" - } - ], - "prose": "In accordance with record retention policies and procedures." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.g-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.g-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-3.2", - "adds": [ - { - "position": "starting", - "by-id": "cm-3.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-3.4", - "adds": [ - { - "position": "starting", - "by-id": "cm-3.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-4", - "adds": [ - { - "position": "starting", - "by-id": "cm-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-4.2", - "adds": [ - { - "position": "starting", - "by-id": "cm-4.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-5", - "adds": [ - { - "position": "starting", - "by-id": "cm-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-5.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-5.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-5.5", - "adds": [ - { - "position": "starting", - "by-id": "cm-5.5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-6", - "adds": [ - { - "position": "ending", - "by-id": "cm-6_smt", - "parts": [ - { - "id": "cm-6_fr", - "name": "item", - "title": "CM-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement 1:" - } - ], - "prose": "The service provider shall use the DoD STIGs to establish configuration settings; Center for Internet Security up to Level 2 (CIS Level 2) guidelines shall be used if STIGs are not available; Custom baselines shall be used if CIS is not available." - }, - { - "id": "cm-6_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement 2:" - } - ], - "prose": "The service provider shall ensure that checklists for configuration settings are Security Content Automation Protocol (SCAP) validated or SCAP compatible (if validated checklists are not available)." - }, - { - "id": "cm-6_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP's Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-6.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-7", - "adds": [ - { - "position": "ending", - "by-id": "cm-7_smt", - "parts": [ - { - "id": "cm-7_fr", - "name": "item", - "title": "CM-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider shall use Security guidelines (See CM-6) to establish list of prohibited or restricted functions, ports, protocols, and/or services or establishes its own list of prohibited or restricted functions, ports, protocols, and/or services if STIGs or CIS is not available." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-7.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-7.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-7.2", - "adds": [ - { - "position": "ending", - "by-id": "cm-7.2_smt", - "parts": [ - { - "id": "cm-7.2_fr", - "name": "item", - "title": "CM-7 (2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-7.2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "This control refers to software deployment by CSP personnel into the production environment. The control requires a policy that states conditions for deploying software. This control shall be implemented in a technical manner on the information system to only allow programs to run that adhere to the policy (i.e. allow-listing). This control is not to be based off of strictly written policy on what is allowed or not allowed to run." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-7.5", - "adds": [ - { - "position": "starting", - "by-id": "cm-7.5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-8", - "adds": [ - { - "position": "ending", - "by-id": "cm-8_smt", - "parts": [ - { - "id": "cm-8_fr", - "name": "item", - "title": "CM-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "must be provided at least monthly or when there is a change." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-8.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-8.3", - "adds": [ - { - "position": "starting", - "by-id": "cm-8.3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-9", - "adds": [ - { - "position": "ending", - "by-id": "cm-9_smt", - "parts": [ - { - "id": "cm-9_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "FedRAMP does not provide a template for the Configuration Management Plan. However, NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems, provides guidelines for the implementation of CM controls as well as a sample CMP outline in Appendix D of the Guide" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-12", - "adds": [ - { - "position": "ending", - "by-id": "cm-12_smt", - "parts": [ - { - "id": "cm-12_fr", - "name": "item", - "title": "CM-12 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-12_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to FedRAMP Authorization Boundary Guidance" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-12.1", - "adds": [ - { - "position": "ending", - "by-id": "cm-12.1_smt", - "parts": [ - { - "id": "cm-12.1_fr", - "name": "item", - "title": "CM-12 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-12.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to FedRAMP Authorization Boundary Guidance." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-12.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-1", - "adds": [ - { - "position": "starting", - "by-id": "cp-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "cp-10", - "adds": [ - { - "position": "starting", - "by-id": "cp-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-10.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-10.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-10.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2", - "adds": [ - { - "position": "ending", - "by-id": "cp-2_smt", - "parts": [ - { - "id": "cp-2_fr", - "name": "item", - "title": "CP-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "For JAB authorizations the contingency lists include designated FedRAMP personnel." - }, - { - "id": "cp-2_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "CSPs must use the FedRAMP Information System Contingency Plan (ISCP) Template (available on the fedramp.gov: https://www.fedramp.gov/assets/resources/templates/SSP-A06-FedRAMP-ISCP-Template.docx)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.e-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.e-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2.3", - "adds": [ - { - "position": "starting", - "by-id": "cp-2.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2.8", - "adds": [ - { - "position": "starting", - "by-id": "cp-2.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-3", - "adds": [ - { - "position": "ending", - "by-id": "cp-3_smt", - "parts": [ - { - "id": "cp-3_fr", - "name": "item", - "title": "CP-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "Privileged admins and engineers must take the basic contingency training within 10 days. Consideration must be given for those privileged admins and engineers with critical contingency-related roles, to gain enough system context and situational awareness to understand the full impact of contingency training as it applies to their respective level. Newly hired critical contingency personnel must take this more in-depth training within 60 days of hire date when the training will have more impact." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-4", - "adds": [ - { - "position": "ending", - "by-id": "cp-4_smt", - "parts": [ - { - "id": "cp-4_fr", - "name": "item", - "title": "CP-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider develops test plans in accordance with NIST Special Publication 800-34 (as amended); plans are approved by the JAB/AO prior to initiating testing." - }, - { - "id": "cp-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider must include the Contingency Plan test results with the security package within the Contingency Plan-designated appendix (Appendix G, Contingency Plan Test Report)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cp-4.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-4.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-6", - "adds": [ - { - "position": "starting", - "by-id": "cp-6_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-6.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-6.3", - "adds": [ - { - "position": "starting", - "by-id": "cp-6.3_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6.3_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-7", - "adds": [ - { - "position": "ending", - "by-id": "cp-7_smt", - "parts": [ - { - "id": "cp-7_fr", - "name": "item", - "title": "CP-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider defines a time period consistent with the recovery time objectives and business impact analysis." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-7.1", - "adds": [ - { - "position": "ending", - "by-id": "cp-7.1_smt", - "parts": [ - { - "id": "cp-7.1_fr", - "name": "item", - "title": "CP-7 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-7.1_fr_smt.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The service provider may determine what is considered a sufficient degree of separation between the primary and alternate processing sites, based on the types of threats that are of concern. For one particular type of threat (i.e., hostile cyber attack), the degree of separation between sites will be less relevant." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-7.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-7.2_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.2_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-7.3", - "adds": [ - { - "position": "starting", - "by-id": "cp-7.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-8", - "adds": [ - { - "position": "ending", - "by-id": "cp-8_smt", - "parts": [ - { - "id": "cp-8_fr", - "name": "item", - "title": "CP-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-8_fr_gdn.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider defines a time period consistent with the recovery time objectives and business impact analysis." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-8.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-8.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-8.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-8.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-9", - "adds": [ - { - "position": "ending", - "by-id": "cp-9_smt", - "parts": [ - { - "id": "cp-9_fr", - "name": "item", - "title": "CP-9 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-9_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider shall determine what elements of the cloud environment require the Information System Backup control. The service provider shall determine how Information System Backup is going to be verified and appropriate periodicity of the check." - }, - { - "id": "cp-9_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider maintains at least three backup copies of user-level information (at least one of which is available online) or provides an equivalent alternative." - }, - { - "id": "cp-9_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider maintains at least three backup copies of system-level information (at least one of which is available online) or provides an equivalent alternative." - }, - { - "id": "cp-9_fr_smt.4", - "name": "item", - "props": [ - { - "name": "label", - "value": "(c) Requirement:" - } - ], - "prose": "The service provider maintains at least three backup copies of information system documentation including security information (at least one of which is available online) or provides an equivalent alternative." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-9.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-9.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-9.8", - "adds": [ - { - "position": "ending", - "by-id": "cp-9.8_smt", - "parts": [ - { - "id": "cp-9.8_fr", - "name": "item", - "title": "CP-9 (8) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-9.8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-1", - "adds": [ - { - "position": "starting", - "by-id": "ia-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ia-12.2", - "adds": [ - { - "position": "starting", - "by-id": "ia-12.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-12.3", - "adds": [ - { - "position": "starting", - "by-id": "ia-12.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-2", - "adds": [ - { - "position": "ending", - "by-id": "ia-2_smt", - "parts": [ - { - "id": "ia-2_fr", - "name": "item", - "title": "IA-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "For all control enhancements that specify multifactor authentication, the implementation must adhere to the Digital Identity Guidelines specified in NIST Special Publication 800-63B." - }, - { - "id": "ia-2_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Multi-factor authentication must be phishing-resistant." - }, - { - "id": "ia-2_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "All uses of encrypted virtual private networks must meet all applicable Federal requirements and architecture, dataflow, and security and privacy controls must be documented, assessed, and authorized to operate." - }, - { - "id": "ia-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "\\\"Phishing-resistant\\\" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.1", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.1_smt", - "parts": [ - { - "id": "ia-2.1_fr", - "name": "item", - "title": "IA-2 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." - }, - { - "id": "ia-2.1_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Multi-factor authentication must be phishing-resistant." - }, - { - "id": "ia-2.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.2", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.2_smt", - "parts": [ - { - "id": "ia-2.2_fr", - "name": "item", - "title": "IA-2 (2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." - }, - { - "id": "ia-2.2_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Multi-factor authentication must be phishing-resistant." - }, - { - "id": "ia-2.2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.5", - "adds": [ - { - "position": "starting", - "by-id": "ia-2.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.6", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.6_smt", - "parts": [ - { - "id": "ia-2.6_fr", - "name": "item", - "title": "IA-2 (6) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.6_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "PIV=separate device. Please refer to NIST SP 800-157 Guidelines for Derived Personal Identity Verification (PIV) Credentials." - }, - { - "id": "ia-2.6_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See SC-13 Guidance for more information on FIPS-validated or NSA-approved cryptography." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.12", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.12_smt", - "parts": [ - { - "id": "ia-2.12_fr", - "name": "item", - "title": "IA-2 (12) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.12_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Include Common Access Card (CAC), i.e., the DoD technical implementation of PIV/FIPS 201/HSPD-12." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.8", - "adds": [ - { - "position": "starting", - "by-id": "ia-2.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-3", - "adds": [ - { - "position": "starting", - "by-id": "ia-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-4", - "adds": [ - { - "position": "starting", - "by-id": "ia-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-4.4", - "adds": [ - { - "position": "starting", - "by-id": "ia-4.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5", - "adds": [ - { - "position": "ending", - "by-id": "ia-5_smt", - "parts": [ - { - "id": "ia-5_fr", - "name": "item", - "title": "IA-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Authenticators must be compliant with NIST SP 800-63-3 Digital Identity Guidelines IAL, AAL, FAL level 2. Link https://pages.nist.gov/800-63-3" - }, - { - "id": "ia-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "SP 800-63C Section 6.2.3 Encrypted Assertion requires that authentication assertions be encrypted when passed through third parties, such as a browser. For example, a SAML assertion can be encrypted using XML-Encryption, or an OpenID Connect ID Token can be encrypted using JSON Web Encryption (JWE)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.h-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.h-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-5.1", - "adds": [ - { - "position": "ending", - "by-id": "ia-5.1_smt", - "parts": [ - { - "id": "ia-5.1_fr", - "name": "item", - "title": "IA-5 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Password policies must be compliant with NIST SP 800-63B for all memorized, lookup, out-of-band, or One-Time-Passwords (OTP). Password policies shall not enforce special character or minimum password rotation requirements for memorized secrets of users." - }, - { - "id": "ia-5.1_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(h) Requirement:" - } - ], - "prose": "For cases where technology doesn't allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." - }, - { - "id": "ia-5.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Note that (c) and (d) require the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5.2", - "adds": [ - { - "position": "starting", - "by-id": "ia-5.2_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5.6", - "adds": [ - { - "position": "starting", - "by-id": "ia-5.6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5.7", - "adds": [ - { - "position": "ending", - "by-id": "ia-5.7_smt", - "parts": [ - { - "id": "ia-5.7_fr", - "name": "item", - "title": "IA-5 (7) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5.7_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "In this context, prohibited static storage refers to any storage where unencrypted authenticators, such as passwords, persist beyond the time required to complete the access process." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-11", - "adds": [ - { - "position": "ending", - "by-id": "ia-11_smt", - "parts": [ - { - "id": "ia-11_fr", - "name": "item", - "title": "IA-11 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-11_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The fixed time period cannot exceed the limits set in SP 800-63. At this writing they are:\n\n* AAL2 (moderate baseline) * 12 hours or * 30 minutes of inactivity \n" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-12", - "adds": [ - { - "position": "ending", - "by-id": "ia-12_smt", - "parts": [ - { - "id": "ia-12_fr", - "name": "item", - "title": "IA-12 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-12_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "In accordance with NIST SP 800-63A Enrollment and Identity Proofing" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-12.5", - "adds": [ - { - "position": "ending", - "by-id": "ia-12.5_smt", - "parts": [ - { - "id": "ia-12.5_fr", - "name": "item", - "title": "IA-12 (5) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-12.5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "In accordance with NIST SP 800-63A Enrollment and Identity Proofing" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-12.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-6", - "adds": [ - { - "position": "starting", - "by-id": "ia-6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-7", - "adds": [ - { - "position": "starting", - "by-id": "ia-7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8", - "adds": [ - { - "position": "starting", - "by-id": "ia-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8.1", - "adds": [ - { - "position": "starting", - "by-id": "ia-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8.2", - "adds": [ - { - "position": "starting", - "by-id": "ia-8.2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8.4", - "adds": [ - { - "position": "starting", - "by-id": "ia-8.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-1", - "adds": [ - { - "position": "starting", - "by-id": "ir-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ir-2", - "adds": [ - { - "position": "starting", - "by-id": "ir-2_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-3", - "adds": [ - { - "position": "ending", - "by-id": "ir-3_smt", - "parts": [ - { - "id": "ir-3_fr", - "name": "item", - "title": "IR-3-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider defines tests and/or exercises in accordance with NIST Special Publication 800-61 (as amended). Functional testing must occur prior to testing for initial authorization. Annual functional testing may be concurrent with required penetration tests (see CA-8). The service provider provides test plans to the JAB/AO annually. Test plans are approved and accepted by the JAB/AO prior to test commencing." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-3.2", - "adds": [ - { - "position": "starting", - "by-id": "ir-3.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-3.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-4", - "adds": [ - { - "position": "ending", - "by-id": "ir-4_smt", - "parts": [ - { - "id": "ir-4_fr", - "name": "item", - "title": "IR-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The FISMA definition of \\\"incident\\\" shall be used: \\\"An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.\\\"" - }, - { - "id": "ir-4_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider ensures that individuals conducting incident handling meet personnel security requirements commensurate with the criticality/sensitivity of the information being processed, stored, and transmitted by the information system." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-4.1", - "adds": [ - { - "position": "starting", - "by-id": "ir-4.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-5", - "adds": [ - { - "position": "starting", - "by-id": "ir-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-6", - "adds": [ - { - "position": "ending", - "by-id": "ir-6_smt", - "parts": [ - { - "id": "ir-6_fr", - "name": "item", - "title": "IR-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Reports security incident information according to FedRAMP Incident Communications Procedure." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-6.1", - "adds": [ - { - "position": "starting", - "by-id": "ir-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-6.3", - "adds": [ - { - "position": "starting", - "by-id": "ir-6.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-7", - "adds": [ - { - "position": "starting", - "by-id": "ir-7_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-7_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-7.1", - "adds": [ - { - "position": "starting", - "by-id": "ir-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-7.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-8", - "adds": [ - { - "position": "ending", - "by-id": "ir-8_smt", - "parts": [ - { - "id": "ir-8_fr", - "name": "item", - "title": "IR-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." - }, - { - "id": "ir-8_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(d) Requirement:" - } - ], - "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.10", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-9", - "adds": [ - { - "position": "starting", - "by-id": "ir-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-9.2", - "adds": [ - { - "position": "starting", - "by-id": "ir-9.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-9.3", - "adds": [ - { - "position": "starting", - "by-id": "ir-9.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-9.4", - "adds": [ - { - "position": "starting", - "by-id": "ir-9.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-1", - "adds": [ - { - "position": "starting", - "by-id": "ma-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ma-2", - "adds": [ - { - "position": "starting", - "by-id": "ma-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-3", - "adds": [ - { - "position": "starting", - "by-id": "ma-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-3.1", - "adds": [ - { - "position": "starting", - "by-id": "ma-3.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-3.2", - "adds": [ - { - "position": "starting", - "by-id": "ma-3.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ma-3.3", - "adds": [ - { - "position": "starting", - "by-id": "ma-3.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-4", - "adds": [ - { - "position": "starting", - "by-id": "ma-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-5", - "adds": [ - { - "position": "starting", - "by-id": "ma-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-5.1", - "adds": [ - { - "position": "ending", - "by-id": "ma-5.1_smt", - "parts": [ - { - "id": "ma-5.1_fr", - "name": "item", - "title": "MA-5 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ma-5.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Only MA-5 (1) (a) (1) is required by FedRAMP Moderate Baseline" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ma-5.1_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5.1_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-5.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-6", - "adds": [ - { - "position": "starting", - "by-id": "ma-6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-1", - "adds": [ - { - "position": "starting", - "by-id": "mp-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "mp-2", - "adds": [ - { - "position": "starting", - "by-id": "mp-2_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-2_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-3", - "adds": [ - { - "position": "ending", - "by-id": "mp-3_smt", - "parts": [ - { - "id": "mp-3_fr", - "name": "item", - "title": "MP-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "mp-3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(b) Guidance:" - } - ], - "prose": "Second parameter not-applicable" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "mp-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-4", - "adds": [ - { - "position": "ending", - "by-id": "mp-4_smt", - "parts": [ - { - "id": "mp-4_fr", - "name": "item", - "title": "MP-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "mp-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider defines controlled areas within facilities where the information and information system reside." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-5", - "adds": [ - { - "position": "ending", - "by-id": "mp-5_smt", - "parts": [ - { - "id": "mp-5_fr", - "name": "item", - "title": "MP-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "mp-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider defines security measures to protect digital and non-digital media in transport. The security measures are approved and accepted by the JAB/AO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-6", - "adds": [ - { - "position": "starting", - "by-id": "mp-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-7", - "adds": [ - { - "position": "starting", - "by-id": "mp-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-1", - "adds": [ - { - "position": "starting", - "by-id": "pe-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "pe-10", - "adds": [ - { - "position": "starting", - "by-id": "pe-10_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-11", - "adds": [ - { - "position": "starting", - "by-id": "pe-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-12", - "adds": [ - { - "position": "starting", - "by-id": "pe-12_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-13", - "adds": [ - { - "position": "starting", - "by-id": "pe-13_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-13.1", - "adds": [ - { - "position": "starting", - "by-id": "pe-13.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.1_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-13.2", - "adds": [ - { - "position": "starting", - "by-id": "pe-13.2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-14", - "adds": [ - { - "position": "ending", - "by-id": "pe-14_smt", - "parts": [ - { - "id": "pe-14_fr", - "name": "item", - "title": "PE-14 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pe-14_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider measures temperature at server inlets and humidity levels by dew point." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-15", - "adds": [ - { - "position": "starting", - "by-id": "pe-15_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-16", - "adds": [ - { - "position": "starting", - "by-id": "pe-16_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-17", - "adds": [ - { - "position": "starting", - "by-id": "pe-17_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-2", - "adds": [ - { - "position": "starting", - "by-id": "pe-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-3", - "adds": [ - { - "position": "starting", - "by-id": "pe-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.e-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.e-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.e-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.g-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.g-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "pe-4", - "adds": [ - { - "position": "starting", - "by-id": "pe-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-5", - "adds": [ - { - "position": "starting", - "by-id": "pe-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-6", - "adds": [ - { - "position": "starting", - "by-id": "pe-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-6.1", - "adds": [ - { - "position": "starting", - "by-id": "pe-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-8", - "adds": [ - { - "position": "starting", - "by-id": "pe-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-9", - "adds": [ - { - "position": "starting", - "by-id": "pe-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-1", - "adds": [ - { - "position": "starting", - "by-id": "pl-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "pl-11", - "adds": [ - { - "position": "starting", - "by-id": "pl-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-2", - "adds": [ - { - "position": "starting", - "by-id": "pl-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.4-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.4-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.10-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.10-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.11", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.12-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.12-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.13-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.13-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.14-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.14-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.15-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.15-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-4", - "adds": [ - { - "position": "starting", - "by-id": "pl-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-4.1", - "adds": [ - { - "position": "starting", - "by-id": "pl-4.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-8", - "adds": [ - { - "position": "ending", - "by-id": "pl-8_smt", - "parts": [ - { - "id": "pl-8_fr", - "name": "item", - "title": "PL-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pl-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(b) Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-10", - "adds": [ - { - "position": "ending", - "by-id": "pl-10_smt", - "parts": [ - { - "id": "pl-10_fr", - "name": "item", - "title": "PL-10 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pl-10_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Select the appropriate FedRAMP Baseline" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "pl-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-1", - "adds": [ - { - "position": "starting", - "by-id": "ps-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ps-2", - "adds": [ - { - "position": "starting", - "by-id": "ps-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-3", - "adds": [ - { - "position": "starting", - "by-id": "ps-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-3.3", - "adds": [ - { - "position": "starting", - "by-id": "ps-3.3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3.3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-3.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-4", - "adds": [ - { - "position": "starting", - "by-id": "ps-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-5", - "adds": [ - { - "position": "starting", - "by-id": "ps-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-6", - "adds": [ - { - "position": "starting", - "by-id": "ps-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-7", - "adds": [ - { - "position": "starting", - "by-id": "ps-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-8", - "adds": [ - { - "position": "starting", - "by-id": "ps-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-9", - "adds": [ - { - "position": "starting", - "by-id": "ps-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-1", - "adds": [ - { - "position": "starting", - "by-id": "ra-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ra-2", - "adds": [ - { - "position": "starting", - "by-id": "ra-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-3", - "adds": [ - { - "position": "ending", - "by-id": "ra-3_smt", - "parts": [ - { - "id": "ra-3_fr", - "name": "item", - "title": "RA-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ra-3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." - }, - { - "id": "ra-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(e) Requirement:" - } - ], - "prose": "Include all Authorizing Officials; for JAB authorizations to include FedRAMP." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-3.1", - "adds": [ - { - "position": "starting", - "by-id": "ra-3.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-5", - "adds": [ - { - "position": "ending", - "by-id": "ra-5_smt", - "parts": [ - { - "id": "ra-5_fr", - "name": "item", - "title": "RA-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ra-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See the FedRAMP Documents page> Vulnerability Scanning Requirements https://www.FedRAMP.gov/documents/" - }, - { - "id": "ra-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "an accredited independent assessor scans operating systems/infrastructure, web applications, and databases once annually." - }, - { - "id": "ra-5_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(d) Requirement:" - } - ], - "prose": "If a vulnerability is listed among the CISA Known Exploited Vulnerability (KEV) Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) the KEV remediation date supersedes the FedRAMP parameter requirement." - }, - { - "id": "ra-5_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "(e) Requirement:" - } - ], - "prose": "to include all Authorizing Officials; for JAB authorizations to include FedRAMP" - }, - { - "id": "ra-5_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a \\\"warning\\\" as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on \\\"Tracking of Compliance Scans\\\" in FAQs." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ra-5.11", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-5.2", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ra-5.3", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ra-5.5", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-7", - "adds": [ - { - "position": "starting", - "by-id": "ra-7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-9", - "adds": [ - { - "position": "starting", - "by-id": "ra-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-1", - "adds": [ - { - "position": "starting", - "by-id": "sa-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "sa-11", - "adds": [ - { - "position": "starting", - "by-id": "sa-11_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-11.2", - "adds": [ - { - "position": "starting", - "by-id": "sa-11.2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.b-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.b-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.d-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.d-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-15", - "adds": [ - { - "position": "starting", - "by-id": "sa-15_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-15.3", - "adds": [ - { - "position": "starting", - "by-id": "sa-15.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-15.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-2", - "adds": [ - { - "position": "starting", - "by-id": "sa-2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-22", - "adds": [ - { - "position": "starting", - "by-id": "sa-22_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-22_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-22_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-22_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-3", - "adds": [ - { - "position": "starting", - "by-id": "sa-3_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4", - "adds": [ - { - "position": "ending", - "by-id": "sa-4_smt", - "parts": [ - { - "id": "sa-4_fr", - "name": "item", - "title": "SA-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "sa-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider must comply with Federal Acquisition Regulation (FAR) Subpart 7.103, and Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year 2019 (Pub. L. 115-232), and FAR Subpart 4.21, which implements Section 889 (as well as any added updates related to FISMA to address security concerns in the system acquisitions process)." - }, - { - "id": "sa-4_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The use of Common Criteria (ISO/IEC 15408) evaluated products is strongly preferred.\n\nSee https://www.niap-ccevs.org/Product/index.cfm or https://www.commoncriteriaportal.org/products/." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-10", - "adds": [ - { - "position": "ending", - "by-id": "sa-10_smt", - "parts": [ - { - "id": "sa-10_fr", - "name": "item", - "title": "SA-10 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "sa-10_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(e) Requirement:" - } - ], - "prose": "track security flaws and flaw resolution within the system, component, or service and report findings to organization-defined personnel, to include FedRAMP." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-11.1", - "adds": [ - { - "position": "ending", - "by-id": "sa-11.1_smt", - "parts": [ - { - "id": "sa-11.1_fr", - "name": "item", - "title": "SA-11(1) Additional FedRAMP Requirements", - "parts": [ - { - "id": "sa-11.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider must document its methodology for reviewing newly developed code for the Service in its Continuous Monitoring Plan.\n\nIf Static code analysis cannot be performed (for example, when the source code is not available), then dynamic code analysis must be performed (see SA-11 (8))" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sa-4.1", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4.10", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4.2", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4.9", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-5", - "adds": [ - { - "position": "starting", - "by-id": "sa-5_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.2-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.2-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.3-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.3-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-8", - "adds": [ - { - "position": "starting", - "by-id": "sa-8_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-10", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-9", - "adds": [ - { - "position": "starting", - "by-id": "sa-9_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sa-9.1", - "adds": [ - { - "position": "starting", - "by-id": "sa-9.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-9.2", - "adds": [ - { - "position": "starting", - "by-id": "sa-9.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-9.5", - "adds": [ - { - "position": "starting", - "by-id": "sa-9.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-1", - "adds": [ - { - "position": "starting", - "by-id": "sc-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "sc-10", - "adds": [ - { - "position": "starting", - "by-id": "sc-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-17", - "adds": [ - { - "position": "starting", - "by-id": "sc-17_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-17_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-17_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-17_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-18", - "adds": [ - { - "position": "starting", - "by-id": "sc-18_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-18_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-18_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-18_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-2", - "adds": [ - { - "position": "starting", - "by-id": "sc-2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-22", - "adds": [ - { - "position": "starting", - "by-id": "sc-22_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-22_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-23", - "adds": [ - { - "position": "starting", - "by-id": "sc-23_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-23_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-39", - "adds": [ - { - "position": "starting", - "by-id": "sc-39_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-39_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-4", - "adds": [ - { - "position": "starting", - "by-id": "sc-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-45", - "adds": [ - { - "position": "starting", - "by-id": "sc-45_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-45_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-5", - "adds": [ - { - "position": "starting", - "by-id": "sc-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-7", - "adds": [ - { - "position": "ending", - "by-id": "sc-7_smt", - "parts": [ - { - "id": "sc-7_fr", - "name": "item", - "title": "SC-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "sc-7_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(b) Guidance:" - } - ], - "prose": "SC-7 (b) should be met by subnet isolation. A subnetwork (subnet) is a physically or logically segmented section of a larger network defined at TCP/IP Layer 3, to both minimize traffic and, important for a FedRAMP Authorization, add a crucial layer of network isolation. Subnets are distinct from VLANs (Layer 2), security groups, and VPCs and are specifically required to satisfy SC-7 part b and other controls. See the FedRAMP Subnets White Paper (https://www.fedramp.gov/assets/resources/documents/FedRAMP_subnets_white_paper.pdf) for additional information." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-7.12", - "adds": [ - { - "position": "starting", - "by-id": "sc-7.12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-7.18", - "adds": [ - { - "position": "starting", - "by-id": "sc-7.18_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.18_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.18", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-7.3", - "adds": [ - { - "position": "starting", - "by-id": "sc-7.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-7.4", - "adds": [ - { - "position": "starting", - "by-id": "sc-7.4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-7.5", + "control-id": "ca-8", "adds": [ { "position": "ending", - "by-id": "sc-7.5_smt", + "by-id": "ca-8_smt", "parts": [ { - "id": "sc-7.5_fr", + "id": "ca-8_fr", "name": "item", - "title": "SC-7 (5) Additional FedRAMP Requirements and Guidance", + "title": "CA-8 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-7.5_fr_gdn.1", + "id": "ca-8_fr_gdn.1", "name": "guidance", "props": [ { @@ -32651,202 +2997,28 @@ "value": "Guidance:" } ], - "prose": "For JAB Authorization, CSPs shall include details of this control in their Architecture Briefing" + "prose": "Reference the FedRAMP Penetration Test Guidance." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-7.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-7.7", - "adds": [ - { - "position": "starting", - "by-id": "sc-7.7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-7.8", - "adds": [ - { - "position": "starting", - "by-id": "sc-7.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-8", + "control-id": "ca-8.2", "adds": [ { "position": "ending", - "by-id": "sc-8_smt", + "by-id": "ca-8.2_smt", "parts": [ { - "id": "sc-8_fr", + "id": "ca-8.2_fr", "name": "item", - "title": "SC-8 Additional FedRAMP Requirements and Guidance", + "title": "CM-2 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n\n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work - e.g. log collection, scanning, etc.\n\n\n\n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters\n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information]" - }, - { - "id": "sc-8_fr_gdn.2", + "id": "ca-8.2_fr_gdn.1", "name": "guidance", "props": [ { @@ -32854,305 +3026,119 @@ "value": "Guidance:" } ], - "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n\n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n\n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS's Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS' recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n\n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n\n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n\n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf" + "prose": "See the FedRAMP Documents page> Penetration Test Guidance\n\nhttps://www.FedRAMP.gov/documents/" } ] } ] - }, - { - "position": "starting", - "by-id": "sc-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-8.1", + "control-id": "cm-2", "adds": [ { "position": "ending", - "by-id": "sc-8.1_smt", + "by-id": "cm-2_smt", "parts": [ { - "id": "sc-8.1_fr", + "id": "cm-2_fr", "name": "item", - "title": "SC-8 (1) Additional FedRAMP Requirements and Guidance", + "title": "CM-2 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-8.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Please ensure SSP Section 10.3 Cryptographic Modules Implemented for Data At Rest (DAR) and Data In Transit (DIT) is fully populated for reference in this control." - }, - { - "id": "sc-8.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See M-22-09, including \\\"Agencies encrypt all DNS requests and HTTP traffic within their environment\\\"\n\nSC-8 (1) applies when encryption has been selected as the method to protect confidentiality and integrity. Otherwise refer to SC-8 (5). SC-8 (1) is strongly encouraged." - }, - { - "id": "sc-8.1_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" - }, - { - "id": "sc-8.1_fr_gdn.3", + "id": "cm-2_fr_gdn.1", "name": "guidance", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(b) (1) Guidance:" } ], - "prose": "When leveraging encryption from the underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "sc-12", + "control-id": "cm-3", "adds": [ { "position": "ending", - "by-id": "sc-12_smt", + "by-id": "cm-3_smt", "parts": [ { - "id": "sc-12_fr", + "id": "cm-3_fr", "name": "item", - "title": "SC-12 Additional FedRAMP Requirements and Guidance", + "title": "CM-3 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-12_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See references in NIST 800-53 documentation." - }, - { - "id": "sc-12_fr_gdn.2", - "name": "guidance", + "id": "cm-3_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "Must meet applicable Federal Cryptographic Requirements. See References Section of control." + "prose": "The service provider establishes a central means of communicating major changes to or developments in the information system or environment of operations that may affect its services to the federal government and associated service consumers (e.g., electronic bulletin board, web status page). The means of communication are approved and accepted by the JAB/AO." }, - { - "id": "sc-12_fr_gdn.3", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Wildcard certificates may be used internally within the system, but are not permitted for external customer access to the system." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sc-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + { + "id": "cm-3_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(e) Guidance:" + } + ], + "prose": "In accordance with record retention policies and procedures." + } + ] } ] } ] }, { - "control-id": "sc-13", + "control-id": "cm-6", "adds": [ { "position": "ending", - "by-id": "sc-13_smt", + "by-id": "cm-6_smt", "parts": [ { - "id": "sc-13_fr", + "id": "cm-6_fr", "name": "item", - "title": "SC-13 Additional FedRAMP Requirements and Guidance", + "title": "CM-6 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-13_fr_gdn.1", - "name": "guidance", + "id": "cm-6_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement 1:" } ], - "prose": "This control applies to all use of cryptography. In addition to encryption, this includes functions such as hashing, random number generation, and key generation. Examples include the following:\n\n* Encryption of data\n* Decryption of data\n* Generation of one time passwords (OTPs) for MFA\n* Protocols such as TLS, SSH, and HTTPS\n\n\n\n\nThe requirement for FIPS 140 validation, as well as timelines for acceptance of FIPS 140-2, and 140-3 can be found at the NIST Cryptographic Module Validation Program (CMVP).\n\nhttps://csrc.nist.gov/projects/cryptographic-module-validation-program" + "prose": "The service provider shall use the DoD STIGs to establish configuration settings; Center for Internet Security up to Level 2 (CIS Level 2) guidelines shall be used if STIGs are not available; Custom baselines shall be used if CIS is not available." }, { - "id": "sc-13_fr_gdn.2", - "name": "guidance", + "id": "cm-6_fr_smt.2", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement 2:" } ], - "prose": "For NSA-approved cryptography, the National Information Assurance Partnership (NIAP) oversees a national program to evaluate Commercial IT Products for Use in National Security Systems. The NIAP Product Compliant List can be found at the following location:\n\nhttps://www.niap-ccevs.org/Product/index.cfm" + "prose": "The service provider shall ensure that checklists for configuration settings are Security Content Automation Protocol (SCAP) validated or SCAP compatible (if validated checklists are not available)." }, { - "id": "sc-13_fr_gdn.3", + "id": "cm-6_fr_gdn.1", "name": "guidance", "props": [ { @@ -33160,21 +3146,57 @@ "value": "Guidance:" } ], - "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." - }, + "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP\u2019s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." + } + ] + } + ] + } + ] + }, + { + "control-id": "cm-7", + "adds": [ + { + "position": "ending", + "by-id": "cm-7_smt", + "parts": [ + { + "id": "cm-7_fr", + "name": "item", + "title": "CM-7 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-13_fr_gdn.4", - "name": "guidance", + "id": "cm-7_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(b) Requirement:" } ], - "prose": "Moving to non-FIPS CM or product is acceptable when:\n\n* FIPS validated version has a known vulnerability\n* Feature with vulnerability is in use\n* Non-FIPS version fixes the vulnerability\n* Non-FIPS version is submitted to NIST for FIPS validation\n* POA&M is added to track approval, and deployment when ready\n" - }, + "prose": "The service provider shall use Security guidelines (See CM-6) to establish list of prohibited or restricted functions, ports, protocols, and/or services or establishes its own list of prohibited or restricted functions, ports, protocols, and/or services if STIGs or CIS is not available." + } + ] + } + ] + } + ] + }, + { + "control-id": "cm-7.2", + "adds": [ + { + "position": "ending", + "by-id": "cm-7.2_smt", + "parts": [ + { + "id": "cm-7.2_fr", + "name": "item", + "title": "CM-7 (2) Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-13_fr_gdn.5", + "id": "cm-7.2_fr_gdn.1", "name": "guidance", "props": [ { @@ -33182,113 +3204,28 @@ "value": "Guidance:" } ], - "prose": "At a minimum, this control applies to cryptography in use for the following controls: AU-9(3), CP-9(8), IA-2(6), IA-5(1), MP-5, SC-8(1), and SC-28(1)." + "prose": "This control refers to software deployment by CSP personnel into the production environment. The control requires a policy that states conditions for deploying software. This control shall be implemented in a technical manner on the information system to only allow programs to run that adhere to the policy (i.e. allow-listing). This control is not to be based off of strictly written policy on what is allowed or not allowed to run." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-13_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-13_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-13_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-13_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-13", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-15", + "control-id": "cm-8", "adds": [ { "position": "ending", - "by-id": "sc-15_smt", + "by-id": "cm-8_smt", "parts": [ { - "id": "sc-15_fr", + "id": "cm-8_fr", "name": "item", - "title": "SC-15 Additional FedRAMP Requirements and Guidance", + "title": "CM-8 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-15_fr_smt.1", + "id": "cm-8_fr_smt.1", "name": "item", "props": [ { @@ -33296,102 +3233,79 @@ "value": "Requirement:" } ], - "prose": "The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use." + "prose": "must be provided at least monthly or when there is a change." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-15_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-15_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, + } + ] + }, + { + "control-id": "cm-9", + "adds": [ { - "position": "starting", - "by-id": "sc-15_smt.a", - "props": [ + "position": "ending", + "by-id": "cm-9_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "cm-9_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "FedRAMP does not provide a template for the Configuration Management Plan. However, NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems, provides guidelines for the implementation of CM controls as well as a sample CMP outline in Appendix D of the Guide" } ] - }, + } + ] + }, + { + "control-id": "cm-12", + "adds": [ { - "position": "starting", - "by-id": "sc-15_smt.b", - "props": [ + "position": "ending", + "by-id": "cm-12_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "cm-12_fr", + "name": "item", + "title": "CM-12 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cm-12_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "According to FedRAMP Authorization Boundary Guidance" + } + ] } ] } ] }, { - "control-id": "sc-20", + "control-id": "cm-12.1", "adds": [ { "position": "ending", - "by-id": "sc-20_smt", + "by-id": "cm-12.1_smt", "parts": [ { - "id": "sc-20_fr", + "id": "cm-12.1_fr", "name": "item", - "title": "SC-20 Additional FedRAMP Requirements and Guidance", + "title": "CM-12 (1) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-20_fr_smt.1", + "id": "cm-12.1_fr_smt.1", "name": "item", "props": [ { @@ -33399,203 +3313,166 @@ "value": "Requirement:" } ], - "prose": "Control Description should include how DNSSEC is implemented on authoritative DNS servers to supply valid responses to external DNSSEC requests." - }, + "prose": "According to FedRAMP Authorization Boundary Guidance." + } + ] + } + ] + } + ] + }, + { + "control-id": "cp-2", + "adds": [ + { + "position": "ending", + "by-id": "cp-2_smt", + "parts": [ + { + "id": "cp-2_fr", + "name": "item", + "title": "CP-2 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-20_fr_gdn.1", - "name": "guidance", + "id": "cp-2_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "SC-20 applies to use of external authoritative DNS to access a CSO from outside the boundary." + "prose": "For JAB authorizations the contingency lists include designated FedRAMP personnel." }, { - "id": "sc-20_fr_gdn.2", - "name": "guidance", + "id": "cp-2_fr_smt.2", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "External authoritative DNS servers may be located outside an authorized environment. Positioning these servers inside an authorized boundary is encouraged." - }, + "prose": "CSPs must use the FedRAMP Information System Contingency Plan (ISCP) Template (available on the fedramp.gov: https://www.fedramp.gov/assets/resources/templates/SSP-A06-FedRAMP-ISCP-Template.docx)." + } + ] + } + ] + } + ] + }, + { + "control-id": "cp-3", + "adds": [ + { + "position": "ending", + "by-id": "cp-3_smt", + "parts": [ + { + "id": "cp-3_fr", + "name": "item", + "title": "CP-3 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-20_fr_gdn.3", - "name": "guidance", + "id": "cp-3_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "CSPs are recommended to self-check DNSSEC configuration through one of many available analyzers such as Sandia National Labs (https://dnsviz.net)" + "prose": "Privileged admins and engineers must take the basic contingency training within 10 days. Consideration must be given for those privileged admins and engineers with critical contingency-related roles, to gain enough system context and situational awareness to understand the full impact of contingency training as it applies to their respective level. Newly hired critical contingency personnel must take this more in-depth training within 60 days of hire date when the training will have more impact." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-20_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "sc-21", + "control-id": "cp-4", "adds": [ { "position": "ending", - "by-id": "sc-21_smt", + "by-id": "cp-4_smt", "parts": [ { - "id": "sc-21_fr", + "id": "cp-4_fr", "name": "item", - "title": "SC-21 Additional FedRAMP Requirements and Guidance", + "title": "CP-4 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-21_fr_smt.1", + "id": "cp-4_fr_smt.1", "name": "item", "props": [ { "name": "label", - "value": "Requirement:" + "value": "(a) Requirement:" } ], - "prose": "Control description should include how DNSSEC is implemented on recursive DNS servers to make DNSSEC requests when resolving DNS requests from internal components to domains external to the CSO boundary.\n\n* If the reply is signed, and fails DNSSEC, do not use the reply\n* If the reply is unsigned: * CSP chooses the policy to apply \n" + "prose": "The service provider develops test plans in accordance with NIST Special Publication 800-34 (as amended); plans are approved by the JAB/AO prior to initiating testing." }, { - "id": "sc-21_fr_smt.2", + "id": "cp-4_fr_smt.1", "name": "item", "props": [ { "name": "label", - "value": "Requirement:" + "value": "(b) Requirement:" } ], - "prose": "Internal recursive DNS servers must be located inside an authorized environment. It is typically within the boundary, or leveraged from an underlying IaaS/PaaS." - }, + "prose": "The service provider must include the Contingency Plan test results with the security package within the Contingency Plan-designated appendix (Appendix G, Contingency Plan Test Report)." + } + ] + } + ] + } + ] + }, + { + "control-id": "cp-7", + "adds": [ + { + "position": "ending", + "by-id": "cp-7_smt", + "parts": [ + { + "id": "cp-7_fr", + "name": "item", + "title": "CP-7 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-21_fr_gdn.1", - "name": "guidance", + "id": "cp-7_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "Accepting an unsigned reply is acceptable" - }, + "prose": "The service provider defines a time period consistent with the recovery time objectives and business impact analysis." + } + ] + } + ] + } + ] + }, + { + "control-id": "cp-7.1", + "adds": [ + { + "position": "ending", + "by-id": "cp-7.1_smt", + "parts": [ + { + "id": "cp-7.1_fr", + "name": "item", + "title": "CP-7 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-21_fr_gdn.2", + "id": "cp-7.1_fr_smt.1", "name": "guidance", "props": [ { @@ -33603,250 +3480,148 @@ "value": "Guidance:" } ], - "prose": "SC-21 applies to use of internal recursive DNS to access a domain outside the boundary by a component inside the boundary.\n\n* DNSSEC resolution to access a component inside the boundary is excluded.\n" + "prose": "The service provider may determine what is considered a sufficient degree of separation between the primary and alternate processing sites, based on the types of threats that are of concern. For one particular type of threat (i.e., hostile cyber attack), the degree of separation between sites will be less relevant." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-21_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-21_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, + } + ] + }, + { + "control-id": "cp-8", + "adds": [ { - "position": "starting", - "by-id": "sc-21", - "props": [ + "position": "ending", + "by-id": "cp-8_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "cp-8_fr", + "name": "item", + "title": "CP-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cp-8_fr_gdn.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider defines a time period consistent with the recovery time objectives and business impact analysis." + } + ] } ] } ] }, { - "control-id": "sc-28", + "control-id": "cp-9", "adds": [ { "position": "ending", - "by-id": "sc-28_smt", + "by-id": "cp-9_smt", "parts": [ { - "id": "sc-28_fr", + "id": "cp-9_fr", "name": "item", - "title": "SC-28 Additional FedRAMP Requirements and Guidance", + "title": "CP-9 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-28_fr_gdn.1", - "name": "guidance", + "id": "cp-9_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "The organization supports the capability to use cryptographic mechanisms to protect information at rest." + "prose": "The service provider shall determine what elements of the cloud environment require the Information System Backup control. The service provider shall determine how Information System Backup is going to be verified and appropriate periodicity of the check." }, { - "id": "sc-28_fr_gdn.2", - "name": "guidance", + "id": "cp-9_fr_smt.2", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + "prose": "The service provider maintains at least three backup copies of user-level information (at least one of which is available online) or provides an equivalent alternative." }, { - "id": "sc-28_fr_gdn.3", - "name": "guidance", + "id": "cp-9_fr_smt.3", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(b) Requirement:" } ], - "prose": "Note that this enhancement requires the use of cryptography in accordance with SC-13." + "prose": "The service provider maintains at least three backup copies of system-level information (at least one of which is available online) or provides an equivalent alternative." + }, + { + "id": "cp-9_fr_smt.4", + "name": "item", + "props": [ + { + "name": "label", + "value": "(c) Requirement:" + } + ], + "prose": "The service provider maintains at least three backup copies of information system documentation including security information (at least one of which is available online) or provides an equivalent alternative." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-28_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-28_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-28", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-28.1", + "control-id": "cp-9.8", "adds": [ { "position": "ending", - "by-id": "sc-28.1_smt", + "by-id": "cp-9.8_smt", "parts": [ { - "id": "sc-28.1_fr", + "id": "cp-9.8_fr", "name": "item", - "title": "SC-28 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "sc-28.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Organizations should select a mode of protection that is targeted towards the relevant threat scenarios.\n\nExamples:\n\nA. Organizations may apply full disk encryption (FDE) to a mobile device where the primary threat is loss of the device while storage is locked.\n\nB. For a database application housing data for a single customer, encryption at the file system level would often provide more protection than FDE against the more likely threat of an intruder on the operating system accessing the storage.\n\nC. For a database application housing data for multiple customers, encryption with unique keys for each customer at the database record level may be more appropriate." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sc-28.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-28.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "title": "CP-9 (8) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cp-9.8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" + } + ] } ] } ] }, { - "control-id": "sc-45.1", + "control-id": "ia-2", "adds": [ { "position": "ending", - "by-id": "sc-45.1_smt", + "by-id": "ia-2_smt", "parts": [ { - "id": "sc-45.1_fr", + "id": "ia-2_fr", "name": "item", - "title": "SC-45(1) Additional FedRAMP Requirements and Guidance", + "title": "IA-2 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-45.1_fr_smt.1", + "id": "ia-2_fr_smt.1", "name": "item", "props": [ { @@ -33854,10 +3629,10 @@ "value": "Requirement:" } ], - "prose": "The service provider selects primary and secondary time servers used by the NIST Internet time service. The secondary server is selected from a different geographic region than the primary server." + "prose": "For all control enhancements that specify multifactor authentication, the implementation must adhere to the Digital Identity Guidelines specified in NIST Special Publication 800-63B." }, { - "id": "sc-45.1_fr_smt.2", + "id": "ia-2_fr_smt.2", "name": "item", "props": [ { @@ -33865,10 +3640,21 @@ "value": "Requirement:" } ], - "prose": "The service provider synchronizes the system clocks of network computers that run operating systems other than Windows to the Windows Server Domain Controller emulator or to the same time source for that server." + "prose": "Multi-factor authentication must be phishing-resistant." }, { - "id": "sc-45.1_fr_gdn.1", + "id": "ia-2_fr_smt.3", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "All uses of encrypted virtual private networks must meet all applicable Federal requirements and architecture, dataflow, and security and privacy controls must be documented, assessed, and authorized to operate." + }, + { + "id": "ia-2_fr_gdn.1", "name": "guidance", "props": [ { @@ -33876,955 +3662,261 @@ "value": "Guidance:" } ], - "prose": "Synchronization of system clocks improves the accuracy of log analysis." + "prose": "\\\"Phishing-resistant\\\" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-45.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-45.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-45.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-45.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-45.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "si-1", - "adds": [ - { - "position": "starting", - "by-id": "si-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "si-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "si-11", - "adds": [ - { - "position": "starting", - "by-id": "si-11_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "si-12", - "adds": [ - { - "position": "starting", - "by-id": "si-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "si-16", - "adds": [ - { - "position": "starting", - "by-id": "si-16_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-16_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "si-2", + "control-id": "ia-2.1", "adds": [ { - "position": "starting", - "by-id": "si-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.d", - "props": [ + "position": "ending", + "by-id": "ia-2.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-2.1_fr", + "name": "item", + "title": "IA-2 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-2.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." + }, + { + "id": "ia-2.1_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Multi-factor authentication must be phishing-resistant." + }, + { + "id": "ia-2.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." + } + ] } ] } ] }, { - "control-id": "si-2.2", + "control-id": "ia-2.2", "adds": [ { - "position": "starting", - "by-id": "si-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2.2_smt", - "props": [ + "position": "ending", + "by-id": "ia-2.2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-2.2_fr", + "name": "item", + "title": "IA-2 (2) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-2.2_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." + }, + { + "id": "ia-2.2_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Multi-factor authentication must be phishing-resistant." + }, + { + "id": "ia-2.2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." + } + ] } ] } ] }, { - "control-id": "si-2.3", + "control-id": "ia-2.6", "adds": [ { - "position": "starting", - "by-id": "si-2.3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2.3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2.3_smt.b", - "props": [ + "position": "ending", + "by-id": "ia-2.6_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-2.6_fr", + "name": "item", + "title": "IA-2 (6) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-2.6_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "PIV=separate device. Please refer to NIST SP 800-157 Guidelines for Derived Personal Identity Verification (PIV) Credentials." + }, + { + "id": "ia-2.6_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See SC-13 Guidance for more information on FIPS-validated or NSA-approved cryptography." + } + ] } ] } ] }, { - "control-id": "si-3", + "control-id": "ia-2.12", "adds": [ { - "position": "starting", - "by-id": "si-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.2-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.2-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.d", - "props": [ + "position": "ending", + "by-id": "ia-2.12_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-2.12_fr", + "name": "item", + "title": "IA-2 (12) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-2.12_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Include Common Access Card (CAC), i.e., the DoD technical implementation of PIV/FIPS 201/HSPD-12." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ia-5", + "adds": [ { - "position": "starting", - "by-id": "si-3", - "props": [ + "position": "ending", + "by-id": "ia-5_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ia-5_fr", + "name": "item", + "title": "IA-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-5_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Authenticators must be compliant with NIST SP 800-63-3 Digital Identity Guidelines IAL, AAL, FAL level 2. Link https://pages.nist.gov/800-63-3" + }, + { + "id": "ia-5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SP 800-63C Section 6.2.3 Encrypted Assertion requires that authentication assertions be encrypted when passed through third parties, such as a browser. For example, a SAML assertion can be encrypted using XML-Encryption, or an OpenID Connect ID Token can be encrypted using JSON Web Encryption (JWE)." + } + ] } ] } ] }, { - "control-id": "si-4", + "control-id": "ia-5.1", "adds": [ { "position": "ending", - "by-id": "si-4_smt", + "by-id": "ia-5.1_smt", "parts": [ { - "id": "si-4_fr", + "id": "ia-5.1_fr", "name": "item", - "title": "SI-4 Additional FedRAMP Requirements and Guidance", + "title": "IA-5 (1) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-4_fr_gdn.1", + "id": "ia-5.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Password policies must be compliant with NIST SP 800-63B for all memorized, lookup, out-of-band, or One-Time-Passwords (OTP). Password policies shall not enforce special character or minimum password rotation requirements for memorized secrets of users." + }, + { + "id": "ia-5.1_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(h) Requirement:" + } + ], + "prose": "For cases where technology doesn\u2019t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." + }, + { + "id": "ia-5.1_fr_gdn.1", "name": "guidance", "props": [ { @@ -34832,695 +3924,485 @@ "value": "Guidance:" } ], - "prose": "See US-CERT Incident Response Reporting Guidelines." + "prose": "Note that (c) and (d) require the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13)." } ] } ] - }, - { - "position": "starting", - "by-id": "si-4_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, + } + ] + }, + { + "control-id": "ia-5.7", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.b", - "props": [ + "position": "ending", + "by-id": "ia-5.7_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-5.7_fr", + "name": "item", + "title": "IA-5 (7) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-5.7_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "In this context, prohibited static storage refers to any storage where unencrypted authenticators, such as passwords, persist beyond the time required to complete the access process." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ia-11", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.c", - "props": [ + "position": "ending", + "by-id": "ia-11_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-11_fr", + "name": "item", + "title": "IA-11 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-11_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The fixed time period cannot exceed the limits set in SP 800-63. At this writing they are:\n\n* AAL2 (moderate baseline) * 12 hours or * 30 minutes of inactivity \n" + } + ] } ] - }, + } + ] + }, + { + "control-id": "ia-12", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.d", - "props": [ + "position": "ending", + "by-id": "ia-12_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-12_fr", + "name": "item", + "title": "IA-12 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-12_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "In accordance with NIST SP 800-63A Enrollment and Identity Proofing" + } + ] } ] - }, + } + ] + }, + { + "control-id": "ia-12.5", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.e", - "props": [ + "position": "ending", + "by-id": "ia-12.5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-12.5_fr", + "name": "item", + "title": "IA-12 (5) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-12.5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "In accordance with NIST SP 800-63A Enrollment and Identity Proofing" + } + ] } ] - }, + } + ] + }, + { + "control-id": "ir-3", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.f", - "props": [ + "position": "ending", + "by-id": "ir-3_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ir-3_fr", + "name": "item", + "title": "IR-3-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider defines tests and/or exercises in accordance with NIST Special Publication 800-61 (as amended). Functional testing must occur prior to testing for initial authorization. Annual functional testing may be concurrent with required penetration tests (see CA-8). The service provider provides test plans to the JAB/AO annually. Test plans are approved and accepted by the JAB/AO prior to test commencing." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ir-4", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.g", - "props": [ + "position": "ending", + "by-id": "ir-4_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ir-4_fr", + "name": "item", + "title": "IR-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-4_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The FISMA definition of \\\"incident\\\" shall be used: \\\"An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.\\\"" + }, + { + "id": "ir-4_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider ensures that individuals conducting incident handling meet personnel security requirements commensurate with the criticality/sensitivity of the information being processed, stored, and transmitted by the information system." + } + ] } ] } ] }, { - "control-id": "si-4.1", + "control-id": "ir-6", "adds": [ { - "position": "starting", - "by-id": "si-4.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.1", - "props": [ + "position": "ending", + "by-id": "ir-6_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ir-6_fr", + "name": "item", + "title": "IR-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-6_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Reports security incident information according to FedRAMP Incident Communications Procedure." + } + ] } ] } ] }, { - "control-id": "si-4.16", + "control-id": "ir-8", "adds": [ { - "position": "starting", - "by-id": "si-4.16_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.16_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.16", - "props": [ + "position": "ending", + "by-id": "ir-8_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ir-8_fr", + "name": "item", + "title": "IR-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-8_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(b) Requirement:" + } + ], + "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." + }, + { + "id": "ir-8_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(d) Requirement:" + } + ], + "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." + } + ] } ] } ] }, { - "control-id": "si-4.18", + "control-id": "ma-5.1", "adds": [ { - "position": "starting", - "by-id": "si-4.18_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.18_smt", - "props": [ + "position": "ending", + "by-id": "ma-5.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ma-5.1_fr", + "name": "item", + "title": "MA-5 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ma-5.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Only MA-5 (1) (a) (1) is required by FedRAMP Moderate Baseline" + } + ] } ] } ] }, { - "control-id": "si-4.2", + "control-id": "mp-3", "adds": [ { - "position": "starting", - "by-id": "si-4.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.2_smt", - "props": [ + "position": "ending", + "by-id": "mp-3_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "mp-3_fr", + "name": "item", + "title": "MP-3 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "mp-3_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b) Guidance:" + } + ], + "prose": "Second parameter not-applicable" + } + ] } ] - }, + } + ] + }, + { + "control-id": "mp-4", + "adds": [ { - "position": "starting", - "by-id": "si-4.2", - "props": [ + "position": "ending", + "by-id": "mp-4_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "mp-4_fr", + "name": "item", + "title": "MP-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "mp-4_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "The service provider defines controlled areas within facilities where the information and information system reside." + } + ] } ] } ] }, { - "control-id": "si-4.23", + "control-id": "mp-5", "adds": [ { - "position": "starting", - "by-id": "si-4.23_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, + "position": "ending", + "by-id": "mp-5_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" + "id": "mp-5_fr", + "name": "item", + "title": "MP-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "mp-5_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "The service provider defines security measures to protect digital and non-digital media in transport. The security measures are approved and accepted by the JAB/AO." + } + ] } ] - }, + } + ] + }, + { + "control-id": "pe-14", + "adds": [ { - "position": "starting", - "by-id": "si-4.23_smt", - "props": [ + "position": "ending", + "by-id": "pe-14_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "pe-14_fr", + "name": "item", + "title": "PE-14 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pe-14_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "The service provider measures temperature at server inlets and humidity levels by dew point." + } + ] } ] - }, + } + ] + }, + { + "control-id": "pl-8", + "adds": [ { - "position": "starting", - "by-id": "si-4.23", - "props": [ + "position": "ending", + "by-id": "pl-8_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "pl-8_fr", + "name": "item", + "title": "PL-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pl-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b) Guidance:" + } + ], + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." + } + ] } ] } ] }, { - "control-id": "si-4.4", + "control-id": "pl-10", "adds": [ { - "position": "starting", - "by-id": "si-4.4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.4_smt.b", - "props": [ + "position": "ending", + "by-id": "pl-10_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "pl-10_fr", + "name": "item", + "title": "PL-10 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pl-10_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Select the appropriate FedRAMP Baseline" + } + ] } ] } ] }, { - "control-id": "si-4.5", + "control-id": "ra-3", "adds": [ { "position": "ending", - "by-id": "si-4.5_smt", + "by-id": "ra-3_smt", "parts": [ { - "id": "si-4.5_fr", + "id": "ra-3_fr", "name": "item", - "title": "SI-4 (5) Additional FedRAMP Requirements and Guidance", + "title": "RA-3 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-4.5_fr_gdn.1", + "id": "ra-3_fr_gdn.1", "name": "guidance", "props": [ { @@ -35528,570 +4410,421 @@ "value": "Guidance:" } ], - "prose": "In accordance with the incident response plan." + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." + }, + { + "id": "ra-3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(e) Requirement:" + } + ], + "prose": "Include all Authorizing Officials; for JAB authorizations to include FedRAMP." } ] } ] - }, - { - "position": "starting", - "by-id": "si-4.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "si-5", + "control-id": "ra-5", "adds": [ { "position": "ending", - "by-id": "si-5_smt", + "by-id": "ra-5_smt", "parts": [ { - "id": "si-5_fr_smt.1", + "id": "ra-5_fr", "name": "item", - "title": "SI-5 Additional FedRAMP Requirements and Guidance", - "props": [ + "title": "RA-5 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "name": "label", - "value": "Requirement:" + "id": "ra-5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See the FedRAMP Documents page> Vulnerability Scanning Requirements https://www.FedRAMP.gov/documents/" + }, + { + "id": "ra-5_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "an accredited independent assessor scans operating systems/infrastructure, web applications, and databases once annually." + }, + { + "id": "ra-5_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(d) Requirement:" + } + ], + "prose": "If a vulnerability is listed among the CISA Known Exploited Vulnerability (KEV) Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) the KEV remediation date supersedes the FedRAMP parameter requirement." + }, + { + "id": "ra-5_fr_smt.3", + "name": "item", + "props": [ + { + "name": "label", + "value": "(e) Requirement:" + } + ], + "prose": "to include all Authorizing Officials; for JAB authorizations to include FedRAMP" + }, + { + "id": "ra-5_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a \u201cwarning\u201d as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on \u201cTracking of Compliance Scans\u201d in FAQs." } - ], - "prose": "Service Providers must address the CISA Emergency and Binding Operational Directives applicable to their cloud service offering per FedRAMP guidance. This includes listing the applicable directives and stating compliance status." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + ] } ] } ] }, { - "control-id": "si-6", + "control-id": "sa-4", "adds": [ { - "position": "starting", - "by-id": "si-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-6_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-6_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-6_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-6", - "props": [ + "position": "ending", + "by-id": "sa-4_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "sa-4_fr", + "name": "item", + "title": "SA-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sa-4_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must comply with Federal Acquisition Regulation (FAR) Subpart 7.103, and Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year 2019 (Pub. L. 115-232), and FAR Subpart 4.21, which implements Section 889 (as well as any added updates related to FISMA to address security concerns in the system acquisitions process)." + }, + { + "id": "sa-4_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The use of Common Criteria (ISO/IEC 15408) evaluated products is strongly preferred.\n\nSee https://www.niap-ccevs.org/Product/index.cfm or https://www.commoncriteriaportal.org/products/." + } + ] } ] } ] }, { - "control-id": "si-7", + "control-id": "sa-10", "adds": [ { - "position": "starting", - "by-id": "si-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-7_smt.b", - "props": [ + "position": "ending", + "by-id": "sa-10_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sa-10_fr", + "name": "item", + "title": "SA-10 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sa-10_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(e) Requirement:" + } + ], + "prose": "track security flaws and flaw resolution within the system, component, or service and report findings to organization-defined personnel, to include FedRAMP." + } + ] } ] - }, + } + ] + }, + { + "control-id": "sa-11.1", + "adds": [ { - "position": "starting", - "by-id": "si-7", - "props": [ + "position": "ending", + "by-id": "sa-11.1_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "sa-11.1_fr", + "name": "item", + "title": "SA-11(1) Additional FedRAMP Requirements", + "parts": [ + { + "id": "sa-11.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must document its methodology for reviewing newly developed code for the Service in its Continuous Monitoring Plan.\n\nIf Static code analysis cannot be performed (for example, when the source code is not available), then dynamic code analysis must be performed (see SA-11 (8))" + } + ] } ] } ] }, { - "control-id": "si-7.1", + "control-id": "sc-7", "adds": [ { - "position": "starting", - "by-id": "si-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, + "position": "ending", + "by-id": "sc-7_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" + "id": "sc-7_fr", + "name": "item", + "title": "SC-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-7_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b) Guidance:" + } + ], + "prose": "SC-7 (b) should be met by subnet isolation. A subnetwork (subnet) is a physically or logically segmented section of a larger network defined at TCP/IP Layer 3, to both minimize traffic and, important for a FedRAMP Authorization, add a crucial layer of network isolation. Subnets are distinct from VLANs (Layer 2), security groups, and VPCs and are specifically required to satisfy SC-7 part b and other controls. See the FedRAMP Subnets White Paper (https://www.fedramp.gov/assets/resources/documents/FedRAMP_subnets_white_paper.pdf) for additional information." + } + ] } ] - }, + } + ] + }, + { + "control-id": "sc-7.5", + "adds": [ { - "position": "starting", - "by-id": "si-7.1_smt", - "props": [ + "position": "ending", + "by-id": "sc-7.5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-7.5_fr", + "name": "item", + "title": "SC-7 (5) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-7.5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For JAB Authorization, CSPs shall include details of this control in their Architecture Briefing" + } + ] } ] - }, + } + ] + }, + { + "control-id": "sc-8", + "adds": [ { - "position": "starting", - "by-id": "si-7.1", - "props": [ + "position": "ending", + "by-id": "sc-8_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "sc-8_fr", + "name": "item", + "title": "SC-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n\n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work \u2013 e.g. log collection, scanning, etc.\n\n\n\n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters\n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information]" + }, + { + "id": "sc-8_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n\n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n\n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS\u2019s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS\u2019 recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n\n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n\n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n\n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf" + } + ] } ] } ] }, { - "control-id": "si-7.7", + "control-id": "sc-8.1", "adds": [ { - "position": "starting", - "by-id": "si-7.7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "sc-8.1_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" + "id": "sc-8.1_fr", + "name": "item", + "title": "SC-8 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-8.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Please ensure SSP Section 10.3 Cryptographic Modules Implemented for Data At Rest (DAR) and Data In Transit (DIT) is fully populated for reference in this control." + }, + { + "id": "sc-8.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See M-22-09, including \\\"Agencies encrypt all DNS requests and HTTP traffic within their environment\\\"\n\nSC-8 (1) applies when encryption has been selected as the method to protect confidentiality and integrity. Otherwise refer to SC-8 (5). SC-8 (1) is strongly encouraged." + }, + { + "id": "sc-8.1_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" + }, + { + "id": "sc-8.1_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When leveraging encryption from the underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + } + ] } ] - }, + } + ] + }, + { + "control-id": "sc-12", + "adds": [ { - "position": "starting", - "by-id": "si-7.7_smt", - "props": [ + "position": "ending", + "by-id": "sc-12_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-12_fr", + "name": "item", + "title": "SC-12 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-12_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See references in NIST 800-53 documentation." + }, + { + "id": "sc-12_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Must meet applicable Federal Cryptographic Requirements. See References Section of control." + }, + { + "id": "sc-12_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Wildcard certificates may be used internally within the system, but are not permitted for external customer access to the system." + } + ] } ] } ] }, { - "control-id": "si-8", + "control-id": "sc-13", "adds": [ { "position": "ending", - "by-id": "si-8_smt", + "by-id": "sc-13_smt", "parts": [ { - "id": "si-8_fr", + "id": "sc-13_fr", "name": "item", - "title": "SI-8 Additional FedRAMP Requirements and Guidance", + "title": "SC-13 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-8_fr_gdn.1", + "id": "sc-13_fr_gdn.1", "name": "guidance", "props": [ { @@ -36099,10 +4832,10 @@ "value": "Guidance:" } ], - "prose": "When CSO sends email on behalf of the government as part of the business offering, Control Description should include implementation of Domain-based Message Authentication, Reporting & Conformance (DMARC) on the sending domain for outgoing messages as described in DHS Binding Operational Directive (BOD) 18-01.\n\nhttps://cyber.dhs.gov/bod/18-01/" + "prose": "This control applies to all use of cryptography. In addition to encryption, this includes functions such as hashing, random number generation, and key generation. Examples include the following:\n\n* Encryption of data\n* Decryption of data\n* Generation of one time passwords (OTPs) for MFA\n* Protocols such as TLS, SSH, and HTTPS\n\n\n\n\nThe requirement for FIPS 140 validation, as well as timelines for acceptance of FIPS 140-2, and 140-3 can be found at the NIST Cryptographic Module Validation Program (CMVP).\n\nhttps://csrc.nist.gov/projects/cryptographic-module-validation-program" }, { - "id": "si-8_fr_gdn.2", + "id": "sc-13_fr_gdn.2", "name": "guidance", "props": [ { @@ -36110,96 +4843,61 @@ "value": "Guidance:" } ], - "prose": "CSPs should confirm DMARC configuration (where appropriate) to ensure that policy=reject and the rua parameter includes reports@dmarc.cyber.dhs.gov. DMARC compliance should be documented in the SI-08 control implementation solution description, and list the FROM: domain(s) that will be seen by email recipients." + "prose": "For NSA-approved cryptography, the National Information Assurance Partnership (NIAP) oversees a national program to evaluate Commercial IT Products for Use in National Security Systems. The NIAP Product Compliant List can be found at the following location:\n\nhttps://www.niap-ccevs.org/Product/index.cfm" + }, + { + "id": "sc-13_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + }, + { + "id": "sc-13_fr_gdn.4", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Moving to non-FIPS CM or product is acceptable when:\n\n* FIPS validated version has a known vulnerability\n* Feature with vulnerability is in use\n* Non-FIPS version fixes the vulnerability\n* Non-FIPS version is submitted to NIST for FIPS validation\n* POA&M is added to track approval, and deployment when ready\n" + }, + { + "id": "sc-13_fr_gdn.5", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "At a minimum, this control applies to cryptography in use for the following controls: AU-9(3), CP-9(8), IA-2(6), IA-5(1), MP-5, SC-8(1), and SC-28(1)." } ] } ] - }, - { - "position": "starting", - "by-id": "si-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "si-10", + "control-id": "sc-15", "adds": [ { "position": "ending", - "by-id": "si-10_smt", + "by-id": "sc-15_smt", "parts": [ { - "id": "si-10_fr", + "id": "sc-15_fr", "name": "item", - "title": "SI-10 Additional FedRAMP Requirements and Guidance", + "title": "SC-15 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-10_fr_smt.1", + "id": "sc-15_fr_smt.1", "name": "item", "props": [ { @@ -36207,748 +4905,414 @@ "value": "Requirement:" } ], - "prose": "Validate all information inputs and document any exceptions" + "prose": "The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use." } ] } ] - }, - { - "position": "starting", - "by-id": "si-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-10", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "si-8.2", - "adds": [ - { - "position": "starting", - "by-id": "si-8.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-8.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "sr-1", + "control-id": "sc-20", "adds": [ { - "position": "starting", - "by-id": "sr-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_smt.c", - "props": [ + "position": "ending", + "by-id": "sc-20_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." + "id": "sc-20_fr", + "name": "item", + "title": "SC-20 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-20_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Control Description should include how DNSSEC is implemented on authoritative DNS servers to supply valid responses to external DNSSEC requests." + }, + { + "id": "sc-20_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SC-20 applies to use of external authoritative DNS to access a CSO from outside the boundary." + }, + { + "id": "sc-20_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "External authoritative DNS servers may be located outside an authorized environment. Positioning these servers inside an authorized boundary is encouraged." + }, + { + "id": "sc-20_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "CSPs are recommended to self-check DNSSEC configuration through one of many available analyzers such as Sandia National Labs (https://dnsviz.net)" + } + ] } ] } ] }, { - "control-id": "sr-10", + "control-id": "sc-21", "adds": [ { - "position": "starting", - "by-id": "sr-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-10_smt", - "props": [ + "position": "ending", + "by-id": "sc-21_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-21_fr", + "name": "item", + "title": "SC-21 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-21_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Control description should include how DNSSEC is implemented on recursive DNS servers to make DNSSEC requests when resolving DNS requests from internal components to domains external to the CSO boundary.\n\n* If the reply is signed, and fails DNSSEC, do not use the reply\n* If the reply is unsigned: * CSP chooses the policy to apply \n" + }, + { + "id": "sc-21_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Internal recursive DNS servers must be located inside an authorized environment. It is typically within the boundary, or leveraged from an underlying IaaS/PaaS." + }, + { + "id": "sc-21_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Accepting an unsigned reply is acceptable" + }, + { + "id": "sc-21_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SC-21 applies to use of internal recursive DNS to access a domain outside the boundary by a component inside the boundary.\n\n* DNSSEC resolution to access a component inside the boundary is excluded.\n" + } + ] } ] } ] }, { - "control-id": "sr-11.1", + "control-id": "sc-28", "adds": [ { - "position": "starting", - "by-id": "sr-11.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11.1_smt", - "props": [ + "position": "ending", + "by-id": "sc-28_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-28_fr", + "name": "item", + "title": "SC-28 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-28_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The organization supports the capability to use cryptographic mechanisms to protect information at rest." + }, + { + "id": "sc-28_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + }, + { + "id": "sc-28_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Note that this enhancement requires the use of cryptography in accordance with SC-13." + } + ] } ] } ] }, { - "control-id": "sr-11.2", + "control-id": "sc-28.1", "adds": [ { - "position": "starting", - "by-id": "sr-11.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11.2_smt", - "props": [ + "position": "ending", + "by-id": "sc-28.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-28.1_fr", + "name": "item", + "title": "SC-28 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-28.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Organizations should select a mode of protection that is targeted towards the relevant threat scenarios.\n\nExamples:\n\nA. Organizations may apply full disk encryption (FDE) to a mobile device where the primary threat is loss of the device while storage is locked.\n\nB. For a database application housing data for a single customer, encryption at the file system level would often provide more protection than FDE against the more likely threat of an intruder on the operating system accessing the storage.\n\nC. For a database application housing data for multiple customers, encryption with unique keys for each customer at the database record level may be more appropriate." + } + ] } ] } ] }, { - "control-id": "sr-12", + "control-id": "sc-45.1", "adds": [ { - "position": "starting", - "by-id": "sr-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-12_smt", - "props": [ + "position": "ending", + "by-id": "sc-45.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-45.1_fr", + "name": "item", + "title": "SC-45(1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-45.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider selects primary and secondary time servers used by the NIST Internet time service. The secondary server is selected from a different geographic region than the primary server." + }, + { + "id": "sc-45.1_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider synchronizes the system clocks of network computers that run operating systems other than Windows to the Windows Server Domain Controller emulator or to the same time source for that server." + }, + { + "id": "sc-45.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Synchronization of system clocks improves the accuracy of log analysis." + } + ] } ] } ] }, { - "control-id": "sr-2", - "adds": [ - { - "position": "starting", - "by-id": "sr-2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, + "control-id": "si-4", + "adds": [ { - "position": "starting", - "by-id": "sr-2_smt.a", - "props": [ + "position": "ending", + "by-id": "si-4_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "si-4_fr", + "name": "item", + "title": "SI-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "si-4_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See US-CERT Incident Response Reporting Guidelines." + } + ] } ] - }, + } + ] + }, + { + "control-id": "si-4.5", + "adds": [ { - "position": "starting", - "by-id": "sr-2_smt.b", - "props": [ + "position": "ending", + "by-id": "si-4.5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "si-4.5_fr", + "name": "item", + "title": "SI-4 (5) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "si-4.5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "In accordance with the incident response plan." + } + ] } ] - }, + } + ] + }, + { + "control-id": "si-5", + "adds": [ { - "position": "starting", - "by-id": "sr-2_smt.c", - "props": [ + "position": "ending", + "by-id": "si-5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "si-5_fr_smt.1", + "name": "item", + "title": "SI-5 Additional FedRAMP Requirements and Guidance", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Service Providers must address the CISA Emergency and Binding Operational Directives applicable to their cloud service offering per FedRAMP guidance. This includes listing the applicable directives and stating compliance status." } ] } ] }, { - "control-id": "sr-2.1", + "control-id": "si-8", "adds": [ { - "position": "starting", - "by-id": "sr-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "si-8_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" + "id": "si-8_fr", + "name": "item", + "title": "SI-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "si-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When CSO sends email on behalf of the government as part of the business offering, Control Description should include implementation of Domain-based Message Authentication, Reporting & Conformance (DMARC) on the sending domain for outgoing messages as described in DHS Binding Operational Directive (BOD) 18-01.\n\nhttps://cyber.dhs.gov/bod/18-01/" + }, + { + "id": "si-8_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "CSPs should confirm DMARC configuration (where appropriate) to ensure that policy=reject and the rua parameter includes reports@dmarc.cyber.dhs.gov. DMARC compliance should be documented in the SI-08 control implementation solution description, and list the FROM: domain(s) that will be seen by email recipients." + } + ] } ] - }, + } + ] + }, + { + "control-id": "si-10", + "adds": [ { - "position": "starting", - "by-id": "sr-2.1_smt", - "props": [ + "position": "ending", + "by-id": "si-10_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "si-10_fr", + "name": "item", + "title": "SI-10 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "si-10_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Validate all information inputs and document any exceptions" + } + ] } ] } @@ -36980,176 +5344,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sr-5", - "adds": [ - { - "position": "starting", - "by-id": "sr-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, @@ -37179,40 +5373,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, @@ -37242,40 +5402,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, @@ -37305,143 +5431,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] } @@ -37475,7 +5464,7 @@ }, { "uuid": "051a77c1-b61d-4995-8275-dacfe688d510", - "title": "NIST Special Publication (SP) 800-53", + "title": "NIST Special Publication (SP) 800-53 revision 5", "props": [ { "name": "version", @@ -37484,8 +5473,8 @@ ], "rlinks": [ { - "href": "https://raw.githubusercontent.com/usnistgov/oscal-content/v1.2.0/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json", - "media-type": "application/json" + "href": "NIST_SP-800-53_rev5_catalog.json", + "media-type": "application/oscal+json" } ] } diff --git a/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline_profile.json b/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline_profile.json index 22433873e..767492d5e 100644 --- a/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline_profile.json +++ b/dist/content/rev5/baselines/json/FedRAMP_rev5_MODERATE-baseline_profile.json @@ -1,11 +1,11 @@ { "profile": { - "uuid": "b3d53132-0160-417a-ae1b-c9da8385d698", + "uuid": "048f1842-3232-4908-b673-41cfa246e465", "metadata": { "title": "FedRAMP Rev 5 Moderate Baseline", "published": "2023-08-31T00:00:00Z", - "last-modified": "2024-01-11T23:40:17Z", - "version": "5.1.1+fedramp-20240111-0", + "last-modified": "2023-12-18T15:21:26Z", + "version": "5.1.1+20231218-1", "oscal-version": "1.1.1", "roles": [ { @@ -1676,7 +1676,7 @@ "param-id": "ps-03.03_odp", "constraints": [ { - "description": "personnel screening criteria - as required by specific information" + "description": "personnel screening criteria – as required by specific information" } ] }, @@ -2323,30327 +2323,673 @@ ], "alters": [ { - "control-id": "ac-1", + "control-id": "ac-2.3", "adds": [ { - "position": "starting", - "by-id": "ac-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-1_smt.c", - "props": [ + "position": "ending", + "by-id": "ac-2.3_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." + "id": "ac-2.3_fr", + "name": "item", + "title": "AC-2 (3) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-2.3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider defines the time period for non-user accounts (e.g., accounts associated with devices). The time periods are approved and accepted by the JAB/AO. Where user management is a function of the service, reports of activity of consumer users shall be made available." + }, + { + "id": "ac-2.3_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(d) Requirement:" + } + ], + "prose": "The service provider defines the time period of inactivity for device identifiers." + }, + { + "id": "ac-2.3_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For DoD clouds, see DoD cloud website for specific DoD requirements that go above and beyond FedRAMP https://public.cyber.mil/dccs/." + } + ] } ] } ] }, { - "control-id": "ac-11", + "control-id": "ac-2.5", "adds": [ { - "position": "starting", - "by-id": "ac-11_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-11_smt.b", - "props": [ + "position": "ending", + "by-id": "ac-2.5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-2.5_fr", + "name": "item", + "title": "AC-2 (5) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-2.5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Should use a shorter timeframe than AC-12." + } + ] } ] } ] }, { - "control-id": "ac-11.1", + "control-id": "ac-2.9", "adds": [ { - "position": "starting", - "by-id": "ac-11.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-11.1_smt", - "props": [ + "position": "ending", + "by-id": "ac-2.9_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-2.9_fr", + "name": "item", + "title": "AC-2 (9) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-2.9_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Required if shared/group accounts are deployed." + } + ] } ] } ] }, { - "control-id": "ac-12", + "control-id": "ac-2.12", "adds": [ { - "position": "starting", - "by-id": "ac-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-12_smt", - "props": [ + "position": "ending", + "by-id": "ac-2.12_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-2.12_fr", + "name": "item", + "title": "AC-2 (12) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-2.12_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "Required for privileged accounts." + }, + { + "id": "ac-2.12_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(b) Requirement:" + } + ], + "prose": "Required for privileged accounts." + } + ] } ] } ] }, { - "control-id": "ac-14", + "control-id": "ac-5", "adds": [ { - "position": "starting", - "by-id": "ac-14_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-14_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-14_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-14_smt.b", - "props": [ + "position": "ending", + "by-id": "ac-5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-5_fr", + "name": "item", + "title": "AC-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "CSPs have the option to provide a separation of duties matrix as an attachment to the SSP." + } + ] } ] } ] }, { - "control-id": "ac-17", + "control-id": "ac-6.2", "adds": [ { - "position": "starting", - "by-id": "ac-17_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-17_smt.b", - "props": [ + "position": "ending", + "by-id": "ac-6.2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-6.2_fr", + "name": "item", + "title": "AC-6 (2) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-6.2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Examples of security functions include but are not limited to: establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters, system programming, system and security administration, other privileged functions." + } + ] } ] } ] }, { - "control-id": "ac-17.1", + "control-id": "ac-7", "adds": [ { - "position": "starting", - "by-id": "ac-17.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.1_smt", - "props": [ + "position": "ending", + "by-id": "ac-7_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-7_fr", + "name": "item", + "title": "AC-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-7_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "In alignment with NIST SP 800-63B" + } + ] } ] } ] }, { - "control-id": "ac-17.2", + "control-id": "ac-8", "adds": [ { - "position": "starting", - "by-id": "ac-17.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.2", - "props": [ + "position": "ending", + "by-id": "ac-8_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ac-8_fr", + "name": "item", + "title": "AC-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-8_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider shall determine elements of the cloud environment that require the System Use Notification control. The elements of the cloud environment that require System Use Notification are approved and accepted by the JAB/AO." + }, + { + "id": "ac-8_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider shall determine how System Use Notification is going to be verified and provide appropriate periodicity of the check. The System Use Notification verification and periodicity are approved and accepted by the JAB/AO." + }, + { + "id": "ac-8_fr_smt.3", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "If not performed as part of a Configuration Baseline check, then there must be documented agreement on how to provide results of verification and the necessary periodicity of the verification by the service provider. The documented agreement on how to provide verification of the results are approved and accepted by the JAB/AO." + }, + { + "id": "ac-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "If performed as part of a Configuration Baseline check, then the % of items requiring setting that are checked and that pass (or fail) check can be provided." + } + ] } ] } ] }, { - "control-id": "ac-17.3", + "control-id": "ac-20", "adds": [ { - "position": "starting", - "by-id": "ac-17.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.3_smt", - "props": [ + "position": "ending", + "by-id": "ac-20_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ac-20_fr", + "name": "item", + "title": "AC-20 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ac-20_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The interrelated controls of AC-20, CA-3, and SA-9 should be differentiated as follows:\n\nAC-20 describes system access to and from external systems.\n\nCA-3 describes documentation of an agreement between the respective system owners when data is exchanged between the CSO and an external system.\n\nSA-9 describes the responsibilities of external system owners. These responsibilities would typically be captured in the agreement required by CA-3." + } + ] } ] } ] }, { - "control-id": "ac-17.4", + "control-id": "au-2", "adds": [ { - "position": "starting", - "by-id": "ac-17.4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-17.4_smt.a", - "props": [ + "position": "ending", + "by-id": "au-2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-2_fr", + "name": "item", + "title": "AU-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-2_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO." + }, + { + "id": "au-2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(e) Guidance:" + } + ], + "prose": "Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO." + } + ] } ] - }, + } + ] + }, + { + "control-id": "au-3.1", + "adds": [ { - "position": "starting", - "by-id": "ac-17.4_smt.b", - "props": [ + "position": "ending", + "by-id": "au-3.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-3.1_fr", + "name": "item", + "title": "AU-3 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-3.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For client-server transactions, the number of bytes sent and received gives bidirectional transfer information that can be helpful during an investigation or inquiry." + } + ] } ] } ] }, { - "control-id": "ac-18", + "control-id": "au-6", "adds": [ { - "position": "starting", - "by-id": "ac-18_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "au-6_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-18_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-6_fr", + "name": "item", + "title": "AU-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-6_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO. In multi-tenant environments, capability and means for providing review, analysis, and reporting to consumer for data pertaining to consumer shall be documented." + } + ] } ] } ] }, { - "control-id": "ac-18.1", + "control-id": "au-11", "adds": [ { - "position": "starting", - "by-id": "ac-18.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18.1_smt", - "props": [ + "position": "ending", + "by-id": "au-11_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "au-11_fr", + "name": "item", + "title": "AU-11 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "au-11_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider retains audit records on-line for at least ninety days and further preserves audit records off-line for a period that is in accordance with NARA requirements." + }, + { + "id": "au-11_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf)" + }, + { + "id": "au-11_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The service provider is encouraged to align with M-21-31 where possible" + } + ] } ] } ] }, { - "control-id": "ac-18.3", + "control-id": "ca-2", "adds": [ { - "position": "starting", - "by-id": "ac-18.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-18.3_smt", - "props": [ + "position": "ending", + "by-id": "ca-2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ca-2_fr", + "name": "item", + "title": "CA-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Reference FedRAMP Annual Assessment Guidance." + } + ] } ] } ] }, { - "control-id": "ac-19", + "control-id": "ca-2.1", "adds": [ { - "position": "starting", - "by-id": "ac-19_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-19_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-19_smt.a", - "props": [ + "position": "ending", + "by-id": "ca-2.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ca-2.1_fr", + "name": "item", + "title": "CA-2 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-2.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "For JAB Authorization, must use an accredited 3PAO." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ca-5", + "adds": [ { - "position": "starting", - "by-id": "ac-19_smt.b", - "props": [ + "position": "ending", + "by-id": "ca-5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ca-5_fr", + "name": "item", + "title": "CA-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-5_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "POA&Ms must be provided at least monthly." + }, + { + "id": "ca-5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Reference FedRAMP-POAM-Template" + } + ] } ] } ] }, { - "control-id": "ac-19.5", + "control-id": "ca-6", "adds": [ { - "position": "starting", - "by-id": "ac-19.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, + "position": "ending", + "by-id": "ca-6_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" + "id": "ca-6_fr", + "name": "item", + "title": "CA-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-6_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(e) Guidance:" + } + ], + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F and according to FedRAMP Significant Change Policies and Procedures. The service provider describes the types of changes to the information system or the environment of operations that would impact the risk posture. The types of changes are approved and accepted by the JAB/AO." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ca-7", + "adds": [ { - "position": "starting", - "by-id": "ac-19.5_smt", - "props": [ + "position": "ending", + "by-id": "ca-7_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ca-7_fr", + "name": "item", + "title": "CA-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ca-7_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Operating System, Database, Web Application, Container, and Service Configuration Scans: at least monthly. All scans performed by Independent Assessor: at least annually." + }, + { + "id": "ca-7_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "CSOs with more than one agency ATO must implement a collaborative Continuous Monitoring (Con Mon) approach described in the FedRAMP Guide for Multi-Agency Continuous Monitoring. This requirement applies to CSPs authorized via the Agency path as each agency customer is responsible for performing Con Mon oversight. It does not apply to CSPs authorized via the JAB path because the JAB performs Con Mon oversight." + }, + { + "id": "ca-7_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "FedRAMP does not provide a template for the Continuous Monitoring Plan. CSPs should reference the FedRAMP Continuous Monitoring Strategy Guide when developing the Continuous Monitoring Plan." + } + ] } ] } ] }, { - "control-id": "ac-2", - "adds": [ - { - "position": "starting", - "by-id": "ac-2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.i.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.i.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.i.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.j", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.k-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.k-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_obj.l", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.j", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.k", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2_smt.l", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.1", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.13", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.13_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.13_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.13", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.2", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.3", - "adds": [ - { - "position": "ending", - "by-id": "ac-2.3_smt", - "parts": [ - { - "id": "ac-2.3_fr", - "name": "item", - "title": "AC-2 (3) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-2.3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider defines the time period for non-user accounts (e.g., accounts associated with devices). The time periods are approved and accepted by the JAB/AO. Where user management is a function of the service, reports of activity of consumer users shall be made available." - }, - { - "id": "ac-2.3_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(d) Requirement:" - } - ], - "prose": "The service provider defines the time period of inactivity for device identifiers." - }, - { - "id": "ac-2.3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "For DoD clouds, see DoD cloud website for specific DoD requirements that go above and beyond FedRAMP https://public.cyber.mil/dccs/." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.4", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.5", - "adds": [ - { - "position": "ending", - "by-id": "ac-2.5_smt", - "parts": [ - { - "id": "ac-2.5_fr", - "name": "item", - "title": "AC-2 (5) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-2.5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Should use a shorter timeframe than AC-12." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.7", - "adds": [ - { - "position": "starting", - "by-id": "ac-2.7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.9", - "adds": [ - { - "position": "ending", - "by-id": "ac-2.9_smt", - "parts": [ - { - "id": "ac-2.9_fr", - "name": "item", - "title": "AC-2 (9) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-2.9_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Required if shared/group accounts are deployed." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.9", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-2.12", - "adds": [ - { - "position": "ending", - "by-id": "ac-2.12_smt", - "parts": [ - { - "id": "ac-2.12_fr", - "name": "item", - "title": "AC-2 (12) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-2.12_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "Required for privileged accounts." - }, - { - "id": "ac-2.12_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "Required for privileged accounts." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-2.12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-20.1", - "adds": [ - { - "position": "starting", - "by-id": "ac-20.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-20.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-20.2", - "adds": [ - { - "position": "starting", - "by-id": "ac-20.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-21", - "adds": [ - { - "position": "starting", - "by-id": "ac-21_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-21_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-21_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-21_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-22", - "adds": [ - { - "position": "starting", - "by-id": "ac-22_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-22_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-3", - "adds": [ - { - "position": "starting", - "by-id": "ac-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-4", - "adds": [ - { - "position": "starting", - "by-id": "ac-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-4.21", - "adds": [ - { - "position": "starting", - "by-id": "ac-4.21_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-4.21_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-5", - "adds": [ - { - "position": "ending", - "by-id": "ac-5_smt", - "parts": [ - { - "id": "ac-5_fr", - "name": "item", - "title": "AC-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "CSPs have the option to provide a separation of duties matrix as an attachment to the SSP." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-6", - "adds": [ - { - "position": "starting", - "by-id": "ac-6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.1", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-6.10", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.10", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.2", - "adds": [ - { - "position": "ending", - "by-id": "ac-6.2_smt", - "parts": [ - { - "id": "ac-6.2_fr", - "name": "item", - "title": "AC-6 (2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-6.2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Examples of security functions include but are not limited to: establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters, system programming, system and security administration, other privileged functions." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.5", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ac-6.7", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-6.9", - "adds": [ - { - "position": "starting", - "by-id": "ac-6.9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-6.9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-7", - "adds": [ - { - "position": "ending", - "by-id": "ac-7_smt", - "parts": [ - { - "id": "ac-7_fr", - "name": "item", - "title": "AC-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "In alignment with NIST SP 800-63B" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-8", - "adds": [ - { - "position": "ending", - "by-id": "ac-8_smt", - "parts": [ - { - "id": "ac-8_fr", - "name": "item", - "title": "AC-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider shall determine elements of the cloud environment that require the System Use Notification control. The elements of the cloud environment that require System Use Notification are approved and accepted by the JAB/AO." - }, - { - "id": "ac-8_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider shall determine how System Use Notification is going to be verified and provide appropriate periodicity of the check. The System Use Notification verification and periodicity are approved and accepted by the JAB/AO." - }, - { - "id": "ac-8_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "If not performed as part of a Configuration Baseline check, then there must be documented agreement on how to provide results of verification and the necessary periodicity of the verification by the service provider. The documented agreement on how to provide verification of the results are approved and accepted by the JAB/AO." - }, - { - "id": "ac-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "If performed as part of a Configuration Baseline check, then the % of items requiring setting that are checked and that pass (or fail) check can be provided." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ac-20", - "adds": [ - { - "position": "ending", - "by-id": "ac-20_smt", - "parts": [ - { - "id": "ac-20_fr", - "name": "item", - "title": "AC-20 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ac-20_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The interrelated controls of AC-20, CA-3, and SA-9 should be differentiated as follows:\n\nAC-20 describes system access to and from external systems.\n\nCA-3 describes documentation of an agreement between the respective system owners when data is exchanged between the CSO and an external system.\n\nSA-9 describes the responsibilities of external system owners. These responsibilities would typically be captured in the agreement required by CA-3." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ac-20_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-1", - "adds": [ - { - "position": "starting", - "by-id": "at-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "at-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "at-2", - "adds": [ - { - "position": "starting", - "by-id": "at-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.1-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.1-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-2.2", - "adds": [ - { - "position": "starting", - "by-id": "at-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-2.3", - "adds": [ - { - "position": "starting", - "by-id": "at-2.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-2.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-3", - "adds": [ - { - "position": "starting", - "by-id": "at-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "at-4", - "adds": [ - { - "position": "starting", - "by-id": "at-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "at-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "at-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-1", - "adds": [ - { - "position": "starting", - "by-id": "au-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "au-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "au-12", - "adds": [ - { - "position": "starting", - "by-id": "au-12_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-12_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-2", - "adds": [ - { - "position": "ending", - "by-id": "au-2_smt", - "parts": [ - { - "id": "au-2_fr", - "name": "item", - "title": "AU-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO." - }, - { - "id": "au-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(e) Guidance:" - } - ], - "prose": "Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-3", - "adds": [ - { - "position": "starting", - "by-id": "au-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-3.1", - "adds": [ - { - "position": "ending", - "by-id": "au-3.1_smt", - "parts": [ - { - "id": "au-3.1_fr", - "name": "item", - "title": "AU-3 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-3.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "For client-server transactions, the number of bytes sent and received gives bidirectional transfer information that can be helpful during an investigation or inquiry." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-3.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-3.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-3.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-4", - "adds": [ - { - "position": "starting", - "by-id": "au-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-5", - "adds": [ - { - "position": "starting", - "by-id": "au-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6", - "adds": [ - { - "position": "ending", - "by-id": "au-6_smt", - "parts": [ - { - "id": "au-6_fr", - "name": "item", - "title": "AU-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Coordination between service provider and consumer shall be documented and accepted by the JAB/AO. In multi-tenant environments, capability and means for providing review, analysis, and reporting to consumer for data pertaining to consumer shall be documented." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-11", - "adds": [ - { - "position": "ending", - "by-id": "au-11_smt", - "parts": [ - { - "id": "au-11_fr", - "name": "item", - "title": "AU-11 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "au-11_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider retains audit records on-line for at least ninety days and further preserves audit records off-line for a period that is in accordance with NARA requirements." - }, - { - "id": "au-11_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf)" - }, - { - "id": "au-11_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The service provider is encouraged to align with M-21-31 where possible" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "au-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-11", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6.1", - "adds": [ - { - "position": "starting", - "by-id": "au-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-6.3", - "adds": [ - { - "position": "starting", - "by-id": "au-6.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-6.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-6.3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-7", - "adds": [ - { - "position": "starting", - "by-id": "au-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-7.1", - "adds": [ - { - "position": "starting", - "by-id": "au-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-7.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-8", - "adds": [ - { - "position": "starting", - "by-id": "au-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "au-9", - "adds": [ - { - "position": "starting", - "by-id": "au-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "au-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "au-9.4", - "adds": [ - { - "position": "starting", - "by-id": "au-9.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "au-9.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-1", - "adds": [ - { - "position": "starting", - "by-id": "ca-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ca-2", - "adds": [ - { - "position": "ending", - "by-id": "ca-2_smt", - "parts": [ - { - "id": "ca-2_fr", - "name": "item", - "title": "CA-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Reference FedRAMP Annual Assessment Guidance." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.b.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-2.1", - "adds": [ - { - "position": "ending", - "by-id": "ca-2.1_smt", - "parts": [ - { - "id": "ca-2.1_fr", - "name": "item", - "title": "CA-2 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-2.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "For JAB Authorization, must use an accredited 3PAO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-2.3", - "adds": [ - { - "position": "starting", - "by-id": "ca-2.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-2.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-3", - "adds": [ - { - "position": "starting", - "by-id": "ca-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-5", - "adds": [ - { - "position": "ending", - "by-id": "ca-5_smt", - "parts": [ - { - "id": "ca-5_fr", - "name": "item", - "title": "CA-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "POA&Ms must be provided at least monthly." - }, - { - "id": "ca-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Reference FedRAMP-POAM-Template" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-6", - "adds": [ - { - "position": "ending", - "by-id": "ca-6_smt", - "parts": [ - { - "id": "ca-6_fr", - "name": "item", - "title": "CA-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-6_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(e) Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F and according to FedRAMP Significant Change Policies and Procedures. The service provider describes the types of changes to the information system or the environment of operations that would impact the risk posture. The types of changes are approved and accepted by the JAB/AO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-6_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-7", - "adds": [ - { - "position": "ending", - "by-id": "ca-7_smt", - "parts": [ - { - "id": "ca-7_fr", - "name": "item", - "title": "CA-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Operating System, Database, Web Application, Container, and Service Configuration Scans: at least monthly. All scans performed by Independent Assessor: at least annually." - }, - { - "id": "ca-7_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "CSOs with more than one agency ATO must implement a collaborative Continuous Monitoring (Con Mon) approach described in the FedRAMP Guide for Multi-Agency Continuous Monitoring. This requirement applies to CSPs authorized via the Agency path as each agency customer is responsible for performing Con Mon oversight. It does not apply to CSPs authorized via the JAB path because the JAB performs Con Mon oversight." - }, - { - "id": "ca-7_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "FedRAMP does not provide a template for the Continuous Monitoring Plan. CSPs should reference the FedRAMP Continuous Monitoring Strategy Guide when developing the Continuous Monitoring Plan." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-7.1", - "adds": [ - { - "position": "starting", - "by-id": "ca-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-7.4", - "adds": [ - { - "position": "starting", - "by-id": "ca-7.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-7.4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-8", - "adds": [ - { - "position": "ending", - "by-id": "ca-8_smt", - "parts": [ - { - "id": "ca-8_fr", - "name": "item", - "title": "CA-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Reference the FedRAMP Penetration Test Guidance." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-8.1", - "adds": [ - { - "position": "starting", - "by-id": "ca-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ca-8.2", - "adds": [ - { - "position": "ending", - "by-id": "ca-8.2_smt", - "parts": [ - { - "id": "ca-8.2_fr", - "name": "item", - "title": "CA-8(2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ca-8.2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See the FedRAMP Documents page> Penetration Test Guidance\n\nhttps://www.FedRAMP.gov/documents/" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ca-8.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-8.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-8.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ca-9", - "adds": [ - { - "position": "starting", - "by-id": "ca-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ca-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-1", - "adds": [ - { - "position": "starting", - "by-id": "cm-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "cm-10", - "adds": [ - { - "position": "starting", - "by-id": "cm-10_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-10_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-11", - "adds": [ - { - "position": "starting", - "by-id": "cm-11_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-11_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-2", - "adds": [ - { - "position": "ending", - "by-id": "cm-2_smt", - "parts": [ - { - "id": "cm-2_fr", - "name": "item", - "title": "CM-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(b) (1) Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_obj.b.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-2.2", - "adds": [ - { - "position": "starting", - "by-id": "cm-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-2.3", - "adds": [ - { - "position": "starting", - "by-id": "cm-2.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-2.7", - "adds": [ - { - "position": "starting", - "by-id": "cm-2.7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-2.7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-3", - "adds": [ - { - "position": "ending", - "by-id": "cm-3_smt", - "parts": [ - { - "id": "cm-3_fr", - "name": "item", - "title": "CM-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider establishes a central means of communicating major changes to or developments in the information system or environment of operations that may affect its services to the federal government and associated service consumers (e.g., electronic bulletin board, web status page). The means of communication are approved and accepted by the JAB/AO." - }, - { - "id": "cm-3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(e) Guidance:" - } - ], - "prose": "In accordance with record retention policies and procedures." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.g-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_obj.g-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-3_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-3.2", - "adds": [ - { - "position": "starting", - "by-id": "cm-3.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-3.4", - "adds": [ - { - "position": "starting", - "by-id": "cm-3.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-3.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-4", - "adds": [ - { - "position": "starting", - "by-id": "cm-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-4.2", - "adds": [ - { - "position": "starting", - "by-id": "cm-4.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-4.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-5", - "adds": [ - { - "position": "starting", - "by-id": "cm-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-5.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-5.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-5.5", - "adds": [ - { - "position": "starting", - "by-id": "cm-5.5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-5.5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-6", - "adds": [ - { - "position": "ending", - "by-id": "cm-6_smt", - "parts": [ - { - "id": "cm-6_fr", - "name": "item", - "title": "CM-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement 1:" - } - ], - "prose": "The service provider shall use the DoD STIGs to establish configuration settings; Center for Internet Security up to Level 2 (CIS Level 2) guidelines shall be used if STIGs are not available; Custom baselines shall be used if CIS is not available." - }, - { - "id": "cm-6_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement 2:" - } - ], - "prose": "The service provider shall ensure that checklists for configuration settings are Security Content Automation Protocol (SCAP) validated or SCAP compatible (if validated checklists are not available)." - }, - { - "id": "cm-6_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP's Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-6.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-6.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-7", - "adds": [ - { - "position": "ending", - "by-id": "cm-7_smt", - "parts": [ - { - "id": "cm-7_fr", - "name": "item", - "title": "CM-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider shall use Security guidelines (See CM-6) to establish list of prohibited or restricted functions, ports, protocols, and/or services or establishes its own list of prohibited or restricted functions, ports, protocols, and/or services if STIGs or CIS is not available." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-7.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-7.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-7.2", - "adds": [ - { - "position": "ending", - "by-id": "cm-7.2_smt", - "parts": [ - { - "id": "cm-7.2_fr", - "name": "item", - "title": "CM-7 (2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-7.2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "This control refers to software deployment by CSP personnel into the production environment. The control requires a policy that states conditions for deploying software. This control shall be implemented in a technical manner on the information system to only allow programs to run that adhere to the policy (i.e. allow-listing). This control is not to be based off of strictly written policy on what is allowed or not allowed to run." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-7.5", - "adds": [ - { - "position": "starting", - "by-id": "cm-7.5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-7.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-8", - "adds": [ - { - "position": "ending", - "by-id": "cm-8_smt", - "parts": [ - { - "id": "cm-8_fr", - "name": "item", - "title": "CM-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "must be provided at least monthly or when there is a change." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cm-8.1", - "adds": [ - { - "position": "starting", - "by-id": "cm-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-8.3", - "adds": [ - { - "position": "starting", - "by-id": "cm-8.3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-8.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-9", - "adds": [ - { - "position": "ending", - "by-id": "cm-9_smt", - "parts": [ - { - "id": "cm-9_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "FedRAMP does not provide a template for the Configuration Management Plan. However, NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems, provides guidelines for the implementation of CM controls as well as a sample CMP outline in Appendix D of the Guide" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-9_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-12", - "adds": [ - { - "position": "ending", - "by-id": "cm-12_smt", - "parts": [ - { - "id": "cm-12_fr", - "name": "item", - "title": "CM-12 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-12_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to FedRAMP Authorization Boundary Guidance" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cm-12_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cm-12.1", - "adds": [ - { - "position": "ending", - "by-id": "cm-12.1_smt", - "parts": [ - { - "id": "cm-12.1_fr", - "name": "item", - "title": "CM-12 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cm-12.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to FedRAMP Authorization Boundary Guidance." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cm-12.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cm-12.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-1", - "adds": [ - { - "position": "starting", - "by-id": "cp-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "cp-10", - "adds": [ - { - "position": "starting", - "by-id": "cp-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-10.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-10.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-10.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2", - "adds": [ - { - "position": "ending", - "by-id": "cp-2_smt", - "parts": [ - { - "id": "cp-2_fr", - "name": "item", - "title": "CP-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "For JAB authorizations the contingency lists include designated FedRAMP personnel." - }, - { - "id": "cp-2_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "CSPs must use the FedRAMP Information System Contingency Plan (ISCP) Template (available on the fedramp.gov: https://www.fedramp.gov/assets/resources/templates/SSP-A06-FedRAMP-ISCP-Template.docx)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.a.7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.e-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.e-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-2_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2.3", - "adds": [ - { - "position": "starting", - "by-id": "cp-2.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-2.8", - "adds": [ - { - "position": "starting", - "by-id": "cp-2.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-2.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-3", - "adds": [ - { - "position": "ending", - "by-id": "cp-3_smt", - "parts": [ - { - "id": "cp-3_fr", - "name": "item", - "title": "CP-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "Privileged admins and engineers must take the basic contingency training within 10 days. Consideration must be given for those privileged admins and engineers with critical contingency-related roles, to gain enough system context and situational awareness to understand the full impact of contingency training as it applies to their respective level. Newly hired critical contingency personnel must take this more in-depth training within 60 days of hire date when the training will have more impact." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-4", - "adds": [ - { - "position": "ending", - "by-id": "cp-4_smt", - "parts": [ - { - "id": "cp-4_fr", - "name": "item", - "title": "CP-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider develops test plans in accordance with NIST Special Publication 800-34 (as amended); plans are approved by the JAB/AO prior to initiating testing." - }, - { - "id": "cp-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider must include the Contingency Plan test results with the security package within the Contingency Plan-designated appendix (Appendix G, Contingency Plan Test Report)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "cp-4.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-4.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-4.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-6", - "adds": [ - { - "position": "starting", - "by-id": "cp-6_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-6.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-6.3", - "adds": [ - { - "position": "starting", - "by-id": "cp-6.3_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6.3_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-6.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-7", - "adds": [ - { - "position": "ending", - "by-id": "cp-7_smt", - "parts": [ - { - "id": "cp-7_fr", - "name": "item", - "title": "CP-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-7_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider defines a time period consistent with the recovery time objectives and business impact analysis." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-7.1", - "adds": [ - { - "position": "ending", - "by-id": "cp-7.1_smt", - "parts": [ - { - "id": "cp-7.1_fr", - "name": "item", - "title": "CP-7 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-7.1_fr_smt.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The service provider may determine what is considered a sufficient degree of separation between the primary and alternate processing sites, based on the types of threats that are of concern. For one particular type of threat (i.e., hostile cyber attack), the degree of separation between sites will be less relevant." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-7.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-7.2_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.2_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-7.3", - "adds": [ - { - "position": "starting", - "by-id": "cp-7.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-7.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-8", - "adds": [ - { - "position": "ending", - "by-id": "cp-8_smt", - "parts": [ - { - "id": "cp-8_fr", - "name": "item", - "title": "CP-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-8_fr_gdn.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider defines a time period consistent with the recovery time objectives and business impact analysis." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-8.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-8.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-8.2", - "adds": [ - { - "position": "starting", - "by-id": "cp-8.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-8.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-9", - "adds": [ - { - "position": "ending", - "by-id": "cp-9_smt", - "parts": [ - { - "id": "cp-9_fr", - "name": "item", - "title": "CP-9 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-9_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider shall determine what elements of the cloud environment require the Information System Backup control. The service provider shall determine how Information System Backup is going to be verified and appropriate periodicity of the check." - }, - { - "id": "cp-9_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider maintains at least three backup copies of user-level information (at least one of which is available online) or provides an equivalent alternative." - }, - { - "id": "cp-9_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider maintains at least three backup copies of system-level information (at least one of which is available online) or provides an equivalent alternative." - }, - { - "id": "cp-9_fr_smt.4", - "name": "item", - "props": [ - { - "name": "label", - "value": "(c) Requirement:" - } - ], - "prose": "The service provider maintains at least three backup copies of information system documentation including security information (at least one of which is available online) or provides an equivalent alternative." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "cp-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-9.1", - "adds": [ - { - "position": "starting", - "by-id": "cp-9.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "cp-9.8", - "adds": [ - { - "position": "ending", - "by-id": "cp-9.8_smt", - "parts": [ - { - "id": "cp-9.8_fr", - "name": "item", - "title": "CP-9 (8) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "cp-9.8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "cp-9.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-1", - "adds": [ - { - "position": "starting", - "by-id": "ia-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ia-12.2", - "adds": [ - { - "position": "starting", - "by-id": "ia-12.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-12.3", - "adds": [ - { - "position": "starting", - "by-id": "ia-12.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-2", - "adds": [ - { - "position": "ending", - "by-id": "ia-2_smt", - "parts": [ - { - "id": "ia-2_fr", - "name": "item", - "title": "IA-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "For all control enhancements that specify multifactor authentication, the implementation must adhere to the Digital Identity Guidelines specified in NIST Special Publication 800-63B." - }, - { - "id": "ia-2_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Multi-factor authentication must be phishing-resistant." - }, - { - "id": "ia-2_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "All uses of encrypted virtual private networks must meet all applicable Federal requirements and architecture, dataflow, and security and privacy controls must be documented, assessed, and authorized to operate." - }, - { - "id": "ia-2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "\\\"Phishing-resistant\\\" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.1", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.1_smt", - "parts": [ - { - "id": "ia-2.1_fr", - "name": "item", - "title": "IA-2 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." - }, - { - "id": "ia-2.1_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Multi-factor authentication must be phishing-resistant." - }, - { - "id": "ia-2.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.2", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.2_smt", - "parts": [ - { - "id": "ia-2.2_fr", - "name": "item", - "title": "IA-2 (2) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.2_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." - }, - { - "id": "ia-2.2_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Multi-factor authentication must be phishing-resistant." - }, - { - "id": "ia-2.2_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.5", - "adds": [ - { - "position": "starting", - "by-id": "ia-2.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.6", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.6_smt", - "parts": [ - { - "id": "ia-2.6_fr", - "name": "item", - "title": "IA-2 (6) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.6_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "PIV=separate device. Please refer to NIST SP 800-157 Guidelines for Derived Personal Identity Verification (PIV) Credentials." - }, - { - "id": "ia-2.6_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See SC-13 Guidance for more information on FIPS-validated or NSA-approved cryptography." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.6", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.12", - "adds": [ - { - "position": "ending", - "by-id": "ia-2.12_smt", - "parts": [ - { - "id": "ia-2.12_fr", - "name": "item", - "title": "IA-2 (12) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-2.12_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Include Common Access Card (CAC), i.e., the DoD technical implementation of PIV/FIPS 201/HSPD-12." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-2.8", - "adds": [ - { - "position": "starting", - "by-id": "ia-2.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-2.8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-3", - "adds": [ - { - "position": "starting", - "by-id": "ia-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-4", - "adds": [ - { - "position": "starting", - "by-id": "ia-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-4.4", - "adds": [ - { - "position": "starting", - "by-id": "ia-4.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-4.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5", - "adds": [ - { - "position": "ending", - "by-id": "ia-5_smt", - "parts": [ - { - "id": "ia-5_fr", - "name": "item", - "title": "IA-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Authenticators must be compliant with NIST SP 800-63-3 Digital Identity Guidelines IAL, AAL, FAL level 2. Link https://pages.nist.gov/800-63-3" - }, - { - "id": "ia-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "SP 800-63C Section 6.2.3 Encrypted Assertion requires that authentication assertions be encrypted when passed through third parties, such as a browser. For example, a SAML assertion can be encrypted using XML-Encryption, or an OpenID Connect ID Token can be encrypted using JSON Web Encryption (JWE)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.h-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.h-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_obj.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5_smt.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ia-5.1", - "adds": [ - { - "position": "ending", - "by-id": "ia-5.1_smt", - "parts": [ - { - "id": "ia-5.1_fr", - "name": "item", - "title": "IA-5 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Password policies must be compliant with NIST SP 800-63B for all memorized, lookup, out-of-band, or One-Time-Passwords (OTP). Password policies shall not enforce special character or minimum password rotation requirements for memorized secrets of users." - }, - { - "id": "ia-5.1_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(h) Requirement:" - } - ], - "prose": "For cases where technology doesn't allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." - }, - { - "id": "ia-5.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Note that (c) and (d) require the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13)." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.1_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5.2", - "adds": [ - { - "position": "starting", - "by-id": "ia-5.2_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5.6", - "adds": [ - { - "position": "starting", - "by-id": "ia-5.6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-5.7", - "adds": [ - { - "position": "ending", - "by-id": "ia-5.7_smt", - "parts": [ - { - "id": "ia-5.7_fr", - "name": "item", - "title": "IA-5 (7) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-5.7_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "In this context, prohibited static storage refers to any storage where unencrypted authenticators, such as passwords, persist beyond the time required to complete the access process." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-5.7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-11", - "adds": [ - { - "position": "ending", - "by-id": "ia-11_smt", - "parts": [ - { - "id": "ia-11_fr", - "name": "item", - "title": "IA-11 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-11_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The fixed time period cannot exceed the limits set in SP 800-63. At this writing they are:\n\n* AAL2 (moderate baseline) * 12 hours or * 30 minutes of inactivity \n" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-12", - "adds": [ - { - "position": "ending", - "by-id": "ia-12_smt", - "parts": [ - { - "id": "ia-12_fr", - "name": "item", - "title": "IA-12 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-12_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "In accordance with NIST SP 800-63A Enrollment and Identity Proofing" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-12_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-12.5", - "adds": [ - { - "position": "ending", - "by-id": "ia-12.5_smt", - "parts": [ - { - "id": "ia-12.5_fr", - "name": "item", - "title": "IA-12 (5) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ia-12.5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "In accordance with NIST SP 800-63A Enrollment and Identity Proofing" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ia-12.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-12.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-6", - "adds": [ - { - "position": "starting", - "by-id": "ia-6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-7", - "adds": [ - { - "position": "starting", - "by-id": "ia-7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8", - "adds": [ - { - "position": "starting", - "by-id": "ia-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8.1", - "adds": [ - { - "position": "starting", - "by-id": "ia-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8.2", - "adds": [ - { - "position": "starting", - "by-id": "ia-8.2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ia-8.4", - "adds": [ - { - "position": "starting", - "by-id": "ia-8.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ia-8.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-1", - "adds": [ - { - "position": "starting", - "by-id": "ir-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ir-2", - "adds": [ - { - "position": "starting", - "by-id": "ir-2_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-3", - "adds": [ - { - "position": "ending", - "by-id": "ir-3_smt", - "parts": [ - { - "id": "ir-3_fr", - "name": "item", - "title": "IR-3-2 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider defines tests and/or exercises in accordance with NIST Special Publication 800-61 (as amended). Functional testing must occur prior to testing for initial authorization. Annual functional testing may be concurrent with required penetration tests (see CA-8). The service provider provides test plans to the JAB/AO annually. Test plans are approved and accepted by the JAB/AO prior to test commencing." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-3.2", - "adds": [ - { - "position": "starting", - "by-id": "ir-3.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-3.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-4", - "adds": [ - { - "position": "ending", - "by-id": "ir-4_smt", - "parts": [ - { - "id": "ir-4_fr", - "name": "item", - "title": "IR-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The FISMA definition of \\\"incident\\\" shall be used: \\\"An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.\\\"" - }, - { - "id": "ir-4_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider ensures that individuals conducting incident handling meet personnel security requirements commensurate with the criticality/sensitivity of the information being processed, stored, and transmitted by the information system." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-4.1", - "adds": [ - { - "position": "starting", - "by-id": "ir-4.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-4.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ir-5", - "adds": [ - { - "position": "starting", - "by-id": "ir-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-6", - "adds": [ - { - "position": "ending", - "by-id": "ir-6_smt", - "parts": [ - { - "id": "ir-6_fr", - "name": "item", - "title": "IR-6 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-6_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Reports security incident information according to FedRAMP Incident Communications Procedure." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-6.1", - "adds": [ - { - "position": "starting", - "by-id": "ir-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-6.3", - "adds": [ - { - "position": "starting", - "by-id": "ir-6.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-6.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-7", - "adds": [ - { - "position": "starting", - "by-id": "ir-7_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-7_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-7.1", - "adds": [ - { - "position": "starting", - "by-id": "ir-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-7.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-8", - "adds": [ - { - "position": "ending", - "by-id": "ir-8_smt", - "parts": [ - { - "id": "ir-8_fr", - "name": "item", - "title": "IR-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ir-8_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(b) Requirement:" - } - ], - "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." - }, - { - "id": "ir-8_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(d) Requirement:" - } - ], - "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.a.10", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-8_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-9", - "adds": [ - { - "position": "starting", - "by-id": "ir-9_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ir-9_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-9.2", - "adds": [ - { - "position": "starting", - "by-id": "ir-9.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-9.3", - "adds": [ - { - "position": "starting", - "by-id": "ir-9.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ir-9.4", - "adds": [ - { - "position": "starting", - "by-id": "ir-9.4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ir-9.4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-1", - "adds": [ - { - "position": "starting", - "by-id": "ma-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ma-2", - "adds": [ - { - "position": "starting", - "by-id": "ma-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-2_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-3", - "adds": [ - { - "position": "starting", - "by-id": "ma-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-3.1", - "adds": [ - { - "position": "starting", - "by-id": "ma-3.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-3.2", - "adds": [ - { - "position": "starting", - "by-id": "ma-3.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ma-3.3", - "adds": [ - { - "position": "starting", - "by-id": "ma-3.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-3.3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-4", - "adds": [ - { - "position": "starting", - "by-id": "ma-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-5", - "adds": [ - { - "position": "starting", - "by-id": "ma-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-5.1", - "adds": [ - { - "position": "ending", - "by-id": "ma-5.1_smt", - "parts": [ - { - "id": "ma-5.1_fr", - "name": "item", - "title": "MA-5 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ma-5.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Only MA-5 (1) (a) (1) is required by FedRAMP Moderate Baseline" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ma-5.1_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5.1_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-5.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ma-5.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ma-6", - "adds": [ - { - "position": "starting", - "by-id": "ma-6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ma-6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-1", - "adds": [ - { - "position": "starting", - "by-id": "mp-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "mp-2", - "adds": [ - { - "position": "starting", - "by-id": "mp-2_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-2_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-3", - "adds": [ - { - "position": "ending", - "by-id": "mp-3_smt", - "parts": [ - { - "id": "mp-3_fr", - "name": "item", - "title": "MP-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "mp-3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(b) Guidance:" - } - ], - "prose": "Second parameter not-applicable" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "mp-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-4", - "adds": [ - { - "position": "ending", - "by-id": "mp-4_smt", - "parts": [ - { - "id": "mp-4_fr", - "name": "item", - "title": "MP-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "mp-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider defines controlled areas within facilities where the information and information system reside." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-5", - "adds": [ - { - "position": "ending", - "by-id": "mp-5_smt", - "parts": [ - { - "id": "mp-5_fr", - "name": "item", - "title": "MP-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "mp-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider defines security measures to protect digital and non-digital media in transport. The security measures are approved and accepted by the JAB/AO." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-6", - "adds": [ - { - "position": "starting", - "by-id": "mp-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "mp-7", - "adds": [ - { - "position": "starting", - "by-id": "mp-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "mp-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "mp-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-1", - "adds": [ - { - "position": "starting", - "by-id": "pe-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "pe-10", - "adds": [ - { - "position": "starting", - "by-id": "pe-10_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-10_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-11", - "adds": [ - { - "position": "starting", - "by-id": "pe-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-12", - "adds": [ - { - "position": "starting", - "by-id": "pe-12_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-13", - "adds": [ - { - "position": "starting", - "by-id": "pe-13_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_obj-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-13.1", - "adds": [ - { - "position": "starting", - "by-id": "pe-13.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.1_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-13.2", - "adds": [ - { - "position": "starting", - "by-id": "pe-13.2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-13.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-14", - "adds": [ - { - "position": "ending", - "by-id": "pe-14_smt", - "parts": [ - { - "id": "pe-14_fr", - "name": "item", - "title": "PE-14 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pe-14_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "The service provider measures temperature at server inlets and humidity levels by dew point." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-14_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-15", - "adds": [ - { - "position": "starting", - "by-id": "pe-15_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-15_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-16", - "adds": [ - { - "position": "starting", - "by-id": "pe-16_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-16_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-17", - "adds": [ - { - "position": "starting", - "by-id": "pe-17_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-17_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-2", - "adds": [ - { - "position": "starting", - "by-id": "pe-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-3", - "adds": [ - { - "position": "starting", - "by-id": "pe-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.e-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.e-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.e-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.g-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_obj.g-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "pe-4", - "adds": [ - { - "position": "starting", - "by-id": "pe-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-5", - "adds": [ - { - "position": "starting", - "by-id": "pe-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-6", - "adds": [ - { - "position": "starting", - "by-id": "pe-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-6.1", - "adds": [ - { - "position": "starting", - "by-id": "pe-6.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-6.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-8", - "adds": [ - { - "position": "starting", - "by-id": "pe-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pe-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pe-9", - "adds": [ - { - "position": "starting", - "by-id": "pe-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pe-9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-1", - "adds": [ - { - "position": "starting", - "by-id": "pl-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "pl-11", - "adds": [ - { - "position": "starting", - "by-id": "pl-11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-2", - "adds": [ - { - "position": "starting", - "by-id": "pl-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.4-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.4-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.10-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.10-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.11", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.12-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.12-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.13-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.13-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.14-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.14-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.15-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.a.15-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-2_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-4", - "adds": [ - { - "position": "starting", - "by-id": "pl-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-4.1", - "adds": [ - { - "position": "starting", - "by-id": "pl-4.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-4.1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-8", - "adds": [ - { - "position": "ending", - "by-id": "pl-8_smt", - "parts": [ - { - "id": "pl-8_fr", - "name": "item", - "title": "PL-8 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pl-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(b) Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_obj.c-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "pl-8_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "pl-10", - "adds": [ - { - "position": "ending", - "by-id": "pl-10_smt", - "parts": [ - { - "id": "pl-10_fr", - "name": "item", - "title": "PL-10 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "pl-10_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Select the appropriate FedRAMP Baseline" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "pl-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "pl-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-1", - "adds": [ - { - "position": "starting", - "by-id": "ps-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ps-2", - "adds": [ - { - "position": "starting", - "by-id": "ps-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-3", - "adds": [ - { - "position": "starting", - "by-id": "ps-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-3.3", - "adds": [ - { - "position": "starting", - "by-id": "ps-3.3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3.3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-3.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-3.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-4", - "adds": [ - { - "position": "starting", - "by-id": "ps-4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-5", - "adds": [ - { - "position": "starting", - "by-id": "ps-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-6", - "adds": [ - { - "position": "starting", - "by-id": "ps-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-7", - "adds": [ - { - "position": "starting", - "by-id": "ps-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-7_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-8", - "adds": [ - { - "position": "starting", - "by-id": "ps-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ps-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ps-9", - "adds": [ - { - "position": "starting", - "by-id": "ps-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ps-9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-1", - "adds": [ - { - "position": "starting", - "by-id": "ra-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "ra-2", - "adds": [ - { - "position": "starting", - "by-id": "ra-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-3", - "adds": [ - { - "position": "ending", - "by-id": "ra-3_smt", - "parts": [ - { - "id": "ra-3_fr", - "name": "item", - "title": "RA-3 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ra-3_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." - }, - { - "id": "ra-3_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(e) Requirement:" - } - ], - "prose": "Include all Authorizing Officials; for JAB authorizations to include FedRAMP." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-3.1", - "adds": [ - { - "position": "starting", - "by-id": "ra-3.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-3.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-3.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-5", - "adds": [ - { - "position": "ending", - "by-id": "ra-5_smt", - "parts": [ - { - "id": "ra-5_fr", - "name": "item", - "title": "RA-5 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "ra-5_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See the FedRAMP Documents page> Vulnerability Scanning Requirements https://www.FedRAMP.gov/documents/" - }, - { - "id": "ra-5_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(a) Requirement:" - } - ], - "prose": "an accredited independent assessor scans operating systems/infrastructure, web applications, and databases once annually." - }, - { - "id": "ra-5_fr_smt.2", - "name": "item", - "props": [ - { - "name": "label", - "value": "(d) Requirement:" - } - ], - "prose": "If a vulnerability is listed among the CISA Known Exploited Vulnerability (KEV) Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) the KEV remediation date supersedes the FedRAMP parameter requirement." - }, - { - "id": "ra-5_fr_smt.3", - "name": "item", - "props": [ - { - "name": "label", - "value": "(e) Requirement:" - } - ], - "prose": "to include all Authorizing Officials; for JAB authorizations to include FedRAMP" - }, - { - "id": "ra-5_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a \\\"warning\\\" as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on \\\"Tracking of Compliance Scans\\\" in FAQs." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.b.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ra-5.11", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.11_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.11_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-5.2", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.2", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ra-5.3", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "ra-5.5", - "adds": [ - { - "position": "starting", - "by-id": "ra-5.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-5.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-7", - "adds": [ - { - "position": "starting", - "by-id": "ra-7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "ra-9", - "adds": [ - { - "position": "starting", - "by-id": "ra-9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "ra-9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-1", - "adds": [ - { - "position": "starting", - "by-id": "sa-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "sa-11", - "adds": [ - { - "position": "starting", - "by-id": "sa-11_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-11.2", - "adds": [ - { - "position": "starting", - "by-id": "sa-11.2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.b-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.b-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.d-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_obj.d-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.2_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-15", - "adds": [ - { - "position": "starting", - "by-id": "sa-15_obj.a.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.a.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.a.4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-15_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-15.3", - "adds": [ - { - "position": "starting", - "by-id": "sa-15.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-15.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-15.3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-2", - "adds": [ - { - "position": "starting", - "by-id": "sa-2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-22", - "adds": [ - { - "position": "starting", - "by-id": "sa-22_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-22_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-22_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-22_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-3", - "adds": [ - { - "position": "starting", - "by-id": "sa-3_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.d-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_obj.d-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-3_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4", - "adds": [ - { - "position": "ending", - "by-id": "sa-4_smt", - "parts": [ - { - "id": "sa-4_fr", - "name": "item", - "title": "SA-4 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "sa-4_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider must comply with Federal Acquisition Regulation (FAR) Subpart 7.103, and Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year 2019 (Pub. L. 115-232), and FAR Subpart 4.21, which implements Section 889 (as well as any added updates related to FISMA to address security concerns in the system acquisitions process)." - }, - { - "id": "sa-4_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "The use of Common Criteria (ISO/IEC 15408) evaluated products is strongly preferred.\n\nSee https://www.niap-ccevs.org/Product/index.cfm or https://www.commoncriteriaportal.org/products/." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_obj.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-4_smt.i", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-10", - "adds": [ - { - "position": "ending", - "by-id": "sa-10_smt", - "parts": [ - { - "id": "sa-10_fr", - "name": "item", - "title": "SA-10 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "sa-10_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "(e) Requirement:" - } - ], - "prose": "track security flaws and flaw resolution within the system, component, or service and report findings to organization-defined personnel, to include FedRAMP." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-10_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-11.1", - "adds": [ - { - "position": "ending", - "by-id": "sa-11.1_smt", - "parts": [ - { - "id": "sa-11.1_fr", - "name": "item", - "title": "SA-11(1) Additional FedRAMP Requirements", - "parts": [ - { - "id": "sa-11.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "The service provider must document its methodology for reviewing newly developed code for the Service in its Continuous Monitoring Plan.\n\nIf Static code analysis cannot be performed (for example, when the source code is not available), then dynamic code analysis must be performed (see SA-11 (8))" - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-11.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sa-4.1", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4.10", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4.2", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-4.9", - "adds": [ - { - "position": "starting", - "by-id": "sa-4.9_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-4.9_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-5", - "adds": [ - { - "position": "starting", - "by-id": "sa-5_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.2-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.a.3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.1-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.2-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.2-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.3-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.b.3-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.c-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.c-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-8", - "adds": [ - { - "position": "starting", - "by-id": "sa-8_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_obj-10", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-9", - "adds": [ - { - "position": "starting", - "by-id": "sa-9_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sa-9.1", - "adds": [ - { - "position": "starting", - "by-id": "sa-9.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-9.2", - "adds": [ - { - "position": "starting", - "by-id": "sa-9.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sa-9.5", - "adds": [ - { - "position": "starting", - "by-id": "sa-9.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sa-9.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-1", - "adds": [ - { - "position": "starting", - "by-id": "sc-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "sc-10", - "adds": [ - { - "position": "starting", - "by-id": "sc-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-17", - "adds": [ - { - "position": "starting", - "by-id": "sc-17_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-17_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-17_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-17_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-18", - "adds": [ - { - "position": "starting", - "by-id": "sc-18_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-18_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-18_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-18_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-2", - "adds": [ - { - "position": "starting", - "by-id": "sc-2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-22", - "adds": [ - { - "position": "starting", - "by-id": "sc-22_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-22_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-23", - "adds": [ - { - "position": "starting", - "by-id": "sc-23_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-23_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-39", - "adds": [ - { - "position": "starting", - "by-id": "sc-39_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-39_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-4", - "adds": [ - { - "position": "starting", - "by-id": "sc-4_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-4_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-45", - "adds": [ - { - "position": "starting", - "by-id": "sc-45_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-45_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-5", - "adds": [ - { - "position": "starting", - "by-id": "sc-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sc-7", - "adds": [ - { - "position": "ending", - "by-id": "sc-7_smt", - "parts": [ - { - "id": "sc-7_fr", - "name": "item", - "title": "SC-7 Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "sc-7_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "(b) Guidance:" - } - ], - "prose": "SC-7 (b) should be met by subnet isolation. A subnetwork (subnet) is a physically or logically segmented section of a larger network defined at TCP/IP Layer 3, to both minimize traffic and, important for a FedRAMP Authorization, add a crucial layer of network isolation. Subnets are distinct from VLANs (Layer 2), security groups, and VPCs and are specifically required to satisfy SC-7 part b and other controls. See the FedRAMP Subnets White Paper (https://www.fedramp.gov/assets/resources/documents/FedRAMP_subnets_white_paper.pdf) for additional information." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-7.12", - "adds": [ - { - "position": "starting", - "by-id": "sc-7.12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-7.18", - "adds": [ - { - "position": "starting", - "by-id": "sc-7.18_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.18_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.18", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-7.3", - "adds": [ - { - "position": "starting", - "by-id": "sc-7.3_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.3_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.3", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-7.4", - "adds": [ - { - "position": "starting", - "by-id": "sc-7.4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_obj.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4_smt.h", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.4", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-7.5", + "control-id": "ca-8", "adds": [ { "position": "ending", - "by-id": "sc-7.5_smt", + "by-id": "ca-8_smt", "parts": [ { - "id": "sc-7.5_fr", + "id": "ca-8_fr", "name": "item", - "title": "SC-7 (5) Additional FedRAMP Requirements and Guidance", + "title": "CA-8 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-7.5_fr_gdn.1", + "id": "ca-8_fr_gdn.1", "name": "guidance", "props": [ { @@ -32651,202 +2997,28 @@ "value": "Guidance:" } ], - "prose": "For JAB Authorization, CSPs shall include details of this control in their Architecture Briefing" + "prose": "Reference the FedRAMP Penetration Test Guidance." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-7.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.5", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-7.7", - "adds": [ - { - "position": "starting", - "by-id": "sc-7.7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.7_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.7", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "sc-7.8", - "adds": [ - { - "position": "starting", - "by-id": "sc-7.8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-7.8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-8", + "control-id": "ca-8.2", "adds": [ { "position": "ending", - "by-id": "sc-8_smt", + "by-id": "ca-8.2_smt", "parts": [ { - "id": "sc-8_fr", + "id": "ca-8.2_fr", "name": "item", - "title": "SC-8 Additional FedRAMP Requirements and Guidance", + "title": "CM-2 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-8_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n\n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work - e.g. log collection, scanning, etc.\n\n\n\n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters\n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information]" - }, - { - "id": "sc-8_fr_gdn.2", + "id": "ca-8.2_fr_gdn.1", "name": "guidance", "props": [ { @@ -32854,305 +3026,119 @@ "value": "Guidance:" } ], - "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n\n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n\n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS's Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS' recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n\n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n\n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n\n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf" + "prose": "See the FedRAMP Documents page> Penetration Test Guidance\n\nhttps://www.FedRAMP.gov/documents/" } ] } ] - }, - { - "position": "starting", - "by-id": "sc-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-8", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-8.1", + "control-id": "cm-2", "adds": [ { "position": "ending", - "by-id": "sc-8.1_smt", + "by-id": "cm-2_smt", "parts": [ { - "id": "sc-8.1_fr", + "id": "cm-2_fr", "name": "item", - "title": "SC-8 (1) Additional FedRAMP Requirements and Guidance", + "title": "CM-2 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-8.1_fr_smt.1", - "name": "item", - "props": [ - { - "name": "label", - "value": "Requirement:" - } - ], - "prose": "Please ensure SSP Section 10.3 Cryptographic Modules Implemented for Data At Rest (DAR) and Data In Transit (DIT) is fully populated for reference in this control." - }, - { - "id": "sc-8.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See M-22-09, including \\\"Agencies encrypt all DNS requests and HTTP traffic within their environment\\\"\n\nSC-8 (1) applies when encryption has been selected as the method to protect confidentiality and integrity. Otherwise refer to SC-8 (5). SC-8 (1) is strongly encouraged." - }, - { - "id": "sc-8.1_fr_gdn.2", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" - }, - { - "id": "sc-8.1_fr_gdn.3", + "id": "cm-2_fr_gdn.1", "name": "guidance", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(b) (1) Guidance:" } ], - "prose": "When leveraging encryption from the underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-8.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-8.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "sc-12", + "control-id": "cm-3", "adds": [ { "position": "ending", - "by-id": "sc-12_smt", + "by-id": "cm-3_smt", "parts": [ { - "id": "sc-12_fr", + "id": "cm-3_fr", "name": "item", - "title": "SC-12 Additional FedRAMP Requirements and Guidance", + "title": "CM-3 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-12_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "See references in NIST 800-53 documentation." - }, - { - "id": "sc-12_fr_gdn.2", - "name": "guidance", + "id": "cm-3_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "Must meet applicable Federal Cryptographic Requirements. See References Section of control." + "prose": "The service provider establishes a central means of communicating major changes to or developments in the information system or environment of operations that may affect its services to the federal government and associated service consumers (e.g., electronic bulletin board, web status page). The means of communication are approved and accepted by the JAB/AO." }, - { - "id": "sc-12_fr_gdn.3", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Wildcard certificates may be used internally within the system, but are not permitted for external customer access to the system." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sc-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-12", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + { + "id": "cm-3_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(e) Guidance:" + } + ], + "prose": "In accordance with record retention policies and procedures." + } + ] } ] } ] }, { - "control-id": "sc-13", + "control-id": "cm-6", "adds": [ { "position": "ending", - "by-id": "sc-13_smt", + "by-id": "cm-6_smt", "parts": [ { - "id": "sc-13_fr", + "id": "cm-6_fr", "name": "item", - "title": "SC-13 Additional FedRAMP Requirements and Guidance", + "title": "CM-6 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-13_fr_gdn.1", - "name": "guidance", + "id": "cm-6_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement 1:" } ], - "prose": "This control applies to all use of cryptography. In addition to encryption, this includes functions such as hashing, random number generation, and key generation. Examples include the following:\n\n* Encryption of data\n* Decryption of data\n* Generation of one time passwords (OTPs) for MFA\n* Protocols such as TLS, SSH, and HTTPS\n\n\n\n\nThe requirement for FIPS 140 validation, as well as timelines for acceptance of FIPS 140-2, and 140-3 can be found at the NIST Cryptographic Module Validation Program (CMVP).\n\nhttps://csrc.nist.gov/projects/cryptographic-module-validation-program" + "prose": "The service provider shall use the DoD STIGs to establish configuration settings; Center for Internet Security up to Level 2 (CIS Level 2) guidelines shall be used if STIGs are not available; Custom baselines shall be used if CIS is not available." }, { - "id": "sc-13_fr_gdn.2", - "name": "guidance", + "id": "cm-6_fr_smt.2", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement 2:" } ], - "prose": "For NSA-approved cryptography, the National Information Assurance Partnership (NIAP) oversees a national program to evaluate Commercial IT Products for Use in National Security Systems. The NIAP Product Compliant List can be found at the following location:\n\nhttps://www.niap-ccevs.org/Product/index.cfm" + "prose": "The service provider shall ensure that checklists for configuration settings are Security Content Automation Protocol (SCAP) validated or SCAP compatible (if validated checklists are not available)." }, { - "id": "sc-13_fr_gdn.3", + "id": "cm-6_fr_gdn.1", "name": "guidance", "props": [ { @@ -33160,21 +3146,57 @@ "value": "Guidance:" } ], - "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." - }, + "prose": "Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP’s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.\n\nDuring monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests." + } + ] + } + ] + } + ] + }, + { + "control-id": "cm-7", + "adds": [ + { + "position": "ending", + "by-id": "cm-7_smt", + "parts": [ + { + "id": "cm-7_fr", + "name": "item", + "title": "CM-7 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-13_fr_gdn.4", - "name": "guidance", + "id": "cm-7_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(b) Requirement:" } ], - "prose": "Moving to non-FIPS CM or product is acceptable when:\n\n* FIPS validated version has a known vulnerability\n* Feature with vulnerability is in use\n* Non-FIPS version fixes the vulnerability\n* Non-FIPS version is submitted to NIST for FIPS validation\n* POA&M is added to track approval, and deployment when ready\n" - }, + "prose": "The service provider shall use Security guidelines (See CM-6) to establish list of prohibited or restricted functions, ports, protocols, and/or services or establishes its own list of prohibited or restricted functions, ports, protocols, and/or services if STIGs or CIS is not available." + } + ] + } + ] + } + ] + }, + { + "control-id": "cm-7.2", + "adds": [ + { + "position": "ending", + "by-id": "cm-7.2_smt", + "parts": [ + { + "id": "cm-7.2_fr", + "name": "item", + "title": "CM-7 (2) Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-13_fr_gdn.5", + "id": "cm-7.2_fr_gdn.1", "name": "guidance", "props": [ { @@ -33182,113 +3204,28 @@ "value": "Guidance:" } ], - "prose": "At a minimum, this control applies to cryptography in use for the following controls: AU-9(3), CP-9(8), IA-2(6), IA-5(1), MP-5, SC-8(1), and SC-28(1)." + "prose": "This control refers to software deployment by CSP personnel into the production environment. The control requires a policy that states conditions for deploying software. This control shall be implemented in a technical manner on the information system to only allow programs to run that adhere to the policy (i.e. allow-listing). This control is not to be based off of strictly written policy on what is allowed or not allowed to run." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-13_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-13_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-13_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-13_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-13", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-15", + "control-id": "cm-8", "adds": [ { "position": "ending", - "by-id": "sc-15_smt", + "by-id": "cm-8_smt", "parts": [ { - "id": "sc-15_fr", + "id": "cm-8_fr", "name": "item", - "title": "SC-15 Additional FedRAMP Requirements and Guidance", + "title": "CM-8 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-15_fr_smt.1", + "id": "cm-8_fr_smt.1", "name": "item", "props": [ { @@ -33296,102 +3233,79 @@ "value": "Requirement:" } ], - "prose": "The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use." + "prose": "must be provided at least monthly or when there is a change." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-15_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-15_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, + } + ] + }, + { + "control-id": "cm-9", + "adds": [ { - "position": "starting", - "by-id": "sc-15_smt.a", - "props": [ + "position": "ending", + "by-id": "cm-9_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "cm-9_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "FedRAMP does not provide a template for the Configuration Management Plan. However, NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems, provides guidelines for the implementation of CM controls as well as a sample CMP outline in Appendix D of the Guide" } ] - }, + } + ] + }, + { + "control-id": "cm-12", + "adds": [ { - "position": "starting", - "by-id": "sc-15_smt.b", - "props": [ + "position": "ending", + "by-id": "cm-12_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "cm-12_fr", + "name": "item", + "title": "CM-12 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cm-12_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "According to FedRAMP Authorization Boundary Guidance" + } + ] } ] } ] }, { - "control-id": "sc-20", + "control-id": "cm-12.1", "adds": [ { "position": "ending", - "by-id": "sc-20_smt", + "by-id": "cm-12.1_smt", "parts": [ { - "id": "sc-20_fr", + "id": "cm-12.1_fr", "name": "item", - "title": "SC-20 Additional FedRAMP Requirements and Guidance", + "title": "CM-12 (1) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-20_fr_smt.1", + "id": "cm-12.1_fr_smt.1", "name": "item", "props": [ { @@ -33399,203 +3313,166 @@ "value": "Requirement:" } ], - "prose": "Control Description should include how DNSSEC is implemented on authoritative DNS servers to supply valid responses to external DNSSEC requests." - }, + "prose": "According to FedRAMP Authorization Boundary Guidance." + } + ] + } + ] + } + ] + }, + { + "control-id": "cp-2", + "adds": [ + { + "position": "ending", + "by-id": "cp-2_smt", + "parts": [ + { + "id": "cp-2_fr", + "name": "item", + "title": "CP-2 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-20_fr_gdn.1", - "name": "guidance", + "id": "cp-2_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "SC-20 applies to use of external authoritative DNS to access a CSO from outside the boundary." + "prose": "For JAB authorizations the contingency lists include designated FedRAMP personnel." }, { - "id": "sc-20_fr_gdn.2", - "name": "guidance", + "id": "cp-2_fr_smt.2", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "External authoritative DNS servers may be located outside an authorized environment. Positioning these servers inside an authorized boundary is encouraged." - }, + "prose": "CSPs must use the FedRAMP Information System Contingency Plan (ISCP) Template (available on the fedramp.gov: https://www.fedramp.gov/assets/resources/templates/SSP-A06-FedRAMP-ISCP-Template.docx)." + } + ] + } + ] + } + ] + }, + { + "control-id": "cp-3", + "adds": [ + { + "position": "ending", + "by-id": "cp-3_smt", + "parts": [ + { + "id": "cp-3_fr", + "name": "item", + "title": "CP-3 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-20_fr_gdn.3", - "name": "guidance", + "id": "cp-3_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "CSPs are recommended to self-check DNSSEC configuration through one of many available analyzers such as Sandia National Labs (https://dnsviz.net)" + "prose": "Privileged admins and engineers must take the basic contingency training within 10 days. Consideration must be given for those privileged admins and engineers with critical contingency-related roles, to gain enough system context and situational awareness to understand the full impact of contingency training as it applies to their respective level. Newly hired critical contingency personnel must take this more in-depth training within 60 days of hire date when the training will have more impact." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-20_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_obj.b-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_obj.b-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-20_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "sc-21", + "control-id": "cp-4", "adds": [ { "position": "ending", - "by-id": "sc-21_smt", + "by-id": "cp-4_smt", "parts": [ { - "id": "sc-21_fr", + "id": "cp-4_fr", "name": "item", - "title": "SC-21 Additional FedRAMP Requirements and Guidance", + "title": "CP-4 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-21_fr_smt.1", + "id": "cp-4_fr_smt.1", "name": "item", "props": [ { "name": "label", - "value": "Requirement:" + "value": "(a) Requirement:" } ], - "prose": "Control description should include how DNSSEC is implemented on recursive DNS servers to make DNSSEC requests when resolving DNS requests from internal components to domains external to the CSO boundary.\n\n* If the reply is signed, and fails DNSSEC, do not use the reply\n* If the reply is unsigned: * CSP chooses the policy to apply \n" + "prose": "The service provider develops test plans in accordance with NIST Special Publication 800-34 (as amended); plans are approved by the JAB/AO prior to initiating testing." }, { - "id": "sc-21_fr_smt.2", + "id": "cp-4_fr_smt.1", "name": "item", "props": [ { "name": "label", - "value": "Requirement:" + "value": "(b) Requirement:" } ], - "prose": "Internal recursive DNS servers must be located inside an authorized environment. It is typically within the boundary, or leveraged from an underlying IaaS/PaaS." - }, + "prose": "The service provider must include the Contingency Plan test results with the security package within the Contingency Plan-designated appendix (Appendix G, Contingency Plan Test Report)." + } + ] + } + ] + } + ] + }, + { + "control-id": "cp-7", + "adds": [ + { + "position": "ending", + "by-id": "cp-7_smt", + "parts": [ + { + "id": "cp-7_fr", + "name": "item", + "title": "CP-7 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-21_fr_gdn.1", - "name": "guidance", + "id": "cp-7_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "Accepting an unsigned reply is acceptable" - }, + "prose": "The service provider defines a time period consistent with the recovery time objectives and business impact analysis." + } + ] + } + ] + } + ] + }, + { + "control-id": "cp-7.1", + "adds": [ + { + "position": "ending", + "by-id": "cp-7.1_smt", + "parts": [ + { + "id": "cp-7.1_fr", + "name": "item", + "title": "CP-7 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ { - "id": "sc-21_fr_gdn.2", + "id": "cp-7.1_fr_smt.1", "name": "guidance", "props": [ { @@ -33603,250 +3480,148 @@ "value": "Guidance:" } ], - "prose": "SC-21 applies to use of internal recursive DNS to access a domain outside the boundary by a component inside the boundary.\n\n* DNSSEC resolution to access a component inside the boundary is excluded.\n" + "prose": "The service provider may determine what is considered a sufficient degree of separation between the primary and alternate processing sites, based on the types of threats that are of concern. For one particular type of threat (i.e., hostile cyber attack), the degree of separation between sites will be less relevant." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-21_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-21_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, + } + ] + }, + { + "control-id": "cp-8", + "adds": [ { - "position": "starting", - "by-id": "sc-21", - "props": [ + "position": "ending", + "by-id": "cp-8_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "cp-8_fr", + "name": "item", + "title": "CP-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cp-8_fr_gdn.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider defines a time period consistent with the recovery time objectives and business impact analysis." + } + ] } ] } ] }, { - "control-id": "sc-28", + "control-id": "cp-9", "adds": [ { "position": "ending", - "by-id": "sc-28_smt", + "by-id": "cp-9_smt", "parts": [ { - "id": "sc-28_fr", + "id": "cp-9_fr", "name": "item", - "title": "SC-28 Additional FedRAMP Requirements and Guidance", + "title": "CP-9 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-28_fr_gdn.1", - "name": "guidance", + "id": "cp-9_fr_smt.1", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "Requirement:" } ], - "prose": "The organization supports the capability to use cryptographic mechanisms to protect information at rest." + "prose": "The service provider shall determine what elements of the cloud environment require the Information System Backup control. The service provider shall determine how Information System Backup is going to be verified and appropriate periodicity of the check." }, { - "id": "sc-28_fr_gdn.2", - "name": "guidance", + "id": "cp-9_fr_smt.2", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(a) Requirement:" } ], - "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + "prose": "The service provider maintains at least three backup copies of user-level information (at least one of which is available online) or provides an equivalent alternative." }, { - "id": "sc-28_fr_gdn.3", - "name": "guidance", + "id": "cp-9_fr_smt.3", + "name": "item", "props": [ { "name": "label", - "value": "Guidance:" + "value": "(b) Requirement:" } ], - "prose": "Note that this enhancement requires the use of cryptography in accordance with SC-13." + "prose": "The service provider maintains at least three backup copies of system-level information (at least one of which is available online) or provides an equivalent alternative." + }, + { + "id": "cp-9_fr_smt.4", + "name": "item", + "props": [ + { + "name": "label", + "value": "(c) Requirement:" + } + ], + "prose": "The service provider maintains at least three backup copies of information system documentation including security information (at least one of which is available online) or provides an equivalent alternative." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-28_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-28_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-28", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] } ] }, { - "control-id": "sc-28.1", + "control-id": "cp-9.8", "adds": [ { "position": "ending", - "by-id": "sc-28.1_smt", + "by-id": "cp-9.8_smt", "parts": [ { - "id": "sc-28.1_fr", + "id": "cp-9.8_fr", "name": "item", - "title": "SC-28 (1) Additional FedRAMP Requirements and Guidance", - "parts": [ - { - "id": "sc-28.1_fr_gdn.1", - "name": "guidance", - "props": [ - { - "name": "label", - "value": "Guidance:" - } - ], - "prose": "Organizations should select a mode of protection that is targeted towards the relevant threat scenarios.\n\nExamples:\n\nA. Organizations may apply full disk encryption (FDE) to a mobile device where the primary threat is loss of the device while storage is locked.\n\nB. For a database application housing data for a single customer, encryption at the file system level would often provide more protection than FDE against the more likely threat of an intruder on the operating system accessing the storage.\n\nC. For a database application housing data for multiple customers, encryption with unique keys for each customer at the database record level may be more appropriate." - } - ] - } - ] - }, - { - "position": "starting", - "by-id": "sc-28.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-28.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "title": "CP-9 (8) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "cp-9.8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" + } + ] } ] } ] }, { - "control-id": "sc-45.1", + "control-id": "ia-2", "adds": [ { "position": "ending", - "by-id": "sc-45.1_smt", + "by-id": "ia-2_smt", "parts": [ { - "id": "sc-45.1_fr", + "id": "ia-2_fr", "name": "item", - "title": "SC-45(1) Additional FedRAMP Requirements and Guidance", + "title": "IA-2 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "sc-45.1_fr_smt.1", + "id": "ia-2_fr_smt.1", "name": "item", "props": [ { @@ -33854,10 +3629,10 @@ "value": "Requirement:" } ], - "prose": "The service provider selects primary and secondary time servers used by the NIST Internet time service. The secondary server is selected from a different geographic region than the primary server." + "prose": "For all control enhancements that specify multifactor authentication, the implementation must adhere to the Digital Identity Guidelines specified in NIST Special Publication 800-63B." }, { - "id": "sc-45.1_fr_smt.2", + "id": "ia-2_fr_smt.2", "name": "item", "props": [ { @@ -33865,10 +3640,21 @@ "value": "Requirement:" } ], - "prose": "The service provider synchronizes the system clocks of network computers that run operating systems other than Windows to the Windows Server Domain Controller emulator or to the same time source for that server." + "prose": "Multi-factor authentication must be phishing-resistant." }, { - "id": "sc-45.1_fr_gdn.1", + "id": "ia-2_fr_smt.3", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "All uses of encrypted virtual private networks must meet all applicable Federal requirements and architecture, dataflow, and security and privacy controls must be documented, assessed, and authorized to operate." + }, + { + "id": "ia-2_fr_gdn.1", "name": "guidance", "props": [ { @@ -33876,955 +3662,261 @@ "value": "Guidance:" } ], - "prose": "Synchronization of system clocks improves the accuracy of log analysis." + "prose": "\\\"Phishing-resistant\\\" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system." } ] } ] - }, - { - "position": "starting", - "by-id": "sc-45.1_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-45.1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sc-45.1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-45.1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sc-45.1", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "si-1", - "adds": [ - { - "position": "starting", - "by-id": "si-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "si-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-1_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - } - ] - }, - { - "control-id": "si-11", - "adds": [ - { - "position": "starting", - "by-id": "si-11_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "si-12", - "adds": [ - { - "position": "starting", - "by-id": "si-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-12_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "si-16", - "adds": [ - { - "position": "starting", - "by-id": "si-16_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-16_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "si-2", + "control-id": "ia-2.1", "adds": [ { - "position": "starting", - "by-id": "si-2_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2_smt.d", - "props": [ + "position": "ending", + "by-id": "ia-2.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-2.1_fr", + "name": "item", + "title": "IA-2 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-2.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." + }, + { + "id": "ia-2.1_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Multi-factor authentication must be phishing-resistant." + }, + { + "id": "ia-2.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." + } + ] } ] } ] }, { - "control-id": "si-2.2", + "control-id": "ia-2.2", "adds": [ { - "position": "starting", - "by-id": "si-2.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2.2_smt", - "props": [ + "position": "ending", + "by-id": "ia-2.2_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-2.2_fr", + "name": "item", + "title": "IA-2 (2) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-2.2_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL)." + }, + { + "id": "ia-2.2_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Multi-factor authentication must be phishing-resistant." + }, + { + "id": "ia-2.2_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Multi-factor authentication to subsequent components in the same user domain is not required." + } + ] } ] } ] }, { - "control-id": "si-2.3", + "control-id": "ia-2.6", "adds": [ { - "position": "starting", - "by-id": "si-2.3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2.3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-2.3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-2.3_smt.b", - "props": [ + "position": "ending", + "by-id": "ia-2.6_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-2.6_fr", + "name": "item", + "title": "IA-2 (6) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-2.6_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "PIV=separate device. Please refer to NIST SP 800-157 Guidelines for Derived Personal Identity Verification (PIV) Credentials." + }, + { + "id": "ia-2.6_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See SC-13 Guidance for more information on FIPS-validated or NSA-approved cryptography." + } + ] } ] } ] }, { - "control-id": "si-3", + "control-id": "ia-2.12", "adds": [ { - "position": "starting", - "by-id": "si-3_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.1-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.1-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.2-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.c.2-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-3_smt.d", - "props": [ + "position": "ending", + "by-id": "ia-2.12_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-2.12_fr", + "name": "item", + "title": "IA-2 (12) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-2.12_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Include Common Access Card (CAC), i.e., the DoD technical implementation of PIV/FIPS 201/HSPD-12." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ia-5", + "adds": [ { - "position": "starting", - "by-id": "si-3", - "props": [ + "position": "ending", + "by-id": "ia-5_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ia-5_fr", + "name": "item", + "title": "IA-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-5_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Authenticators must be compliant with NIST SP 800-63-3 Digital Identity Guidelines IAL, AAL, FAL level 2. Link https://pages.nist.gov/800-63-3" + }, + { + "id": "ia-5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SP 800-63C Section 6.2.3 Encrypted Assertion requires that authentication assertions be encrypted when passed through third parties, such as a browser. For example, a SAML assertion can be encrypted using XML-Encryption, or an OpenID Connect ID Token can be encrypted using JSON Web Encryption (JWE)." + } + ] } ] } ] }, { - "control-id": "si-4", + "control-id": "ia-5.1", "adds": [ { "position": "ending", - "by-id": "si-4_smt", + "by-id": "ia-5.1_smt", "parts": [ { - "id": "si-4_fr", + "id": "ia-5.1_fr", "name": "item", - "title": "SI-4 Additional FedRAMP Requirements and Guidance", + "title": "IA-5 (1) Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-4_fr_gdn.1", + "id": "ia-5.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Password policies must be compliant with NIST SP 800-63B for all memorized, lookup, out-of-band, or One-Time-Passwords (OTP). Password policies shall not enforce special character or minimum password rotation requirements for memorized secrets of users." + }, + { + "id": "ia-5.1_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(h) Requirement:" + } + ], + "prose": "For cases where technology doesn’t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.\n\nFor emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used." + }, + { + "id": "ia-5.1_fr_gdn.1", "name": "guidance", "props": [ { @@ -34832,695 +3924,485 @@ "value": "Guidance:" } ], - "prose": "See US-CERT Incident Response Reporting Guidelines." + "prose": "Note that (c) and (d) require the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13)." } ] } ] - }, - { - "position": "starting", - "by-id": "si-4_obj.a.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.a.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.e", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.f", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_obj.g", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, + } + ] + }, + { + "control-id": "ia-5.7", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.b", - "props": [ + "position": "ending", + "by-id": "ia-5.7_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-5.7_fr", + "name": "item", + "title": "IA-5 (7) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-5.7_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "In this context, prohibited static storage refers to any storage where unencrypted authenticators, such as passwords, persist beyond the time required to complete the access process." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ia-11", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.c", - "props": [ + "position": "ending", + "by-id": "ia-11_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-11_fr", + "name": "item", + "title": "IA-11 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-11_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The fixed time period cannot exceed the limits set in SP 800-63. At this writing they are:\n\n* AAL2 (moderate baseline) * 12 hours or * 30 minutes of inactivity \n" + } + ] } ] - }, + } + ] + }, + { + "control-id": "ia-12", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.d", - "props": [ + "position": "ending", + "by-id": "ia-12_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-12_fr", + "name": "item", + "title": "IA-12 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-12_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "In accordance with NIST SP 800-63A Enrollment and Identity Proofing" + } + ] } ] - }, + } + ] + }, + { + "control-id": "ia-12.5", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.e", - "props": [ + "position": "ending", + "by-id": "ia-12.5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ia-12.5_fr", + "name": "item", + "title": "IA-12 (5) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ia-12.5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "In accordance with NIST SP 800-63A Enrollment and Identity Proofing" + } + ] } ] - }, + } + ] + }, + { + "control-id": "ir-3", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.f", - "props": [ + "position": "ending", + "by-id": "ir-3_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ir-3_fr", + "name": "item", + "title": "IR-3-2 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider defines tests and/or exercises in accordance with NIST Special Publication 800-61 (as amended). Functional testing must occur prior to testing for initial authorization. Annual functional testing may be concurrent with required penetration tests (see CA-8). The service provider provides test plans to the JAB/AO annually. Test plans are approved and accepted by the JAB/AO prior to test commencing." + } + ] } ] - }, + } + ] + }, + { + "control-id": "ir-4", + "adds": [ { - "position": "starting", - "by-id": "si-4_smt.g", - "props": [ + "position": "ending", + "by-id": "ir-4_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ir-4_fr", + "name": "item", + "title": "IR-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-4_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The FISMA definition of \\\"incident\\\" shall be used: \\\"An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.\\\"" + }, + { + "id": "ir-4_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider ensures that individuals conducting incident handling meet personnel security requirements commensurate with the criticality/sensitivity of the information being processed, stored, and transmitted by the information system." + } + ] } ] } ] }, { - "control-id": "si-4.1", + "control-id": "ir-6", "adds": [ { - "position": "starting", - "by-id": "si-4.1_obj-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.1_obj-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.1_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.1", - "props": [ + "position": "ending", + "by-id": "ir-6_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ir-6_fr", + "name": "item", + "title": "IR-6 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-6_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Reports security incident information according to FedRAMP Incident Communications Procedure." + } + ] } ] } ] }, { - "control-id": "si-4.16", + "control-id": "ir-8", "adds": [ { - "position": "starting", - "by-id": "si-4.16_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.16_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.16", - "props": [ + "position": "ending", + "by-id": "ir-8_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "ir-8_fr", + "name": "item", + "title": "IR-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ir-8_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(b) Requirement:" + } + ], + "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." + }, + { + "id": "ir-8_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(d) Requirement:" + } + ], + "prose": "The service provider defines a list of incident response personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel." + } + ] } ] } ] }, { - "control-id": "si-4.18", + "control-id": "ma-5.1", "adds": [ { - "position": "starting", - "by-id": "si-4.18_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.18_smt", - "props": [ + "position": "ending", + "by-id": "ma-5.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "ma-5.1_fr", + "name": "item", + "title": "MA-5 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "ma-5.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Only MA-5 (1) (a) (1) is required by FedRAMP Moderate Baseline" + } + ] } ] } ] }, { - "control-id": "si-4.2", + "control-id": "mp-3", "adds": [ { - "position": "starting", - "by-id": "si-4.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.2_smt", - "props": [ + "position": "ending", + "by-id": "mp-3_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "mp-3_fr", + "name": "item", + "title": "MP-3 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "mp-3_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b) Guidance:" + } + ], + "prose": "Second parameter not-applicable" + } + ] } ] - }, + } + ] + }, + { + "control-id": "mp-4", + "adds": [ { - "position": "starting", - "by-id": "si-4.2", - "props": [ + "position": "ending", + "by-id": "mp-4_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "mp-4_fr", + "name": "item", + "title": "MP-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "mp-4_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "The service provider defines controlled areas within facilities where the information and information system reside." + } + ] } ] } ] }, { - "control-id": "si-4.23", + "control-id": "mp-5", "adds": [ { - "position": "starting", - "by-id": "si-4.23_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, + "position": "ending", + "by-id": "mp-5_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" + "id": "mp-5_fr", + "name": "item", + "title": "MP-5 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "mp-5_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "The service provider defines security measures to protect digital and non-digital media in transport. The security measures are approved and accepted by the JAB/AO." + } + ] } ] - }, + } + ] + }, + { + "control-id": "pe-14", + "adds": [ { - "position": "starting", - "by-id": "si-4.23_smt", - "props": [ + "position": "ending", + "by-id": "pe-14_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "pe-14_fr", + "name": "item", + "title": "PE-14 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pe-14_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "The service provider measures temperature at server inlets and humidity levels by dew point." + } + ] } ] - }, + } + ] + }, + { + "control-id": "pl-8", + "adds": [ { - "position": "starting", - "by-id": "si-4.23", - "props": [ + "position": "ending", + "by-id": "pl-8_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "pl-8_fr", + "name": "item", + "title": "PL-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pl-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b) Guidance:" + } + ], + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." + } + ] } ] } ] }, { - "control-id": "si-4.4", + "control-id": "pl-10", "adds": [ { - "position": "starting", - "by-id": "si-4.4_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.4_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.4_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-4.4_smt.b", - "props": [ + "position": "ending", + "by-id": "pl-10_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "pl-10_fr", + "name": "item", + "title": "PL-10 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "pl-10_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Select the appropriate FedRAMP Baseline" + } + ] } ] } ] }, { - "control-id": "si-4.5", + "control-id": "ra-3", "adds": [ { "position": "ending", - "by-id": "si-4.5_smt", + "by-id": "ra-3_smt", "parts": [ { - "id": "si-4.5_fr", + "id": "ra-3_fr", "name": "item", - "title": "SI-4 (5) Additional FedRAMP Requirements and Guidance", + "title": "RA-3 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-4.5_fr_gdn.1", + "id": "ra-3_fr_gdn.1", "name": "guidance", "props": [ { @@ -35528,570 +4410,421 @@ "value": "Guidance:" } ], - "prose": "In accordance with the incident response plan." + "prose": "Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F." + }, + { + "id": "ra-3_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(e) Requirement:" + } + ], + "prose": "Include all Authorizing Officials; for JAB authorizations to include FedRAMP." } ] } ] - }, - { - "position": "starting", - "by-id": "si-4.5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-4.5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "si-5", + "control-id": "ra-5", "adds": [ { "position": "ending", - "by-id": "si-5_smt", + "by-id": "ra-5_smt", "parts": [ { - "id": "si-5_fr_smt.1", + "id": "ra-5_fr", "name": "item", - "title": "SI-5 Additional FedRAMP Requirements and Guidance", - "props": [ + "title": "RA-5 Additional FedRAMP Requirements and Guidance", + "parts": [ { - "name": "label", - "value": "Requirement:" + "id": "ra-5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See the FedRAMP Documents page> Vulnerability Scanning Requirements https://www.FedRAMP.gov/documents/" + }, + { + "id": "ra-5_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(a) Requirement:" + } + ], + "prose": "an accredited independent assessor scans operating systems/infrastructure, web applications, and databases once annually." + }, + { + "id": "ra-5_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "(d) Requirement:" + } + ], + "prose": "If a vulnerability is listed among the CISA Known Exploited Vulnerability (KEV) Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) the KEV remediation date supersedes the FedRAMP parameter requirement." + }, + { + "id": "ra-5_fr_smt.3", + "name": "item", + "props": [ + { + "name": "label", + "value": "(e) Requirement:" + } + ], + "prose": "to include all Authorizing Officials; for JAB authorizations to include FedRAMP" + }, + { + "id": "ra-5_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.\n\nWarning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.\n\nWarnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a “warning” as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on “Tracking of Compliance Scans” in FAQs." } - ], - "prose": "Service Providers must address the CISA Emergency and Binding Operational Directives applicable to their cloud service offering per FedRAMP guidance. This includes listing the applicable directives and stating compliance status." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-5_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + ] } ] } ] }, { - "control-id": "si-6", + "control-id": "sa-4", "adds": [ { - "position": "starting", - "by-id": "si-6_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-6_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-6_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-6_obj.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-6_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-6_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-6_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-6_smt.d", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-6", - "props": [ + "position": "ending", + "by-id": "sa-4_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "sa-4_fr", + "name": "item", + "title": "SA-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sa-4_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must comply with Federal Acquisition Regulation (FAR) Subpart 7.103, and Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year 2019 (Pub. L. 115-232), and FAR Subpart 4.21, which implements Section 889 (as well as any added updates related to FISMA to address security concerns in the system acquisitions process)." + }, + { + "id": "sa-4_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The use of Common Criteria (ISO/IEC 15408) evaluated products is strongly preferred.\n\nSee https://www.niap-ccevs.org/Product/index.cfm or https://www.commoncriteriaportal.org/products/." + } + ] } ] } ] }, { - "control-id": "si-7", + "control-id": "sa-10", "adds": [ { - "position": "starting", - "by-id": "si-7_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-7_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-7_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-7_smt.b", - "props": [ + "position": "ending", + "by-id": "sa-10_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sa-10_fr", + "name": "item", + "title": "SA-10 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sa-10_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "(e) Requirement:" + } + ], + "prose": "track security flaws and flaw resolution within the system, component, or service and report findings to organization-defined personnel, to include FedRAMP." + } + ] } ] - }, + } + ] + }, + { + "control-id": "sa-11.1", + "adds": [ { - "position": "starting", - "by-id": "si-7", - "props": [ + "position": "ending", + "by-id": "sa-11.1_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "sa-11.1_fr", + "name": "item", + "title": "SA-11(1) Additional FedRAMP Requirements", + "parts": [ + { + "id": "sa-11.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider must document its methodology for reviewing newly developed code for the Service in its Continuous Monitoring Plan.\n\nIf Static code analysis cannot be performed (for example, when the source code is not available), then dynamic code analysis must be performed (see SA-11 (8))" + } + ] } ] } ] }, { - "control-id": "si-7.1", + "control-id": "sc-7", "adds": [ { - "position": "starting", - "by-id": "si-7.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, + "position": "ending", + "by-id": "sc-7_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" + "id": "sc-7_fr", + "name": "item", + "title": "SC-7 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-7_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "(b) Guidance:" + } + ], + "prose": "SC-7 (b) should be met by subnet isolation. A subnetwork (subnet) is a physically or logically segmented section of a larger network defined at TCP/IP Layer 3, to both minimize traffic and, important for a FedRAMP Authorization, add a crucial layer of network isolation. Subnets are distinct from VLANs (Layer 2), security groups, and VPCs and are specifically required to satisfy SC-7 part b and other controls. See the FedRAMP Subnets White Paper (https://www.fedramp.gov/assets/resources/documents/FedRAMP_subnets_white_paper.pdf) for additional information." + } + ] } ] - }, + } + ] + }, + { + "control-id": "sc-7.5", + "adds": [ { - "position": "starting", - "by-id": "si-7.1_smt", - "props": [ + "position": "ending", + "by-id": "sc-7.5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-7.5_fr", + "name": "item", + "title": "SC-7 (5) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-7.5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For JAB Authorization, CSPs shall include details of this control in their Architecture Briefing" + } + ] } ] - }, + } + ] + }, + { + "control-id": "sc-8", + "adds": [ { - "position": "starting", - "by-id": "si-7.1", - "props": [ + "position": "ending", + "by-id": "sc-8_smt", + "parts": [ { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" + "id": "sc-8_fr", + "name": "item", + "title": "SC-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.\n\n\n\nFor clarity, this control applies to all data in transit. Examples include the following data flows:\n\n* Crossing the system boundary\n* Between compute instances - including containers\n* From a compute instance to storage\n* Replication between availability zones\n* Transmission of backups to storage\n* From a load balancer to a compute instance\n* Flows from management tools required for their work – e.g. log collection, scanning, etc.\n\n\n\n\nThe following applies only when choosing SC-8 (5) in lieu of SC-8 (1).\n\nFedRAMP-Defined Assignment / Selection Parameters\n\nSC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]\n\nSC-8 (5)-2 [prevent unauthorized disclosure of information AND detect changes to information]" + }, + { + "id": "sc-8_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.\n\n\n\nHardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).\n\n\n\nControlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS’s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS’ recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).\n\n\n\nNote: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.\n\n\n\nCNSSI No.7003 can be accessed here:\n\nhttps://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf\n\n\n\nDHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:\n\nhttps://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf" + } + ] } ] } ] }, { - "control-id": "si-7.7", + "control-id": "sc-8.1", "adds": [ { - "position": "starting", - "by-id": "si-7.7_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "sc-8.1_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" + "id": "sc-8.1_fr", + "name": "item", + "title": "SC-8 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-8.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Please ensure SSP Section 10.3 Cryptographic Modules Implemented for Data At Rest (DAR) and Data In Transit (DIT) is fully populated for reference in this control." + }, + { + "id": "sc-8.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See M-22-09, including \\\"Agencies encrypt all DNS requests and HTTP traffic within their environment\\\"\n\nSC-8 (1) applies when encryption has been selected as the method to protect confidentiality and integrity. Otherwise refer to SC-8 (5). SC-8 (1) is strongly encouraged." + }, + { + "id": "sc-8.1_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.)" + }, + { + "id": "sc-8.1_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When leveraging encryption from the underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + } + ] } ] - }, + } + ] + }, + { + "control-id": "sc-12", + "adds": [ { - "position": "starting", - "by-id": "si-7.7_smt", - "props": [ + "position": "ending", + "by-id": "sc-12_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-12_fr", + "name": "item", + "title": "SC-12 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-12_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See references in NIST 800-53 documentation." + }, + { + "id": "sc-12_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Must meet applicable Federal Cryptographic Requirements. See References Section of control." + }, + { + "id": "sc-12_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Wildcard certificates may be used internally within the system, but are not permitted for external customer access to the system." + } + ] } ] } ] }, { - "control-id": "si-8", + "control-id": "sc-13", "adds": [ { "position": "ending", - "by-id": "si-8_smt", + "by-id": "sc-13_smt", "parts": [ { - "id": "si-8_fr", + "id": "sc-13_fr", "name": "item", - "title": "SI-8 Additional FedRAMP Requirements and Guidance", + "title": "SC-13 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-8_fr_gdn.1", + "id": "sc-13_fr_gdn.1", "name": "guidance", "props": [ { @@ -36099,10 +4832,10 @@ "value": "Guidance:" } ], - "prose": "When CSO sends email on behalf of the government as part of the business offering, Control Description should include implementation of Domain-based Message Authentication, Reporting & Conformance (DMARC) on the sending domain for outgoing messages as described in DHS Binding Operational Directive (BOD) 18-01.\n\nhttps://cyber.dhs.gov/bod/18-01/" + "prose": "This control applies to all use of cryptography. In addition to encryption, this includes functions such as hashing, random number generation, and key generation. Examples include the following:\n\n* Encryption of data\n* Decryption of data\n* Generation of one time passwords (OTPs) for MFA\n* Protocols such as TLS, SSH, and HTTPS\n\n\n\n\nThe requirement for FIPS 140 validation, as well as timelines for acceptance of FIPS 140-2, and 140-3 can be found at the NIST Cryptographic Module Validation Program (CMVP).\n\nhttps://csrc.nist.gov/projects/cryptographic-module-validation-program" }, { - "id": "si-8_fr_gdn.2", + "id": "sc-13_fr_gdn.2", "name": "guidance", "props": [ { @@ -36110,96 +4843,61 @@ "value": "Guidance:" } ], - "prose": "CSPs should confirm DMARC configuration (where appropriate) to ensure that policy=reject and the rua parameter includes reports@dmarc.cyber.dhs.gov. DMARC compliance should be documented in the SI-08 control implementation solution description, and list the FROM: domain(s) that will be seen by email recipients." + "prose": "For NSA-approved cryptography, the National Information Assurance Partnership (NIAP) oversees a national program to evaluate Commercial IT Products for Use in National Security Systems. The NIAP Product Compliant List can be found at the following location:\n\nhttps://www.niap-ccevs.org/Product/index.cfm" + }, + { + "id": "sc-13_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + }, + { + "id": "sc-13_fr_gdn.4", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Moving to non-FIPS CM or product is acceptable when:\n\n* FIPS validated version has a known vulnerability\n* Feature with vulnerability is in use\n* Non-FIPS version fixes the vulnerability\n* Non-FIPS version is submitted to NIST for FIPS validation\n* POA&M is added to track approval, and deployment when ready\n" + }, + { + "id": "sc-13_fr_gdn.5", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "At a minimum, this control applies to cryptography in use for the following controls: AU-9(3), CP-9(8), IA-2(6), IA-5(1), MP-5, SC-8(1), and SC-28(1)." } ] } ] - }, - { - "position": "starting", - "by-id": "si-8_obj.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-8_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-8_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-8_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "si-10", + "control-id": "sc-15", "adds": [ { "position": "ending", - "by-id": "si-10_smt", + "by-id": "sc-15_smt", "parts": [ { - "id": "si-10_fr", + "id": "sc-15_fr", "name": "item", - "title": "SI-10 Additional FedRAMP Requirements and Guidance", + "title": "SC-15 Additional FedRAMP Requirements and Guidance", "parts": [ { - "id": "si-10_fr_smt.1", + "id": "sc-15_fr_smt.1", "name": "item", "props": [ { @@ -36207,748 +4905,414 @@ "value": "Requirement:" } ], - "prose": "Validate all information inputs and document any exceptions" + "prose": "The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use." } ] } ] - }, - { - "position": "starting", - "by-id": "si-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-10_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "si-10", - "props": [ - { - "name": "CORE", - "ns": "https://fedramp.gov/ns/oscal", - "value": "true" - } - ] - } - ] - }, - { - "control-id": "si-8.2", - "adds": [ - { - "position": "starting", - "by-id": "si-8.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "si-8.2_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, { - "control-id": "sr-1", + "control-id": "sc-20", "adds": [ { - "position": "starting", - "by-id": "sr-1_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a.1.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.a.1.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.c.1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_obj.c.2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-1_smt.c", - "props": [ + "position": "ending", + "by-id": "sc-20_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point.", - "remarks": "This response must address all control sub-statement requirements." + "id": "sc-20_fr", + "name": "item", + "title": "SC-20 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-20_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Control Description should include how DNSSEC is implemented on authoritative DNS servers to supply valid responses to external DNSSEC requests." + }, + { + "id": "sc-20_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SC-20 applies to use of external authoritative DNS to access a CSO from outside the boundary." + }, + { + "id": "sc-20_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "External authoritative DNS servers may be located outside an authorized environment. Positioning these servers inside an authorized boundary is encouraged." + }, + { + "id": "sc-20_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "CSPs are recommended to self-check DNSSEC configuration through one of many available analyzers such as Sandia National Labs (https://dnsviz.net)" + } + ] } ] } ] }, { - "control-id": "sr-10", + "control-id": "sc-21", "adds": [ { - "position": "starting", - "by-id": "sr-10_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-10_smt", - "props": [ + "position": "ending", + "by-id": "sc-21_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-21_fr", + "name": "item", + "title": "SC-21 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-21_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Control description should include how DNSSEC is implemented on recursive DNS servers to make DNSSEC requests when resolving DNS requests from internal components to domains external to the CSO boundary.\n\n* If the reply is signed, and fails DNSSEC, do not use the reply\n* If the reply is unsigned: * CSP chooses the policy to apply \n" + }, + { + "id": "sc-21_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Internal recursive DNS servers must be located inside an authorized environment. It is typically within the boundary, or leveraged from an underlying IaaS/PaaS." + }, + { + "id": "sc-21_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Accepting an unsigned reply is acceptable" + }, + { + "id": "sc-21_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "SC-21 applies to use of internal recursive DNS to access a domain outside the boundary by a component inside the boundary.\n\n* DNSSEC resolution to access a component inside the boundary is excluded.\n" + } + ] } ] } ] }, { - "control-id": "sr-11.1", + "control-id": "sc-28", "adds": [ { - "position": "starting", - "by-id": "sr-11.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11.1_smt", - "props": [ + "position": "ending", + "by-id": "sc-28_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-28_fr", + "name": "item", + "title": "SC-28 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-28_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "The organization supports the capability to use cryptographic mechanisms to protect information at rest." + }, + { + "id": "sc-28_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured." + }, + { + "id": "sc-28_fr_gdn.3", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Note that this enhancement requires the use of cryptography in accordance with SC-13." + } + ] } ] } ] }, { - "control-id": "sr-11.2", + "control-id": "sc-28.1", "adds": [ { - "position": "starting", - "by-id": "sr-11.2_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11.2_smt", - "props": [ + "position": "ending", + "by-id": "sc-28.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-28.1_fr", + "name": "item", + "title": "SC-28 (1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-28.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Organizations should select a mode of protection that is targeted towards the relevant threat scenarios.\n\nExamples:\n\nA. Organizations may apply full disk encryption (FDE) to a mobile device where the primary threat is loss of the device while storage is locked.\n\nB. For a database application housing data for a single customer, encryption at the file system level would often provide more protection than FDE against the more likely threat of an intruder on the operating system accessing the storage.\n\nC. For a database application housing data for multiple customers, encryption with unique keys for each customer at the database record level may be more appropriate." + } + ] } ] } ] }, { - "control-id": "sr-12", + "control-id": "sc-45.1", "adds": [ { - "position": "starting", - "by-id": "sr-12_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-12_smt", - "props": [ + "position": "ending", + "by-id": "sc-45.1_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "sc-45.1_fr", + "name": "item", + "title": "SC-45(1) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "sc-45.1_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider selects primary and secondary time servers used by the NIST Internet time service. The secondary server is selected from a different geographic region than the primary server." + }, + { + "id": "sc-45.1_fr_smt.2", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "The service provider synchronizes the system clocks of network computers that run operating systems other than Windows to the Windows Server Domain Controller emulator or to the same time source for that server." + }, + { + "id": "sc-45.1_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "Synchronization of system clocks improves the accuracy of log analysis." + } + ] } ] } ] }, { - "control-id": "sr-2", - "adds": [ - { - "position": "starting", - "by-id": "sr-2_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-5", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-6", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-7", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-8", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.a-9", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-2_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, + "control-id": "si-4", + "adds": [ { - "position": "starting", - "by-id": "sr-2_smt.a", - "props": [ + "position": "ending", + "by-id": "si-4_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "si-4_fr", + "name": "item", + "title": "SI-4 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "si-4_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "See US-CERT Incident Response Reporting Guidelines." + } + ] } ] - }, + } + ] + }, + { + "control-id": "si-4.5", + "adds": [ { - "position": "starting", - "by-id": "sr-2_smt.b", - "props": [ + "position": "ending", + "by-id": "si-4.5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "si-4.5_fr", + "name": "item", + "title": "SI-4 (5) Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "si-4.5_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "In accordance with the incident response plan." + } + ] } ] - }, + } + ] + }, + { + "control-id": "si-5", + "adds": [ { - "position": "starting", - "by-id": "sr-2_smt.c", - "props": [ + "position": "ending", + "by-id": "si-5_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "si-5_fr_smt.1", + "name": "item", + "title": "SI-5 Additional FedRAMP Requirements and Guidance", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Service Providers must address the CISA Emergency and Binding Operational Directives applicable to their cloud service offering per FedRAMP guidance. This includes listing the applicable directives and stating compliance status." } ] } ] }, { - "control-id": "sr-2.1", + "control-id": "si-8", "adds": [ { - "position": "starting", - "by-id": "sr-2.1_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, + "position": "ending", + "by-id": "si-8_smt", + "parts": [ { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" + "id": "si-8_fr", + "name": "item", + "title": "SI-8 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "si-8_fr_gdn.1", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "When CSO sends email on behalf of the government as part of the business offering, Control Description should include implementation of Domain-based Message Authentication, Reporting & Conformance (DMARC) on the sending domain for outgoing messages as described in DHS Binding Operational Directive (BOD) 18-01.\n\nhttps://cyber.dhs.gov/bod/18-01/" + }, + { + "id": "si-8_fr_gdn.2", + "name": "guidance", + "props": [ + { + "name": "label", + "value": "Guidance:" + } + ], + "prose": "CSPs should confirm DMARC configuration (where appropriate) to ensure that policy=reject and the rua parameter includes reports@dmarc.cyber.dhs.gov. DMARC compliance should be documented in the SI-08 control implementation solution description, and list the FROM: domain(s) that will be seen by email recipients." + } + ] } ] - }, + } + ] + }, + { + "control-id": "si-10", + "adds": [ { - "position": "starting", - "by-id": "sr-2.1_smt", - "props": [ + "position": "ending", + "by-id": "si-10_smt", + "parts": [ { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." + "id": "si-10_fr", + "name": "item", + "title": "SI-10 Additional FedRAMP Requirements and Guidance", + "parts": [ + { + "id": "si-10_fr_smt.1", + "name": "item", + "props": [ + { + "name": "label", + "value": "Requirement:" + } + ], + "prose": "Validate all information inputs and document any exceptions" + } + ] } ] } @@ -36980,176 +5344,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_obj.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-3_smt.c", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - } - ] - }, - { - "control-id": "sr-5", - "adds": [ - { - "position": "starting", - "by-id": "sr-5_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-5_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, @@ -37179,40 +5373,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-6_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "TEST", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-6_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, @@ -37242,40 +5402,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-8_obj", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-8_smt", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] }, @@ -37305,143 +5431,6 @@ ] } ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-1", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-2", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-3", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.a-4", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_obj.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "EXAMINE", - "class": "fedramp" - }, - { - "name": "method", - "ns": "https://fedramp.gov/ns/oscal", - "value": "INTERVIEW", - "class": "fedramp" - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_smt.a", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] - }, - { - "position": "starting", - "by-id": "sr-11_smt.b", - "props": [ - { - "name": "response-point", - "ns": "https://fedramp.gov/ns/oscal", - "value": "You must fill in this response point." - } - ] } ] } @@ -37475,7 +5464,7 @@ }, { "uuid": "051a77c1-b61d-4995-8275-dacfe688d510", - "title": "NIST Special Publication (SP) 800-53", + "title": "NIST Special Publication (SP) 800-53 revision 5", "props": [ { "name": "version", @@ -37484,8 +5473,8 @@ ], "rlinks": [ { - "href": "https://raw.githubusercontent.com/usnistgov/oscal-content/v1.2.0/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json", - "media-type": "application/json" + "href": "NIST_SP-800-53_rev5_catalog.json", + "media-type": "application/oscal+json" } ] } diff --git a/dist/content/rev5/baselines/xml/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.xml b/dist/content/rev5/baselines/xml/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.xml index ae6a2c9d5..0ce3c7ed1 100644 --- a/dist/content/rev5/baselines/xml/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.xml +++ b/dist/content/rev5/baselines/xml/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.xml @@ -1,11 +1,11 @@ + uuid="68275f5d-6150-4f90-aa61-b0479aabe6f0"> FedRAMP Rev 5 High Baseline 2023-08-31T00:00:00Z - 2024-01-19T14:49:42.881594-05:00 - 5.1.1+fedramp-20240111-0 + 2024-02-06T11:17:03.015838-05:00 + 5.1.1+20231218-1 1.1.1 @@ -120,6 +120,7 @@

events that would require procedures to be reviewed and updated are defined;

+ @@ -142,13 +143,6 @@ - - -

This response must address all control sub-statement requirements.

- -

Develop, document, and disseminate to :

@@ -170,20 +164,10 @@ -

Designate an to manage the development, documentation, and dissemination of the access control policy and procedures; and

 - - -

This response must address all control sub-statement requirements.

- -

Review and update the current access control:

@@ -204,57 +188,21 @@ - - -

an access control policy is developed and documented;

 - - -

the access control policy is disseminated to ;

 - -

access control procedures to facilitate the implementation of the access control policy and associated controls are developed and documented;

 - -

the access control procedures are disseminated to ;

@@ -262,13 +210,6 @@ - - @@ -308,13 +249,6 @@ - -

the access control policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

@@ -324,17 +258,6 @@ - - -

the is designated to manage the development, documentation, and dissemination of the access control policy and procedures;

@@ -342,17 +265,6 @@ - - - @@ -367,17 +279,6 @@ - - - @@ -496,7 +397,7 @@

the frequency of account review is defined;

- + @@ -536,30 +437,18 @@ -

Define and document the types of accounts allowed and specifically prohibited for use within the system;

 -

Assign account managers;

 -

Require for group and role membership;

 -

Specify:

@@ -576,30 +465,18 @@ -

Require approvals by for requests to create accounts;

 -

Create, enable, modify, disable, and remove accounts in accordance with ;

 -

Monitor the use of accounts;

 -

Notify account managers and within:

@@ -619,9 +496,6 @@ -

Authorize access to the system based on:

@@ -639,23 +513,14 @@ -

Review accounts for compliance with account management requirements ;

 -

Establish and implement a process for changing shared or group account authenticators (if deployed) when individuals are removed from the group; and

 -

Align account management processes with personnel termination and transfer processes.

 @@ -670,25 +535,11 @@ - -

account types allowed for use within the system are defined and documented;

 - -

account types specifically prohibited for use within the system are defined and documented;

@@ -696,46 +547,17 @@ - - -

account managers are assigned;

 - - -

for group and role membership are required;

 - - @@ -765,33 +587,11 @@ - - -

approvals are required by for requests to create accounts;

 - - - @@ -821,33 +621,11 @@ - - -

the use of accounts is monitored;

- - - @@ -869,49 +647,16 @@ - - -

access to the system is authorized based on a valid access authorization;

 - - -

access to the system is authorized based on intended system usage;

 - - -

access to the system is authorized based on ;

@@ -919,17 +664,6 @@ - - -

accounts are reviewed for compliance with account management requirements ;

@@ -937,33 +671,11 @@ - - -

a process is established for changing shared or group account authenticators (if deployed) when individuals are removed from the group;

 - - -

a process is implemented for changing shared or group account authenticators (if deployed) when individuals are removed from the group;

@@ -971,17 +683,6 @@ - - - @@ -1045,7 +746,7 @@

automated mechanisms used to support the management of system accounts are defined;

- + @@ -1054,26 +755,12 @@ value="organization"/> -

Support the management of system accounts using .

Automated system account management includes using automated mechanisms to create, enable, modify, disable, and remove accounts; notify account managers when an account is created, enabled, modified, disabled, or removed, or when users are terminated or transferred; monitor system account usage; and report atypical system account usage. Automated mechanisms can include internal system functions and email, telephonic, and text messaging notifications.

 - - -

the management of system accounts is supported using .

@@ -1133,7 +820,7 @@

the time period after which to automatically remove or disable temporary or emergency accounts is defined;

- + @@ -1142,22 +829,12 @@ value="system"/> -

Automatically temporary and emergency accounts after .

Management of temporary and emergency accounts includes the removal or disabling of such accounts automatically after a predefined time period rather than at the convenience of the system administrator. Automatic removal or disabling of accounts provides a more consistent implementation.

 - -

temporary and emergency accounts are automatically after .

@@ -1219,7 +896,7 @@

time period for account inactivity before disabling is defined;

- + @@ -1230,30 +907,18 @@

Disable accounts within when the accounts:

-

Have expired;

 -

Are no longer associated with a user or individual;

 -

Are in violation of organizational policy; or

 -

Have been inactive for .

 @@ -1279,65 +944,21 @@ - - -

accounts are disabled within when the accounts have expired;

 - - -

accounts are disabled within when the accounts are no longer associated with a user or individual;

 - - -

accounts are disabled within when the accounts are in violation of organizational policy;

 - - -

accounts are disabled within when the accounts have been inactive for .

@@ -1380,7 +1001,7 @@ Automated Audit Actions - + @@ -1391,26 +1012,12 @@ -

Automatically audit account creation, modification, enabling, disabling, and removal actions.

 -

Account management audit records are defined in accordance with AU-2 and reviewed, analyzed, and reported in accordance with AU-6.

+

Account management audit records are defined in accordance with AU-02 and reviewed, analyzed, and reported in accordance with AU-06.

 - - - @@ -1483,7 +1090,7 @@

the time period of expected inactivity or description of when to log out is defined;

- + @@ -1496,9 +1103,6 @@ -

Require that users log out when .

AC-2 (5) Additional FedRAMP Requirements and Guidance @@ -1512,17 +1116,6 @@

Inactivity logout is behavior- or policy-based and requires users to take physical action to log out when they are expecting inactivity longer than the defined period. Automatic enforcement of inactivity logout is addressed by AC-11.

 - - -

users are required to log out when .

@@ -1560,7 +1153,7 @@ an attribute-based access scheme - + @@ -1570,30 +1163,18 @@ -

Establish and administer privileged user accounts in accordance with ;

 -

Monitor privileged role or attribute assignments;

 -

Monitor changes to roles or attributes; and

 -

Revoke access when privileged role or attribute assignments are no longer appropriate.

 @@ -1604,65 +1185,21 @@ - - -

privileged user accounts are established and administered in accordance with ;

 - - -

privileged role or attribute assignments are monitored;

 - - -

changes to roles or attributes are monitored;

 - - -

access is revoked when privileged role or attribute assignments are no longer appropriate.

@@ -1717,7 +1254,7 @@

conditions for establishing shared and group accounts are defined;

- + @@ -1726,9 +1263,6 @@ value="organization"/> -

Only permit the use of shared and group accounts that meet .

AC-2 (9) Additional FedRAMP Requirements and Guidance @@ -1742,17 +1276,6 @@

Before permitting the use of shared or group accounts, organizations consider the increased risk due to the lack of accountability with such accounts.

 - - -

the use of shared and group accounts is only permitted if are met.

@@ -1802,7 +1325,7 @@

system accounts subject to enforcement of circumstances and/or usage conditions are defined;

- + @@ -1811,26 +1334,12 @@ value="system"/> -

Enforce for .

Specifying and enforcing usage conditions helps to enforce the principle of least privilege, increase user accountability, and enable effective account monitoring. Account monitoring includes alerts generated if the account is used in violation of organizational parameters. Organizations can describe specific conditions or circumstances under which system accounts can be used, such as by restricting usage to certain days of the week, time of day, or specific durations of time.

 - - -

for are enforced.

@@ -1887,7 +1396,7 @@

personnel or roles to report atypical usage is/are defined;

- + @@ -1905,16 +1414,10 @@ -

Monitor system accounts for ; and

 -

Report atypical usage of system accounts to .

 @@ -1936,33 +1439,11 @@ - - -

system accounts are monitored for ;

- - -

atypical usage of system accounts is reported to .

@@ -2022,7 +1503,7 @@

significant risks leading to disabling accounts are defined;

- + @@ -2033,26 +1514,12 @@ -

Disable accounts of individuals within of discovery of .

Users who pose a significant security and/or privacy risk include individuals for whom reliable evidence indicates either the intention to use authorized access to systems to cause harm or through whom adversaries will cause harm. Such harm includes adverse impacts to organizational operations, organizational assets, individuals, other organizations, or the Nation. Close coordination among system administrators, legal staff, human resource managers, and authorizing officials is essential when disabling system accounts for high-risk individuals.

 - - -

accounts of individuals are disabled within of discovery of .

@@ -2092,7 +1559,7 @@ Access Enforcement - + @@ -2152,26 +1619,12 @@ -

Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Access control policies control access between active entities or subjects (i.e., users or processes acting on behalf of users) and passive entities or objects (i.e., devices, files, records, domains) in organizational systems. In addition to enforcing authorized access at the system level and recognizing that systems can host many applications and services in support of mission and business functions, access enforcement mechanisms can also be employed at the application and service level to provide increased information security and privacy. In contrast to logical access controls that are implemented within the system, physical access controls are addressed by the controls in the Physical and Environmental Protection ( PE ) family.

 - - -

approved authorizations for logical access to information and system resources are enforced in accordance with applicable access control policies.

@@ -2217,6 +1670,7 @@

information flow control policies within the system and between connected systems are defined;

+ @@ -2245,9 +1699,6 @@ -

Enforce approved authorizations for controlling the flow of information within the system and between connected systems based on .

 @@ -2255,17 +1706,6 @@

Organizations commonly employ information flow control policies and enforcement mechanisms to control the flow of information between designated sources and destinations within systems and between connected systems. Flow control is based on the characteristics of the information and/or the information path. Enforcement occurs, for example, in boundary protection devices that employ rule sets or establish configuration settings that restrict system services, provide a packet-filtering capability based on header information, or provide a message-filtering capability based on message content. Organizations also consider the trustworthiness of filtering and/or inspection mechanisms (i.e., hardware, firmware, and software components) that are critical to information flow enforcement. Control enhancements 3 through 32 primarily address cross-domain solution needs that focus on more advanced filtering techniques, in-depth analysis, and stronger flow enforcement mechanisms implemented in cross-domain products, such as high-assurance guards. Such capabilities are generally not available in commercial off-the-shelf products. Information flow enforcement also applies to control plane traffic (e.g., routing and DNS).

 - - -

approved authorizations are enforced for controlling the flow of information within the system and between connected systems based on .

@@ -2335,6 +1775,7 @@

the organization-defined procedure or method used to prevent encrypted information from bypassing information flow control mechanisms is defined (if selected);

+ @@ -2344,9 +1785,6 @@ -

Prevent encrypted information from bypassing by .

AC-4 (4) Additional FedRAMP Requirements and Guidance @@ -2360,17 +1798,6 @@

Flow control mechanisms include content checking, security policy filters, and data type identifiers. The term encryption is extended to cover encoded data not recognized by filtering mechanisms.

 - - -

encrypted information is prevented from bypassing by .

@@ -2429,6 +1856,7 @@

required separations by types of information are defined;

+ @@ -2441,26 +1869,12 @@ -

Separate information flows logically or physically using to accomplish .

Enforcing the separation of information flows associated with defined types of data can enhance protection by ensuring that information is not commingled while in transit and by enabling flow control by transmission paths that are not otherwise achievable. Types of separable information include inbound and outbound communications traffic, service requests and responses, and information of differing security impact or classification levels.

 - - - @@ -2517,6 +1931,7 @@

duties of individuals requiring separation are defined;

+ @@ -2541,16 +1956,10 @@ -

Identify and document ; and

 -

Define system access authorizations to support separation of duties.

 @@ -2568,26 +1977,12 @@ - -

are identified and documented;

 - -

system access authorizations to support separation of duties are defined.

@@ -2627,7 +2022,7 @@ Least Privilege - + @@ -2647,26 +2042,12 @@ -

Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks.

Organizations employ least privilege for specific duties and systems. The principle of least privilege is also applied to system processes, ensuring that the processes have access to systems and operate at privilege levels no higher than necessary to accomplish organizational missions or business functions. Organizations consider the creation of additional processes, roles, and accounts as necessary to achieve least privilege. Organizations apply least privilege to the development, implementation, and operation of organizational systems.

 - - -

the principle of least privilege is employed, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks.

@@ -2745,6 +2126,7 @@

security-relevant information for authorized access is defined;

+ @@ -2760,17 +2142,11 @@

Authorize access for to:

-

; and

 -

.

@@ -2782,17 +2158,6 @@ - - - @@ -2812,17 +2177,6 @@ - - -

access is authorized for to .

@@ -2872,7 +2226,7 @@

security functions or security-relevant information, the access to which requires users to use non-privileged accounts to access non-security functions, are defined;

- + @@ -2885,9 +2239,6 @@ -

Require that users of system accounts (or roles) with access to use non-privileged accounts or roles, when accessing nonsecurity functions.

AC-6 (2) Additional FedRAMP Requirements and Guidance @@ -2901,17 +2252,6 @@

Requiring the use of non-privileged accounts when accessing nonsecurity functions limits exposure when operating from within privileged accounts or roles. The inclusion of roles addresses situations where organizations implement access control policies, such as role-based access control, and where a change of role provides the same degree of assurance in the change of access authorizations for the user and the processes acting on behalf of the user as would be provided by a change between a privileged and non-privileged account.

 - - -

users of system accounts (or roles) with access to are required to use non-privileged accounts or roles when accessing non-security functions.

@@ -2965,7 +2305,7 @@

compelling operational needs necessitating network access to privileged commands are defined;

- + @@ -2977,9 +2317,6 @@ -

Authorize network access to only for and document the rationale for such access in the security plan for the system.

 @@ -2988,29 +2325,11 @@ - - -

network access to is authorized only for ;

 - -

the rationale for authorizing network access to privileged commands is documented in the security plan for the system.

@@ -3054,7 +2373,7 @@

personnel or roles to which privileged accounts on the system are to be restricted is/are defined;

- + @@ -3066,26 +2385,12 @@ -

Restrict privileged accounts on the system to .

Privileged accounts, including super user accounts, are typically described as system administrator for various types of commercial off-the-shelf operating systems. Restricting privileged accounts to specific personnel or roles prevents day-to-day users from accessing privileged information or privileged functions. Organizations may differentiate in the application of restricting privileged accounts between allowed privileges for local accounts and for domain accounts provided that they retain the ability to control system configurations for key parameters and as otherwise necessary to sufficiently mitigate risk.

 - - -

privileged accounts on the system are restricted to .

@@ -3145,6 +2450,7 @@

roles or classes of users to which privileges are assigned are defined;

+ @@ -3155,16 +2461,10 @@ -

Review the privileges assigned to to validate the need for such privileges; and

 -

Reassign or remove privileges, if necessary, to correctly reflect organizational mission and business needs.

 @@ -3175,33 +2475,11 @@ - - -

privileges assigned to are reviewed to validate the need for such privileges;

 - - -

privileges are reassigned or removed, if necessary, to correctly reflect organizational mission and business needs.

@@ -3254,7 +2532,7 @@

software to be prevented from executing at higher privilege levels than users executing the software is defined;

- + @@ -3263,26 +2541,12 @@ value="system"/> -

Prevent the following software from executing at higher privilege levels than users executing the software: .

In certain situations, software applications or programs need to execute with elevated privileges to perform required functions. However, depending on the software functionality and configuration, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications or programs, those users may indirectly be provided with greater privileges than assigned.

 - - -

is prevented from executing at higher privilege levels than users executing the software.

@@ -3322,6 +2586,7 @@ Log Use of Privileged Functions + @@ -3333,26 +2598,12 @@ -

Log the execution of privileged functions.

The misuse of privileged functions, either intentionally or unintentionally by authorized users or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Logging and analyzing the use of privileged functions is one way to detect such misuse and, in doing so, help mitigate the risk from insider threats and the advanced persistent threat.

 - - -

the execution of privileged functions is logged.

@@ -3392,7 +2643,7 @@ Prohibit Non-privileged Users from Executing Privileged Functions - + @@ -3401,26 +2652,12 @@ value="system"/> -

Prevent non-privileged users from executing privileged functions.

Privileged functions include disabling, circumventing, or altering implemented security or privacy controls, establishing system accounts, performing system integrity checks, and administering cryptographic key management activities. Non-privileged users are individuals who do not possess appropriate authorizations. Privileged functions that require protection from non-privileged users include circumventing intrusion detection and prevention mechanisms or malicious code protection mechanisms. Preventing non-privileged users from executing privileged functions is enforced by AC-3.

 - - -

non-privileged users are prevented from executing privileged functions.

@@ -3501,6 +2738,7 @@

other action to be taken when the maximum number of unsuccessful attempts is exceeded is defined (if selected);

+ @@ -3516,16 +2754,10 @@ -

Enforce a limit of consecutive invalid logon attempts by a user during a ; and

 -

Automatically when the maximum number of unsuccessful attempts is exceeded.

 @@ -3543,33 +2775,11 @@ - - -

a limit of consecutive invalid logon attempts by a user during is enforced;

 - - -

automatically when the maximum number of unsuccessful attempts is exceeded.

@@ -3630,6 +2840,7 @@

conditions for system use to be displayed by the system before granting further access are defined;

+ @@ -3644,9 +2855,6 @@ -

Display to users before granting access to the system that provides privacy and security notices consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines and state that:

@@ -3667,16 +2875,10 @@ -

Retain the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the system; and

 -

For publicly accessible systems:

@@ -3718,64 +2920,25 @@ - - -

is displayed to users before granting access to the system that provides privacy and security notices consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

- -

the system use notification states that users are accessing a U.S. Government system;

 - -

the system use notification states that system usage may be monitored, recorded, and subject to audit;

 - -

the system use notification states that unauthorized use of the system is prohibited and subject to criminal and civil penalties; and

 - -

the system use notification states that use of the system indicates consent to monitoring and recording;

@@ -3783,29 +2946,11 @@ - - -

the notification message or banner is retained on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the system;

 - - @@ -3882,6 +3027,7 @@

the number of concurrent sessions to be allowed for each account and/or account type is defined;

+ @@ -3890,26 +3036,12 @@ value="system"/> -

Limit the number of concurrent sessions for each to .

Organizations may define the maximum number of concurrent sessions for system accounts globally, by account type, by account, or any combination thereof. For example, organizations may limit the number of concurrent sessions for system administrators or other individuals working in particularly sensitive domains or mission-critical applications. Concurrent session control addresses concurrent sessions for system accounts. It does not, however, address concurrent sessions by single users via multiple system accounts.

 - - -

the number of concurrent sessions for each is limited to .

@@ -3963,6 +3095,7 @@

time period of inactivity after which a device lock is initiated is defined (if selected);

+ @@ -3975,16 +3108,10 @@ -

Prevent further access to the system by ; and

 -

Retain the device lock until the user reestablishes access using established identification and authentication procedures.

 @@ -3995,33 +3122,11 @@ - - -

further access to the system is prevented by ;

 - - -

device lock is retained until the user re-establishes access using established identification and authentication procedures.

@@ -4060,6 +3165,7 @@ Pattern-hiding Displays + @@ -4068,26 +3174,12 @@ value="system"/> -

Conceal, via the device lock, information previously visible on the display with a publicly viewable image.

The pattern-hiding display can include static or dynamic images, such as patterns used with screen savers, photographic images, solid colors, clock, battery life indicator, or a blank screen with the caveat that controlled unclassified information is not displayed.

 - - -

information previously visible on the display is concealed, via device lock, with a publicly viewable image.

@@ -4131,6 +3223,7 @@

conditions or trigger events requiring session disconnect are defined;

+ @@ -4141,26 +3234,12 @@ -

Automatically terminate a user session after .

Session termination addresses the termination of user-initiated logical sessions (in contrast to SC-10 , which addresses the termination of network connections associated with communications sessions (i.e., network disconnect)). A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user) accesses an organizational system. Such user sessions can be terminated without terminating network sessions. Session termination ends all processes associated with a user’s logical session except for those processes that are specifically created by the user (i.e., session owner) to continue after the session is terminated. Conditions or trigger events that require automatic termination of the session include organization-defined periods of user inactivity, targeted responses to certain types of incidents, or time-of-day restrictions on system use.

 - - -

a user session is automatically terminated after .

@@ -4204,6 +3283,7 @@

user actions that can be performed on the system without identification or authentication are defined;

+ @@ -4215,16 +3295,10 @@ -

Identify that can be performed on the system without identification or authentication consistent with organizational mission and business functions; and

 -

Document and provide supporting rationale in the security plan for the system, user actions not requiring identification or authentication.

 @@ -4236,30 +3310,12 @@ - - -

that can be performed on the system without identification or authentication consistent with organizational mission and business functions are identified;

 - - @@ -4300,6 +3356,7 @@ Remote Access + @@ -4333,16 +3390,10 @@ -

Establish and document usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; and

 -

Authorize each type of remote access to the system prior to allowing such connections.

 @@ -4353,17 +3404,6 @@ - - - @@ -4383,17 +3423,6 @@ - - -

each type of remote access to the system is authorized prior to allowing such connections.

@@ -4432,6 +3461,7 @@ Monitoring and Control + @@ -4447,26 +3477,12 @@ -

Employ automated mechanisms to monitor and control remote access methods.

Monitoring and control of remote access methods allows organizations to detect attacks and help ensure compliance with remote access policies by auditing the connection activities of remote users on a variety of system components, including servers, notebook computers, workstations, smart phones, and tablets. Audit logging for remote access is enforced by AU-2 . Audit events are defined in AU-2a.

 - - - @@ -4513,7 +3529,7 @@ Protection of Confidentiality and Integrity Using Encryption - + @@ -4525,26 +3541,12 @@ -

Implement cryptographic mechanisms to protect the confidentiality and integrity of remote access sessions.

Virtual private networks can be used to protect the confidentiality and integrity of remote access sessions. Transport Layer Security (TLS) is an example of a cryptographic protocol that provides end-to-end communications security over networks and is used for Internet communications and online transactions.

 - - -

cryptographic mechanisms are implemented to protect the confidentiality and integrity of remote access sessions.

@@ -4582,6 +3584,7 @@ Managed Access Control Points + @@ -4591,26 +3594,12 @@ -

Route remote accesses through authorized and managed network access control points.

Organizations consider the Trusted Internet Connections (TIC) initiative DHS TIC requirements for external network connections since limiting the number of access control points for remote access reduces attack surfaces.

 - - -

remote accesses are routed through authorized and managed network access control points.

@@ -4662,6 +3651,7 @@

needs requiring access to security-relevant information via remote access are defined;

+ @@ -4674,16 +3664,10 @@ -

Authorize the execution of privileged commands and access to security-relevant information via remote access only in a format that provides assessable evidence and for the following needs: ; and

 -

Document the rationale for remote access in the security plan for the system.

 @@ -4696,65 +3680,21 @@ - - -

the execution of privileged commands via remote access is authorized only in a format that provides assessable evidence;

 - - -

access to security-relevant information via remote access is authorized only in a format that provides assessable evidence;

 - - -

the execution of privileged commands via remote access is authorized only for the following needs: ;

 - - -

access to security-relevant information via remote access is authorized only for the following needs: ;

@@ -4762,13 +3702,6 @@ - -

the rationale for remote access is documented in the security plan for the system.

@@ -4807,6 +3740,7 @@ Wireless Access + @@ -4830,16 +3764,10 @@ -

Establish configuration requirements, connection requirements, and implementation guidance for each type of wireless access; and

 -

Authorize each type of wireless access to the system prior to allowing such connections.

 @@ -4850,17 +3778,6 @@ - - - @@ -4880,17 +3797,6 @@ - - -

each type of wireless access to the system is authorized prior to allowing such connections.

@@ -4935,6 +3841,7 @@ devices + @@ -4946,9 +3853,6 @@ -

Protect wireless access to the system using authentication of and encryption.

 @@ -4957,33 +3861,11 @@ - - -

wireless access to the system is protected using authentication of ;

 - - -

wireless access to the system is protected using encryption.

@@ -5022,6 +3904,7 @@ Disable Wireless Networking + @@ -5033,26 +3916,12 @@ value="system"/> -

Disable, when not intended for use, wireless networking capabilities embedded within system components prior to issuance and deployment.

Wireless networking capabilities that are embedded within system components represent a significant potential vulnerability that can be exploited by adversaries. Disabling wireless capabilities when not needed for essential organizational missions or functions can reduce susceptibility to threats by adversaries involving wireless technologies.

 - - -

when not intended for use, wireless networking capabilities embedded within system components are disabled prior to issuance and deployment.

@@ -5088,6 +3957,7 @@ Restrict Configurations by Users + @@ -5098,26 +3968,12 @@ -

Identify and explicitly authorize users allowed to independently configure wireless networking capabilities.

Organizational authorizations to allow selected users to configure wireless networking capabilities are enforced, in part, by the access enforcement mechanisms employed within organizational systems.

 - - - @@ -5162,6 +4018,7 @@ Antennas and Transmission Power Levels + @@ -5171,9 +4028,6 @@ -

Select radio antennas and calibrate transmission power levels to reduce the probability that signals from wireless access points can be received outside of organization-controlled boundaries.

 @@ -5182,33 +4036,11 @@ - - -

radio antennas are selected to reduce the probability that signals from wireless access points can be received outside of organization-controlled boundaries;

 - - -

transmission power levels are calibrated to reduce the probability that signals from wireless access points can be received outside of organization-controlled boundaries.

@@ -5249,6 +4081,7 @@ Access Control for Mobile Devices + @@ -5281,16 +4114,10 @@ -

Establish configuration requirements, connection requirements, and implementation guidance for organization-controlled mobile devices, to include when such devices are outside of controlled areas; and

 -

Authorize the connection of mobile devices to organizational systems.

 @@ -5303,17 +4130,6 @@ - - - @@ -5333,17 +4149,6 @@ - - -

the connection of mobile devices to organizational systems is authorized.

@@ -5396,6 +4201,7 @@

mobile devices on which to employ encryption are defined;

+ @@ -5407,26 +4213,12 @@ -

Employ to protect the confidentiality and integrity of information on .

Container-based encryption provides a more fine-grained approach to data and information encryption on mobile devices, including encrypting selected data structures such as files, records, or fields.

 - - -

is employed to protect the confidentiality and integrity of information on .

@@ -5492,6 +4284,7 @@

types of external systems prohibited from use are defined;

+ @@ -5512,9 +4305,6 @@ -

, consistent with the trust relationships established with other organizations owning, operating, and/or maintaining external systems, allowing authorized individuals to:

@@ -5528,9 +4318,6 @@ -

Prohibit the use of .

 @@ -5553,17 +4340,6 @@ - - - @@ -5580,17 +4356,6 @@ - - -

the use of is prohibited (if applicable).

@@ -5629,6 +4394,7 @@ Limits on Authorized Use + @@ -5640,16 +4406,10 @@

Permit authorized individuals to use an external system to access the system or to process, store, or transmit organization-controlled information only after:

-

Verification of the implementation of controls on the external system as specified in the organization’s security and privacy policies and security and privacy plans; or

 -

Retention of approved system connection or processing agreements with the organizational entity hosting the external system.

 @@ -5660,33 +4420,11 @@ - - -

authorized individuals are permitted to use an external system to access the system or to process, store, or transmit organization-controlled information only after verification of the implementation of controls on the external system as specified in the organization’s security and privacy policies and security and privacy plans (if applicable);

 - - -

authorized individuals are permitted to use an external system to access the system or to process, store, or transmit organization-controlled information only after retention of approved system connection or processing agreements with the organizational entity hosting the external system (if applicable).

@@ -5729,6 +4467,7 @@

restrictions on the use of organization-controlled portable storage devices by authorized individuals on external systems are defined;

+ @@ -5739,26 +4478,12 @@ -

Restrict the use of organization-controlled portable storage devices by authorized individuals on external systems using .

Limits on the use of organization-controlled portable storage devices in external systems include restrictions on how the devices may be used and under what conditions the devices may be used.

 - - -

the use of organization-controlled portable storage devices by authorized individuals is restricted on external systems using .

@@ -5808,6 +4533,7 @@

automated mechanisms or manual processes that assist users in making information-sharing and collaboration decisions are defined;

+ @@ -5826,16 +4552,10 @@ -

Enable authorized users to determine whether access authorizations assigned to a sharing partner match the information’s access and use restrictions for ; and

 -

Employ to assist users in making information sharing and collaboration decisions.

 @@ -5846,33 +4566,11 @@ - - -

authorized users are enabled to determine whether access authorizations assigned to a sharing partner match the information’s access and use restrictions for ;

 - - -

are employed to assist users in making information-sharing and collaboration decisions.

@@ -5930,6 +4628,7 @@

the frequency at which to review the content on the publicly accessible system for non-public information is defined;

+ @@ -5943,30 +4642,18 @@ -

Designate individuals authorized to make information publicly accessible;

 -

Train authorized individuals to ensure that publicly accessible information does not contain nonpublic information;

 -

Review the proposed content of information prior to posting onto the publicly accessible system to ensure that nonpublic information is not included; and

 -

Review the content on the publicly accessible system for nonpublic information and remove such information, if discovered.

 @@ -5977,65 +4664,21 @@ - - -

designated individuals are authorized to make information publicly accessible;

 - - -

authorized individuals are trained to ensure that publicly accessible information does not contain non-public information;

 - - -

the proposed content of information is reviewed prior to posting onto the publicly accessible system to ensure that non-public information is not included;

 - - - @@ -6155,6 +4798,7 @@

events that would require procedures to be reviewed and updated are defined;

+ @@ -6175,13 +4819,6 @@ - - -

This response must address all control sub-statement requirements.

- -

Develop, document, and disseminate to :

@@ -6203,20 +4840,10 @@ -

Designate an to manage the development, documentation, and dissemination of the awareness and training policy and procedures; and

 - - -

This response must address all control sub-statement requirements.

- -

Review and update the current awareness and training:

@@ -6237,57 +4864,21 @@ - - -

an awareness and training policy is developed and documented;

- - -

the awareness and training policy is disseminated to ;

 - -

awareness and training procedures to facilitate the implementation of the awareness and training policy and associated access controls are developed and documented;

 - -

the awareness and training procedures are disseminated to .

@@ -6295,13 +4886,6 @@ - - @@ -6341,13 +4925,6 @@ - -

the awareness and training policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines; and

@@ -6357,17 +4934,6 @@ - - -

the is designated to manage the development, documentation, and dissemination of the awareness and training policy and procedures;

@@ -6375,17 +4941,6 @@ - - - @@ -6400,17 +4955,6 @@ - - - @@ -6507,6 +5051,7 @@

events that would require literacy training and awareness content to be updated are defined;

+ @@ -6540,9 +5085,6 @@ -

Provide security and privacy literacy training to system users (including managers, senior executives, and contractors):

@@ -6555,23 +5097,14 @@ -

Employ the following techniques to increase the security and privacy awareness of system users ;

 -

Update literacy training and awareness content and following ; and

 -

Incorporate lessons learned from internal or external security incidents or breaches into literacy training and awareness techniques.

 @@ -6587,65 +5120,21 @@ - - -

security literacy training is provided to system users (including managers, senior executives, and contractors) as part of initial training for new users;

 - - -

privacy literacy training is provided to system users (including managers, senior executives, and contractors) as part of initial training for new users;

 - - -

security literacy training is provided to system users (including managers, senior executives, and contractors) thereafter;

 - - -

privacy literacy training is provided to system users (including managers, senior executives, and contractors) thereafter;

@@ -6653,17 +5142,6 @@ - - - @@ -6680,30 +5158,12 @@ - -

are employed to increase the security and privacy awareness of system users;

 - - - @@ -6718,17 +5178,6 @@ - - -

lessons learned from internal or external security incidents or breaches are incorporated into literacy training and awareness techniques.

@@ -6768,6 +5217,7 @@ Insider Threat + @@ -6780,26 +5230,12 @@ -

Provide literacy training on recognizing and reporting potential indicators of insider threat.

Potential indicators and possible precursors of insider threat can include behaviors such as inordinate, long-term job dissatisfaction; attempts to gain access to information not required for job performance; unexplained access to financial resources; bullying or harassment of fellow employees; workplace violence; and other serious violations of policies, procedures, directives, regulations, rules, or practices. Literacy training includes how to communicate the concerns of employees and management regarding potential indicators of insider threat through channels established by the organization and in accordance with established policies and procedures. Organizations may consider tailoring insider threat awareness topics to the role. For example, training for managers may be focused on changes in the behavior of team members, while training for employees may be focused on more general observations.

 - - - @@ -6838,6 +5274,7 @@ Social Engineering and Mining + @@ -6849,26 +5286,12 @@ value="true"/> -

Provide literacy training on recognizing and reporting potential and actual instances of social engineering and social mining.

Social engineering is an attempt to trick an individual into revealing information or taking an action that can be used to breach, compromise, or otherwise adversely impact a system. Social engineering includes phishing, pretexting, impersonation, baiting, quid pro quo, thread-jacking, social media exploitation, and tailgating. Social mining is an attempt to gather information about the organization that may be used to support future attacks. Literacy training includes information on how to communicate the concerns of employees and management regarding potential and actual instances of social engineering and data mining through organizational channels based on established policies and procedures.

 - - - @@ -6961,6 +5384,7 @@

events that require role-based training content to be updated are defined;

+ @@ -6997,9 +5421,6 @@ -

Provide role-based security and privacy training to personnel with the following roles and responsibilities: :

@@ -7012,16 +5433,10 @@ -

Update role-based training content and following ; and

 -

Incorporate lessons learned from internal or external security incidents or breaches into role-based training.

 @@ -7035,17 +5450,6 @@ - - - @@ -7072,17 +5476,6 @@ - - - @@ -7099,13 +5492,6 @@ - - @@ -7120,17 +5506,6 @@ - - -

lessons learned from internal or external security incidents or breaches are incorporated into role-based training.

@@ -7181,6 +5556,7 @@

time period for retaining individual training records is defined;

+ @@ -7199,16 +5575,10 @@ -

Document and monitor information security and privacy training activities, including security and privacy awareness training and specific role-based security and privacy training; and

 -

Retain individual training records for .

 @@ -7219,17 +5589,6 @@ - - - @@ -7244,13 +5603,6 @@ - -

individual training records are retained for .

@@ -7356,6 +5708,7 @@

events that would require audit and accountability procedures to be reviewed and updated are defined;

+ @@ -7374,13 +5727,6 @@ - - -

This response must address all control sub-statement requirements.

- -

Develop, document, and disseminate to :

@@ -7402,20 +5748,10 @@ -

Designate an to manage the development, documentation, and dissemination of the audit and accountability policy and procedures; and

 - - -

This response must address all control sub-statement requirements.

- -

Review and update the current audit and accountability:

@@ -7436,57 +5772,21 @@ - - -

an audit and accountability policy is developed and documented;

 - - -

the audit and accountability policy is disseminated to ;

 - -

audit and accountability procedures to facilitate the implementation of the audit and accountability policy and associated audit and accountability controls are developed and documented;

 - -

the audit and accountability procedures are disseminated to ;

@@ -7494,13 +5794,6 @@ - - @@ -7540,13 +5833,6 @@ - -

the of the audit and accountability policy is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines;

@@ -7556,17 +5842,6 @@ - - -

the is designated to manage the development, documentation, and dissemination of the audit and accountability policy and procedures;

@@ -7574,17 +5849,6 @@ - - - @@ -7599,17 +5863,6 @@ - - - @@ -7690,7 +5943,7 @@

the frequency of event types selected for logging are reviewed and updated;

- + @@ -7735,37 +5988,22 @@ -

Identify the types of events that the system is capable of logging in support of the audit function: ;

 -

Coordinate the event logging function with other organizational entities requiring audit-related information to guide and inform the selection criteria for events to be logged;

 -

Specify the following event types for logging within the system: ;

 -

Provide a rationale for why the event types selected for logging are deemed to be adequate to support after-the-fact investigations of incidents; and

 -

Review and update the event types selected for logging .

 @@ -7789,34 +6027,12 @@ - - -

that the system is capable of logging are identified in support of the audit logging function;

 - - -

the event logging function is coordinated with other organizational entities requiring audit-related information to guide and inform the selection criteria for events to be logged;

@@ -7824,30 +6040,12 @@ - - -

are specified for logging within the system;

 - -

the specified event types are logged within the system ;

@@ -7855,29 +6053,11 @@ - - -

a rationale is provided for why the event types selected for logging are deemed to be adequate to support after-the-fact investigations of incidents;

 - -

the event types selected for logging are reviewed and updated .

@@ -7918,7 +6098,7 @@ Content of Audit Records - + @@ -7939,44 +6119,26 @@

Ensure that audit records contain information that establishes the following:

-

What type of event occurred;

 -

When the event occurred;

 -

Where the event occurred;

 -

Source of the event;

 -

Outcome of the event; and

 -

Identity of any individuals, subjects, or objects/entities associated with the event.

 @@ -7985,17 +6147,6 @@

Audit record content that may be necessary to support the auditing function includes event descriptions (item a), time stamps (item b), source and destination addresses (item c), user or process identifiers (items d and f), success or fail indications (item e), and filenames involved (items a, c, e, and f) . Event outcomes include indicators of event success or failure and event-specific results, such as the system security and privacy posture after the event occurred. Organizations consider how audit records can reveal information about individuals that may give rise to privacy risks and how best to mitigate such risks. For example, there is the potential to reveal personally identifiable information in the audit trail, especially if the trail records inputs or is based on patterns or time of usage.

 - - - @@ -8074,7 +6225,7 @@

additional information to be included in audit records is defined;

- + @@ -8083,9 +6234,6 @@ value="system"/> -

Generate audit records containing the following additional information: .

AU-3 (1) Additional FedRAMP Requirements and Guidance @@ -8099,17 +6247,6 @@

The ability to add information generated in audit records is dependent on system functionality to configure the audit record content. Organizations may consider additional information in audit records including, but not limited to, access control or flow control rules invoked and individual identities of group account users. Organizations may also consider limiting additional audit record information to only information that is explicitly needed for audit requirements. This facilitates the use of audit trails and audit logs by not including information in audit records that could potentially be misleading, make it more difficult to locate information of interest, or increase the risk to individuals' privacy.

 - - -

generated audit records contain the following .

@@ -8156,7 +6293,7 @@

audit log retention requirements are defined;

- + @@ -8176,26 +6313,12 @@ -

Allocate audit log storage capacity to accommodate .

Organizations consider the types of audit logging to be performed and the audit log processing requirements when allocating audit log storage capacity. Allocating sufficient audit log storage capacity reduces the likelihood of such capacity being exceeded and resulting in the potential loss or reduction of audit logging capability.

 - - -

audit log storage capacity is allocated to accommodate .

@@ -8259,7 +6382,7 @@

additional actions to be taken in the event of an audit logging process failure are defined;

- + @@ -8277,16 +6400,10 @@ -

Alert within in the event of an audit logging process failure; and

 -

Take the following additional actions: .

 @@ -8297,34 +6414,12 @@ - - -

are alerted in the event of an audit logging process failure within ;

 - - -

are taken in the event of an audit logging process failure.

@@ -8389,7 +6484,7 @@

percentage of repository maximum audit log storage capacity is defined;

- + @@ -8398,26 +6493,12 @@ value="system"/> -

Provide a warning to within when allocated audit log storage volume reaches of repository maximum audit log storage capacity.

Organizations may have multiple audit log storage repositories distributed across multiple system components with each repository having different storage volume capacities.

 - - -

a warning is provided to within when allocated audit log storage volume reaches of repository maximum audit log storage capacity.

@@ -8488,7 +6569,7 @@

audit logging failure events requiring real-time alerts are defined;

- + @@ -8497,26 +6578,12 @@ value="system"/> -

Provide an alert within to when the following audit failure events occur: .

Alerts provide organizations with urgent messages. Real-time alerts provide these messages at information technology speed (i.e., the time from event detection to alert occurs in seconds or less).

 - - -

an alert is provided within to when occur.

@@ -8572,7 +6639,7 @@

personnel or roles to receive findings from reviews and analyses of system records is/are defined;

- + @@ -8616,23 +6683,14 @@ -

Review and analyze system audit records for indications of and the potential impact of the inappropriate or unusual activity;

 -

Report findings to ; and

 -

Adjust the level of audit record review, analysis, and reporting within the system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.

 @@ -8650,49 +6708,16 @@ - - -

system audit records are reviewed and analyzed for indications of and the potential impact of the inappropriate or unusual activity;

 - - -

findings are reported to ;

 - - -

the level of audit record review, analysis, and reporting within the system is adjusted when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.

@@ -8728,7 +6753,7 @@

automated mechanisms used for integrating audit record review, analysis, and reporting processes are defined;

- + @@ -8741,26 +6766,12 @@ -

Integrate audit record review, analysis, and reporting processes using .

Organizational processes that benefit from integrated audit record review, analysis, and reporting include incident response, continuous monitoring, contingency planning, investigation and response to suspicious activities, and Inspector General audits.

 - - -

audit record review, analysis, and reporting processes are integrated using .

@@ -8798,7 +6809,7 @@ Correlate Audit Record Repositories - + @@ -8812,26 +6823,12 @@ -

Analyze and correlate audit records across different repositories to gain organization-wide situational awareness.

Organization-wide situational awareness includes awareness across all three levels of risk management (i.e., organizational level, mission/business process level, and information system level) and supports cross-organization awareness.

 - - -

audit records across different repositories are analyzed and correlated to gain organization-wide situational awareness.

@@ -8868,7 +6865,7 @@ Central Review and Analysis - + @@ -8882,26 +6879,12 @@ -

Provide and implement the capability to centrally review and analyze audit records from multiple components within the system.

Automated mechanisms for centralized reviews and analyses include Security Information and Event Management products.

 - - - @@ -8970,7 +6953,7 @@

data/information collected from other sources to be analyzed is defined (if selected);

- + @@ -8984,26 +6967,12 @@ -

Integrate analysis of audit records with analysis of to further enhance the ability to identify inappropriate or unusual activity.

Integrated analysis of audit records does not require vulnerability scanning, the generation of performance data, or system monitoring. Rather, integrated analysis requires that the analysis of information generated by scanning, monitoring, or other data collection activities is integrated with the analysis of audit record information. Security Information and Event Management tools can facilitate audit record aggregation or consolidation from multiple system components as well as audit record correlation and analysis. The use of standardized audit record analysis scripts developed by organizations (with localized script adjustments, as necessary) provides more cost-effective approaches for analyzing audit record information collected. The correlation of audit record information with vulnerability scanning information is important in determining the veracity of vulnerability scans of the system and in correlating attack detection events with scanning results. Correlation with performance data can uncover denial-of-service attacks or other types of attacks that result in the unauthorized use of resources. Correlation with system monitoring information can assist in uncovering attacks and in better relating audit information to operational situations.

 - - -

analysis of audit records is integrated with analysis of to further enhance the ability to identify inappropriate or unusual activity.

@@ -9040,7 +7009,7 @@ Correlation with Physical Monitoring - + @@ -9052,9 +7021,6 @@ value="true"/> -

Correlate information from audit records with information obtained from monitoring physical access to further enhance the ability to identify suspicious, inappropriate, unusual, or malevolent activity.

AU-6 (6) Additional FedRAMP Requirements and Guidance @@ -9068,17 +7034,6 @@

The correlation of physical audit record information and the audit records from systems may assist organizations in identifying suspicious behavior or supporting evidence of such behavior. For example, the correlation of an individual’s identity for logical access to certain systems with the additional physical security information that the individual was present at the facility when the logical access occurred may be useful in investigations.

 - - -

information from audit records is correlated with information obtained from monitoring physical access to further enhance the ability to identify suspicious, inappropriate, unusual, or malevolent activity.

@@ -9129,7 +7084,7 @@ user - + @@ -9141,26 +7096,12 @@ value="true"/> -

Specify the permitted actions for each associated with the review, analysis, and reporting of audit record information.

Organizations specify permitted actions for system processes, roles, and users associated with the review, analysis, and reporting of audit records through system account management activities. Specifying permitted actions on audit record information is a way to enforce the principle of least privilege. Permitted actions are enforced by the system and include read, write, execute, append, and delete.

 - - -

the permitted actions for each associated with the review, analysis, and reporting of audit record information are specified.

@@ -9195,6 +7136,7 @@ Audit Record Reduction and Report Generation + @@ -9220,16 +7162,10 @@

Provide and implement an audit record reduction and report generation capability that:

-

Supports on-demand audit record review, analysis, and reporting requirements and after-the-fact investigations of incidents; and

 -

Does not alter the original content or time ordering of audit records.

 @@ -9240,21 +7176,6 @@ - - - - @@ -9269,17 +7190,6 @@ - - - @@ -9333,6 +7243,7 @@

fields within audit records that can be processed, sorted, or searched are defined;

+ @@ -9344,26 +7255,12 @@ value="true"/> -

Provide and implement the capability to process, sort, and search audit records for events of interest based on the following content: .

Events of interest can be identified by the content of audit records, including system resources involved, information objects accessed, identities of individuals, event types, event locations, event dates and times, Internet Protocol addresses involved, or event success or failure. Organizations may define event criteria to any degree of granularity required, such as locations selectable by a general networking location or by specific system component.

 - - - @@ -9424,7 +7321,7 @@

granularity of time measurement for audit record timestamps is defined;

- + @@ -9437,16 +7334,10 @@ -

Use internal system clocks to generate time stamps for audit records; and

 -

Record time stamps for audit records that meet and that use Coordinated Universal Time, have a fixed local time offset from Coordinated Universal Time, or that include the local time offset as part of the time stamp.

 @@ -9457,33 +7348,11 @@ - - -

internal system clocks are used to generate timestamps for audit records;

 - - -

timestamps are recorded for audit records that meet and that use Coordinated Universal Time, have a fixed local time offset from Coordinated Universal Time, or include the local time offset as part of the timestamp.

@@ -9529,6 +7398,7 @@

personnel or roles to be alerted upon detection of unauthorized access, modification, or deletion of audit information is/are defined;

+ @@ -9554,16 +7424,10 @@ -

Protect audit information and audit logging tools from unauthorized access, modification, and deletion; and

 -

Alert upon detection of unauthorized access, modification, or deletion of audit information.

 @@ -9574,33 +7438,11 @@ - - -

audit information and audit logging tools are protected from unauthorized access, modification, and deletion;

 - - -

are alerted upon detection of unauthorized access, modification, or deletion of audit information.

@@ -9654,6 +7496,7 @@

the frequency of storing audit records in a repository is defined;

+ @@ -9664,26 +7507,12 @@ -

Store audit records in a repository that is part of a physically different system or system component than the system or component being audited.

Storing audit records in a repository separate from the audited system or system component helps to ensure that a compromise of the system being audited does not also result in a compromise of the audit records. Storing audit records on separate physical systems or components also preserves the confidentiality and integrity of audit records and facilitates the management of audit records as an organization-wide activity. Storing audit records on separate systems or components applies to initial generation as well as backup or long-term storage of audit records.

 - - -

audit records are stored in a repository that is part of a physically different system or system component than the system or component being audited.

@@ -9723,6 +7552,7 @@ Cryptographic Protection + @@ -9734,9 +7564,6 @@ -

Implement cryptographic mechanisms to protect the integrity of audit information and audit tools.

AU-9 (3) Additional FedRAMP Requirements and Guidance @@ -9750,17 +7577,6 @@

Cryptographic mechanisms used for protecting the integrity of audit information include signed hash functions using asymmetric cryptography. This enables the distribution of the public key to verify the hash information while maintaining the confidentiality of the secret key used to generate the hash.

 - - -

cryptographic mechanisms to protect the integrity of audit information and audit tools are implemented.

@@ -9807,6 +7623,7 @@

a subset of privileged users or roles authorized to access management of audit logging functionality is defined;

+ @@ -9816,26 +7633,12 @@ -

Authorize access to management of audit logging functionality to only .

Individuals or roles with privileged access to a system and who are also the subject of an audit by that system may affect the reliability of the audit information by inhibiting audit activities or modifying audit records. Requiring privileged access to be further defined between audit-related privileges and other privileges limits the number of users or roles with audit-related privileges.

 - - -

access to management of audit logging functionality is authorized only to .

@@ -9889,7 +7692,7 @@

actions to be covered by non-repudiation are defined;

- + @@ -9914,26 +7717,12 @@ -

Provide irrefutable evidence that an individual (or process acting on behalf of an individual) has performed .

Types of individual actions covered by non-repudiation include creating information, sending and receiving messages, and approving information. Non-repudiation protects against claims by authors of not having authored certain documents, senders of not having transmitted messages, receivers of not having received messages, and signatories of not having signed documents. Non-repudiation services can be used to determine if information originated from an individual or if an individual took specific actions (e.g., sending an email, signing a contract, approving a procurement request, or receiving specific information). Organizations obtain non-repudiation services by employing various techniques or mechanisms, including digital signatures and digital message receipts.

 - - -

irrefutable evidence is provided that an individual (or process acting on behalf of an individual) has performed .

@@ -9982,7 +7771,7 @@

a time period to retain audit records that is consistent with the records retention policy is defined;

- + @@ -10000,9 +7789,6 @@ -

Retain audit records for to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.

AU-11 Additional FedRAMP Requirements and Guidance @@ -10024,17 +7810,6 @@

Organizations retain audit records until it is determined that the records are no longer needed for administrative, legal, audit, or other operational purposes. This includes the retention and availability of audit records relative to Freedom of Information Act (FOIA) requests, subpoenas, and law enforcement actions. Organizations develop standard categories of audit records relative to such types of actions and standard response processes for each type of action. The National Archives and Records Administration (NARA) General Records Schedules provide federal policy on records retention.

 - - -

audit records are retained for to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.

@@ -10084,7 +7859,7 @@

personnel or roles allowed to select the event types that are to be logged by specific components of the system is/are defined;

- + @@ -10112,23 +7887,14 @@ -

Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2a on ;

 -

Allow to select the event types that are to be logged by specific components of the system; and

 -

Generate audit records for the event types defined in AU-2c that include the audit record content defined in AU-3.

 @@ -10139,46 +7905,17 @@ - - -

audit record generation capability for the event types the system is capable of auditing (defined in AU-02_ODP[01]) is provided by ;

 - - -

is/are allowed to select the event types that are to be logged by specific components of the system;

 - -

audit records for the event types defined in AU-02_ODP[02] that include the audit record content defined in AU-03 are generated.

@@ -10236,7 +7973,7 @@

level of tolerance for the relationship between timestamps of individual records in the audit trail is defined;

- + @@ -10247,26 +7984,12 @@ -

Compile audit records from into a system-wide (logical or physical) audit trail that is time-correlated to within .

Audit trails are time-correlated if the time stamps in the individual audit records can be reliably related to the time stamps in other audit records to achieve a time ordering of the records within organizational tolerances.

 - - -

audit records from are compiled into a system-wide (logical or physical) audit trail that is time-correlated to within .

@@ -10340,7 +8063,7 @@

time thresholds in which logging actions are to change is defined;

- + @@ -10350,26 +8073,12 @@ -

Provide and implement the capability for to change the logging to be performed on based on within .

Permitting authorized individuals to make changes to system logging enables organizations to extend or limit logging as necessary to meet organizational requirements. Logging that is limited to conserve system resources may be extended (either temporarily or permanently) to address certain threat situations. In addition, logging may be limited to a specific set of event types to facilitate audit reduction, analysis, and reporting. Organizations can establish time thresholds in which logging actions are changed (e.g., near real-time, within minutes, or within hours).

 - - - @@ -10489,6 +8198,7 @@

events that would require assessment, authorization, and monitoring procedures to be reviewed and updated are defined;

+ @@ -10513,13 +8223,6 @@ - - -

This response must address all control sub-statement requirements.

- -

Develop, document, and disseminate to :

@@ -10541,20 +8244,10 @@ -

Designate an to manage the development, documentation, and dissemination of the assessment, authorization, and monitoring policy and procedures; and

 - - -

This response must address all control sub-statement requirements.

- -

Review and update the current assessment, authorization, and monitoring:

@@ -10575,57 +8268,21 @@ - - -

an assessment, authorization, and monitoring policy is developed and documented;

 - - -

the assessment, authorization, and monitoring policy is disseminated to ;

 - -

assessment, authorization, and monitoring procedures to facilitate the implementation of the assessment, authorization, and monitoring policy and associated assessment, authorization, and monitoring controls are developed and documented;

 - -

the assessment, authorization, and monitoring procedures are disseminated to ;

@@ -10633,13 +8290,6 @@ - - @@ -10679,13 +8329,6 @@ - -

the assessment, authorization, and monitoring policy is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines;

@@ -10695,17 +8338,6 @@ - - -

the is designated to manage the development, documentation, and dissemination of the assessment, authorization, and monitoring policy and procedures;

@@ -10713,17 +8345,6 @@ - - - @@ -10738,17 +8359,6 @@ - - - @@ -10809,6 +8419,7 @@

individuals or roles to whom control assessment results are to be provided are defined;

+ @@ -10843,16 +8454,10 @@ -

Select the appropriate assessor or assessment team for the type of assessment to be conducted;

 -

Develop a control assessment plan that describes the scope of the assessment including:

@@ -10869,30 +8474,18 @@ -

Ensure the control assessment plan is reviewed and approved by the authorizing official or designated representative prior to conducting the assessment;

 -

Assess the controls in the system and its environment of operation to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security and privacy requirements;

 -

Produce a control assessment report that document the results of the assessment; and

 -

Provide the results of the control assessment to .

 @@ -10914,13 +8507,6 @@ - -

an appropriate assessor or assessment team is selected for the type of assessment to be conducted;

@@ -10928,49 +8514,16 @@ - - -

a control assessment plan is developed that describes the scope of the assessment, including controls and control enhancements under assessment;

 - - -

a control assessment plan is developed that describes the scope of the assessment, including assessment procedures to be used to determine control effectiveness;

 - - - @@ -10992,33 +8545,11 @@ - - -

the control assessment plan is reviewed and approved by the authorizing official or designated representative prior to conducting the assessment;

 - - - @@ -11033,25 +8564,11 @@ - -

a control assessment report is produced that documents the results of the assessment;

 - -

the results of the control assessment are provided to .

@@ -11089,6 +8606,7 @@ Independent Assessors + @@ -11100,9 +8618,6 @@ value="true"/> -

Employ independent assessors or assessment teams to conduct control assessments.

CA-2 (1) Additional FedRAMP Requirements and Guidance @@ -11118,17 +8633,6 @@

When organizations that own the systems are small or the structures of the organizations require that assessments be conducted by individuals that are in the developmental, operational, or management chain of the system owners, independence in assessment processes can be achieved by ensuring that assessment results are carefully reviewed and analyzed by independent teams of experts to validate the completeness, accuracy, integrity, and reliability of the results. Assessments performed for purposes other than to support authorization decisions are more likely to be useable for such decisions when performed by assessors with sufficient independence, thereby reducing the need to repeat assessments.

 - - -

independent assessors or assessment teams are employed to conduct control assessments.

@@ -11197,6 +8701,7 @@

other forms of assessment are defined (if selected);

+ @@ -11210,9 +8715,6 @@ -

Include as part of control assessments, , , .

CA-2 (2) Additional FedRAMP Requirements and Guidance @@ -11226,17 +8728,6 @@

Organizations can conduct specialized assessments, including verification and validation, system monitoring, insider threat assessments, malicious user testing, and other forms of testing. These assessments can improve readiness by exercising organizational capabilities and indicating current levels of performance as a means of focusing actions to improve security and privacy. Organizations conduct specialized assessments in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Authorizing officials approve the assessment methods in coordination with the organizational risk executive function. Organizations can include vulnerabilities uncovered during assessments into vulnerability remediation processes. Specialized assessments can also be conducted early in the system development life cycle (e.g., during initial design, development, and unit testing).

 - - -

@@ -11304,6 +8795,7 @@

requirements to be met by the control assessment performed by an external organization on the system are defined;

+ @@ -11316,26 +8808,12 @@ -

Leverage the results of control assessments performed by on when the assessment meets .

Organizations may rely on control assessments of organizational systems by other (external) organizations. Using such assessments and reusing existing assessment evidence can decrease the time and resources required for assessments by limiting the independent assessment activities that organizations need to perform. The factors that organizations consider in determining whether to accept assessment results from external organizations can vary. Such factors include the organization’s past experience with the organization that conducted the assessment, the reputation of the assessment organization, the level of detail of supporting assessment evidence provided, and mandates imposed by applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Accredited testing laboratories that support the Common Criteria Program ISO 15408-1 , the NIST Cryptographic Module Validation Program (CMVP), or the NIST Cryptographic Algorithm Validation Program (CAVP) can provide independent assessment results that organizations can leverage.

 - - -

the results of control assessments performed by on are leveraged when the assessment meets .

@@ -11399,6 +8877,7 @@

the frequency at which to review and update agreements is defined;

+ @@ -11425,23 +8904,14 @@ -

Approve and manage the exchange of information between the system and other systems using ;

 -

Document, as part of each exchange agreement, the interface characteristics, security and privacy requirements, controls, and responsibilities for each system, and the impact level of the information communicated; and

 -

Review and update the agreements .

 @@ -11453,29 +8923,11 @@ - - -

the exchange of information between the system and other systems is approved and managed using ;

 - - @@ -11510,17 +8962,6 @@ - - -

agreements are reviewed and updated .

@@ -11559,6 +9000,7 @@ Transfer Authorizations + @@ -11576,26 +9018,12 @@ -

Verify that individuals or systems transferring data between interconnecting systems have the requisite authorizations (i.e., write permissions or privileges) prior to accepting such data.

To prevent unauthorized individuals and systems from making information transfers to protected systems, the protected system verifies—via independent means— whether the individual or system attempting to transfer information is authorized to do so. Verification of the authorization to transfer information also applies to control plane traffic (e.g., routing and DNS) and services (e.g., authenticated SMTP relays).

 - - -

individuals or systems transferring data between interconnecting systems have the requisite authorizations (i.e., write permissions or privileges) prior to accepting such data.

@@ -11652,6 +9080,7 @@

the frequency at which to update an existing plan of action and milestones based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities is defined;

+ @@ -11672,16 +9101,10 @@ -

Develop a plan of action and milestones for the system to document the planned remediation actions of the organization to correct weaknesses or deficiencies noted during the assessment of the controls and to reduce or eliminate known vulnerabilities in the system; and

 -

Update existing plan of action and milestones based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities.

 @@ -11703,33 +9126,11 @@ - - -

a plan of action and milestones for the system is developed to document the planned remediation actions of the organization to correct weaknesses or deficiencies noted during the assessment of the controls and to reduce or eliminate known vulnerabilities in the system;

 - - -

existing plan of action and milestones are updated based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities.

@@ -11780,6 +9181,7 @@

frequency at which to update the authorizations is defined;

+ @@ -11802,23 +9204,14 @@ -

Assign a senior official as the authorizing official for the system;

 -

Assign a senior official as the authorizing official for common controls available for inheritance by organizational systems;

 -

Ensure that the authorizing official for the system, before commencing operations:

@@ -11831,16 +9224,10 @@ -

Ensure that the authorizing official for common controls authorizes the use of those controls for inheritance by organizational systems;

 -

Update the authorizations .

 @@ -11859,33 +9246,11 @@ - - -

a senior official is assigned as the authorizing official for the system;

 - - -

a senior official is assigned as the authorizing official for common controls available for inheritance by organizational systems;

@@ -11893,33 +9258,11 @@ - - -

before commencing operations, the authorizing official for the system accepts the use of common controls inherited by the system;

 - - -

before commencing operations, the authorizing official for the system authorizes the system to operate;

@@ -11927,29 +9270,11 @@ - - -

the authorizing official for common controls authorizes the use of those controls for inheritance by organizational systems;

 - -

the authorizations are updated .

@@ -12038,6 +9363,7 @@

frequency at which the privacy status of the system is reported is defined;

+ @@ -12109,51 +9435,30 @@

Develop a system-level continuous monitoring strategy and implement continuous monitoring in accordance with the organization-level continuous monitoring strategy that includes:

-

Establishing the following system-level metrics to be monitored: ;

 -

Establishing for monitoring and for assessment of control effectiveness;

 -

Ongoing control assessments in accordance with the continuous monitoring strategy;

 -

Ongoing monitoring of system and organization-defined metrics in accordance with the continuous monitoring strategy;

 -

Correlation and analysis of information generated by control assessments and monitoring;

 -

Response actions to address results of the analysis of control assessment and monitoring information; and

 -

Reporting the security and privacy status of the system to .

@@ -12181,65 +9486,21 @@ - - -

a system-level continuous monitoring strategy is developed;

 - - -

system-level continuous monitoring is implemented in accordance with the organization-level continuous monitoring strategy;

 - - -

system-level continuous monitoring includes establishment of the following system-level metrics to be monitored: ;

 - - - @@ -12254,81 +9515,26 @@ - - -

system-level continuous monitoring includes ongoing control assessments in accordance with the continuous monitoring strategy;

 - - -

system-level continuous monitoring includes ongoing monitoring of system and organization-defined metrics in accordance with the continuous monitoring strategy;

 - - -

system-level continuous monitoring includes correlation and analysis of information generated by control assessments and monitoring;

 - - -

system-level continuous monitoring includes response actions to address the results of the analysis of control assessment and monitoring information;

 - - - @@ -12386,6 +9592,7 @@ Independent Assessment + @@ -12397,26 +9604,12 @@ value="true"/> -

Employ independent assessors or assessment teams to monitor the controls in the system on an ongoing basis.

Organizations maximize the value of control assessments by requiring that assessments be conducted by assessors with appropriate levels of independence. The level of required independence is based on organizational continuous monitoring strategies. Assessor independence provides a degree of impartiality to the monitoring process. To achieve such impartiality, assessors do not create a mutual or conflicting interest with the organizations where the assessments are being conducted, assess their own work, act as management or employees of the organizations they are serving, or place themselves in advocacy positions for the organizations acquiring their services.

 - - -

independent assessors or assessment teams are employed to monitor the controls in the system on an ongoing basis.

@@ -12450,6 +9643,7 @@ Risk Monitoring + @@ -12466,23 +9660,14 @@

Ensure risk monitoring is an integral part of the continuous monitoring strategy that includes the following:

-

Effectiveness monitoring;

 -

Compliance monitoring; and

 -

Change monitoring.

 @@ -12491,63 +9676,19 @@

Risk monitoring is informed by the established organizational risk tolerance. Effectiveness monitoring determines the ongoing effectiveness of the implemented risk response measures. Compliance monitoring verifies that required risk response measures are implemented. It also verifies that security and privacy requirements are satisfied. Change monitoring identifies changes to organizational systems and environments of operation that may affect security and privacy risk.

 - - -

risk monitoring is an integral part of the continuous monitoring strategy;

- - -

effectiveness monitoring is included in risk monitoring;

 - - -

compliance monitoring is included in risk monitoring;

 - - -

change monitoring is included in risk monitoring.

@@ -12608,6 +9749,7 @@

systems or system components on which penetration testing is to be conducted are defined;

+ @@ -12623,9 +9765,6 @@ -

Conduct penetration testing on .

CA-8 Additional FedRAMP Requirements and Guidance @@ -12640,17 +9779,6 @@

Organizations can use the results of vulnerability analyses to support penetration testing activities. Penetration testing can be conducted internally or externally on the hardware, software, or firmware components of a system and can exercise both physical and technical controls. A standard method for penetration testing includes a pretest analysis based on full knowledge of the system, pretest identification of potential vulnerabilities based on the pretest analysis, and testing designed to determine the exploitability of vulnerabilities. All parties agree to the rules of engagement before commencing penetration testing scenarios. Organizations correlate the rules of engagement for the penetration tests with the tools, techniques, and procedures that are anticipated to be employed by adversaries. Penetration testing may result in the exposure of information that is protected by laws or regulations, to individuals conducting the testing. Rules of engagement, contracts, or other appropriate mechanisms can be used to communicate expectations for how to protect this information. Risk assessments guide the decisions on the level of independence required for the personnel conducting penetration testing.

 - - -

penetration testing is conducted on .

@@ -12688,6 +9816,7 @@ Independent Penetration Testing Agent or Team + @@ -12700,26 +9829,12 @@ -

Employ an independent penetration testing agent or team to perform penetration testing on the system or system components.

Independent penetration testing agents or teams are individuals or groups who conduct impartial penetration testing of organizational systems. Impartiality implies that penetration testing agents or teams are free from perceived or actual conflicts of interest with respect to the development, operation, or management of the systems that are the targets of the penetration testing. CA-2(1) provides additional information on independent assessments that can be applied to penetration testing.

 - - -

an independent penetration testing agent or team is employed to perform penetration testing on the system or system components.

@@ -12756,7 +9871,7 @@

red team exercises to simulate attempts by adversaries to compromise organizational systems are defined;

- + @@ -12768,12 +9883,9 @@ value="true"/> -

Employ the following red-team exercises to simulate attempts by adversaries to compromise organizational systems in accordance with applicable rules of engagement: .

- CA-8(2) Additional FedRAMP Requirements and Guidance + CM-2 Additional FedRAMP Requirements and Guidance

See the FedRAMP Documents page> Penetration Test Guidance

@@ -12785,17 +9897,6 @@

Red team exercises extend the objectives of penetration testing by examining the security and privacy posture of organizations and the capability to implement effective cyber defenses. Red team exercises simulate attempts by adversaries to compromise mission and business functions and provide a comprehensive assessment of the security and privacy posture of systems and organizations. Such attempts may include technology-based attacks and social engineering-based attacks. Technology-based attacks include interactions with hardware, software, or firmware components and/or mission and business processes. Social engineering-based attacks include interactions via email, telephone, shoulder surfing, or personal conversations. Red team exercises are most effective when conducted by penetration testing agents and teams with knowledge of and experience with current adversarial tactics, techniques, procedures, and tools. While penetration testing may be primarily laboratory-based testing, organizations can use red team exercises to provide more comprehensive assessments that reflect real-world conditions. The results from red team exercises can be used by organizations to improve security and privacy awareness and training and to assess control effectiveness.

 - - -

are employed to simulate attempts by adversaries to compromise organizational systems in accordance with applicable rules of engagement.

@@ -12862,6 +9963,7 @@

frequency at which to review the continued need for each internal connection is defined;

+ @@ -12883,30 +9985,18 @@ -

Authorize internal connections of to the system;

 -

Document, for each internal connection, the interface characteristics, security and privacy requirements, and the nature of the information communicated;

 -

Terminate internal system connections after ; and

 -

Review the continued need for each internal connection.

 @@ -12917,29 +10007,11 @@ - - -

internal connections of to the system are authorized;

 - - @@ -12964,33 +10036,11 @@ - - -

internal system connections are terminated after ;

 - - -

the continued need for each internal connection is reviewed .

@@ -13103,6 +10153,7 @@

events that would require configuration management procedures to be reviewed and updated are defined;

+ @@ -13123,13 +10174,6 @@ - - -

This response must address all control sub-statement requirements.

- -

Develop, document, and disseminate to :

@@ -13151,20 +10195,10 @@ -

Designate an to manage the development, documentation, and dissemination of the configuration management policy and procedures; and

 - - -

This response must address all control sub-statement requirements.

- -

Review and update the current configuration management:

@@ -13185,57 +10219,21 @@ - - -

a configuration management policy is developed and documented;

 - - -

the configuration management policy is disseminated to ;

 - -

configuration management procedures to facilitate the implementation of the configuration management policy and associated configuration management controls are developed and documented;

 - -

the configuration management procedures are disseminated to ;

@@ -13243,13 +10241,6 @@ - - @@ -13289,13 +10280,6 @@ - -

the configuration management policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

@@ -13305,17 +10289,6 @@ - - -

the is designated to manage the development, documentation, and dissemination of the configuration management policy and procedures;

@@ -13323,17 +10296,6 @@ - - - @@ -13348,17 +10310,6 @@ - - - @@ -13423,6 +10374,7 @@

the circumstances requiring baseline configuration review and update are defined;

+ @@ -13455,16 +10407,10 @@ -

Develop, document, and maintain under configuration control, a current baseline configuration of the system; and

 -

Review and update the baseline configuration of the system:

@@ -13495,13 +10441,6 @@ - - @@ -13518,49 +10457,16 @@ - - -

the baseline configuration of the system is reviewed and updated ;

 - - -

the baseline configuration of the system is reviewed and updated when required due to ;

 - - -

the baseline configuration of the system is reviewed and updated when system components are installed or upgraded.

@@ -13612,6 +10518,7 @@

automated mechanisms for maintaining baseline configuration of the system are defined;

+ @@ -13626,26 +10533,12 @@ -

Maintain the currency, completeness, accuracy, and availability of the baseline configuration of the system using .

Automated mechanisms that help organizations maintain consistent baseline configurations for systems include configuration management tools, hardware, software, firmware inventory tools, and network management tools. Automated tools can be used at the organization level, mission and business process level, or system level on workstations, servers, notebook computers, network components, or mobile devices. Tools can be used to track version numbers on operating systems, applications, types of software installed, and current patch levels. Automation support for accuracy and currency can be satisfied by the implementation of CM-8(2) for organizations that combine system component inventory and baseline configuration activities.

 - - - @@ -13716,6 +10609,7 @@

the number of previous baseline configuration versions to be retained is defined;

+ @@ -13727,22 +10621,12 @@ value="true"/> -

Retain of previous versions of baseline configurations of the system to support rollback.

Retaining previous versions of baseline configurations to support rollback include hardware, software, firmware, configuration files, configuration records, and associated documentation.

 - -

of previous baseline configuration version(s) of the system is/are retained to support rollback.

@@ -13799,6 +10683,7 @@

the controls to be applied when the individuals return from travel are defined;

+ @@ -13813,16 +10698,10 @@ -

Issue with to individuals traveling to locations that the organization deems to be of significant risk; and

 -

Apply the following controls to the systems or components when the individuals return from travel: .

 @@ -13833,34 +10712,12 @@ - - -

with are issued to individuals traveling to locations that the organization deems to be of significant risk;

 - - -

are applied to the systems or system components when the individuals return from travel.

@@ -13939,6 +10796,7 @@

configuration change conditions that prompt the configuration control element to convene are defined (if selected);

+ @@ -13976,51 +10834,30 @@ -

Determine and document the types of changes to the system that are configuration-controlled;

 -

Review proposed configuration-controlled changes to the system and approve or disapprove such changes with explicit consideration for security and privacy impact analyses;

 -

Document configuration change decisions associated with the system;

 -

Implement approved configuration-controlled changes to the system;

 -

Retain records of configuration-controlled changes to the system for ;

 -

Monitor and review activities associated with configuration-controlled changes to the system; and

 -

Coordinate and provide oversight for configuration change control activities through that convenes .

 @@ -14042,33 +10879,11 @@ - - -

the types of changes to the system that are configuration-controlled are determined and documented;

 - - - @@ -14083,57 +10898,21 @@ - - -

configuration change decisions associated with the system are documented;

 - -

approved configuration-controlled changes to the system are implemented;

 - -

records of configuration-controlled changes to the system are retained for ;

 - - - @@ -14150,33 +10929,11 @@ - - -

configuration change control activities are coordinated and overseen by ;

 - - -

the configuration control element convenes .

@@ -14258,6 +11015,7 @@

personnel to be notified when approved changes are complete is/are defined;

+ @@ -14271,44 +11029,26 @@

Use to:

-

Document proposed changes to the system;

 -

Notify of proposed changes to the system and request change approval;

 -

Highlight proposed changes to the system that have not been approved or disapproved within ;

 -

Prohibit changes to the system until designated approvals are received;

 -

Document all changes to the system; and

 -

Notify when approved changes to the system are completed.

 @@ -14319,102 +11059,36 @@ - - -

are used to document proposed changes to the system;

 - - -

are used to notify of proposed changes to the system and request change approval;

 - - -

are used to highlight proposed changes to the system that have not been approved or disapproved within ;

 - - -

are used to prohibit changes to the system until designated approvals are received;

 - - -

are used to document all changes to the system;

 - - -

are used to notify when approved changes to the system are completed.

@@ -14463,6 +11137,7 @@ Testing, Validation, and Documentation of Changes + @@ -14474,26 +11149,12 @@ value="true"/> -

Test, validate, and document changes to the system before finalizing the implementation of the changes.

Changes to systems include modifications to hardware, software, or firmware components and configuration settings defined in CM-6 . Organizations ensure that testing does not interfere with system operations that support organizational mission and business functions. Individuals or groups conducting tests understand security and privacy policies and procedures, system security and privacy policies and procedures, and the health, safety, and environmental risks associated with specific facilities or processes. Operational systems may need to be taken offline, or replicated to the extent feasible, before testing can be conducted. If systems must be taken offline for testing, the tests are scheduled to occur during planned system outages whenever possible. If the testing cannot be conducted on operational systems, organizations employ compensating controls.

 - - - @@ -14578,6 +11239,7 @@

the configuration change control element of which the security and privacy representatives are to be members is defined;

+ @@ -14586,26 +11248,12 @@ value="organization"/> -

Require to be members of the .

Information security and privacy representatives include system security officers, senior agency information security officers, senior agency officials for privacy, or system privacy officers. Representation by personnel with information security and privacy expertise is important because changes to system configurations can have unintended side effects, some of which may be security- or privacy-relevant. Detecting such changes early in the process can help avoid unintended, negative consequences that could ultimately affect the security and privacy posture of systems. The configuration change control element referred to in the second organization-defined parameter reflects the change control elements defined by organizations in CM-3g.

 - - - @@ -14663,6 +11311,7 @@

controls provided by cryptographic mechanisms that are to be under configuration management are defined;

+ @@ -14672,26 +11321,12 @@ -

Ensure that cryptographic mechanisms used to provide the following controls are under configuration management: .

The controls referenced in the control enhancement refer to security and privacy controls from the control catalog. Regardless of the cryptographic mechanisms employed, processes and procedures are in place to manage those mechanisms. For example, if system components use certificates for identification and authentication, a process is implemented to address the expiration of those certificates.

 - - -

cryptographic mechanisms used to provide are under configuration management.

@@ -14733,6 +11368,7 @@ Impact Analyses + @@ -14756,26 +11392,12 @@ -

Analyze changes to the system to determine potential security and privacy impacts prior to change implementation.

Organizational personnel with security or privacy responsibilities conduct impact analyses. Individuals conducting impact analyses possess the necessary skills and technical expertise to analyze the changes to systems as well as the security or privacy ramifications. Impact analyses include reviewing security and privacy plans, policies, and procedures to understand control requirements; reviewing system design documentation and operational procedures to understand control implementation and how specific system changes might affect the controls; reviewing the impact of changes on organizational supply chain partners with stakeholders; and determining how potential changes to a system create new risks to the privacy of individuals and the ability of implemented controls to mitigate those risks. Impact analyses also include risk assessments to understand the impact of the changes and determine if additional controls are required.

 - - - @@ -14831,6 +11453,7 @@ Separate Test Environments + @@ -14844,9 +11467,6 @@ -

Analyze changes to the system in a separate test environment before implementation in an operational environment, looking for security and privacy impacts due to flaws, weaknesses, incompatibility, or intentional malice.

 @@ -14855,145 +11475,46 @@ - - -

changes to the system are analyzed in a separate test environment before implementation in an operational environment;

 - - -

changes to the system are analyzed for security impacts due to flaws;

 - - -

changes to the system are analyzed for privacy impacts due to flaws;

 - - -

changes to the system are analyzed for security impacts due to weaknesses;

 - - -

changes to the system are analyzed for privacy impacts due to weaknesses;

 - - -

changes to the system are analyzed for security impacts due to incompatibility;

 - - -

changes to the system are analyzed for privacy impacts due to incompatibility;

 - - -

changes to the system are analyzed for security impacts due to intentional malice;

 - - -

changes to the system are analyzed for privacy impacts due to intentional malice.

@@ -15044,6 +11565,7 @@ Verification of Controls + @@ -15058,26 +11580,12 @@ -

After system changes, verify that the impacted controls are implemented correctly, operating as intended, and producing the desired outcome with regard to meeting the security and privacy requirements for the system.

Implementation in this context refers to installing changed code in the operational system that may have an impact on security or privacy controls.

 - - - @@ -15154,7 +11662,7 @@ Access Restrictions for Change - + @@ -15174,26 +11682,12 @@ -

Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system.

Changes to the hardware, software, or firmware components of systems or the operational procedures related to the system can potentially have significant effects on the security of the systems or individuals’ privacy. Therefore, organizations permit only qualified and authorized individuals to access systems for purposes of initiating changes. Access restrictions include physical and logical access controls (see AC-3 and PE-3 ), software libraries, workflow automation, media libraries, abstract layers (i.e., changes implemented into external interfaces rather than directly into systems), and change windows (i.e., changes occur only during specified times).

 - - - @@ -15272,6 +11766,7 @@

mechanisms used to automate the enforcement of access restrictions are defined;

+ @@ -15288,16 +11783,10 @@ -

Enforce access restrictions using ; and

 -

Automatically generate audit records of the enforcement actions.

 @@ -15308,29 +11797,11 @@ - -

access restrictions for change are enforced using ;

 - - -

audit records of enforcement actions are automatically generated.

@@ -15394,6 +11865,7 @@

frequency at which to reevaluate privileges is defined;

+ @@ -15404,16 +11876,10 @@ -

Limit privileges to change system components and system-related information within a production or operational environment; and

 -

Review and reevaluate privileges .

 @@ -15424,13 +11890,6 @@ - - @@ -15445,17 +11904,6 @@ - - - @@ -15528,7 +11976,7 @@

operational requirements necessitating approval of deviations are defined;

- + @@ -15574,30 +12022,18 @@ -

Establish and document configuration settings for components employed within the system that reflect the most restrictive mode consistent with operational requirements using ;

 -

Implement the configuration settings;

 -

Identify, document, and approve any deviations from established configuration settings for based on ; and

 -

Monitor and control changes to the configuration settings in accordance with organizational policies and procedures.

 @@ -15613,7 +12049,7 @@ -

Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP's Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.

+

Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP’s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.

During monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests.

 @@ -15626,45 +12062,16 @@ - -

configuration settings that reflect the most restrictive mode consistent with operational requirements are established and documented for components employed within the system using ;

 - - -

the configuration settings documented in CM-06a are implemented;

 - - - @@ -15679,17 +12086,6 @@ - - - @@ -15773,7 +12169,7 @@

automated mechanisms to verify configuration settings are defined;

- + @@ -15783,22 +12179,12 @@ -

Manage, apply, and verify configuration settings for using .

Automated tools (e.g., hardening tools, baseline configuration tools) can improve the accuracy, consistency, and availability of configuration settings information. Automation can also provide data aggregation and data correlation capabilities, alerting mechanisms, and dashboards to support risk-based decision-making within the organization.

 - - @@ -15868,7 +12254,7 @@

configuration settings requiring action upon an unauthorized change are defined;

- + @@ -15880,26 +12266,12 @@ -

Take the following actions in response to unauthorized changes to : .

Responses to unauthorized changes to configuration settings include alerting designated organizational personnel, restoring established configuration settings, or—in extreme cases—halting affected system processing.

 - - -

are taken in response to unauthorized changes to .

@@ -15984,7 +12356,7 @@

services to be prohibited or restricted are defined;

- + @@ -16018,16 +12390,10 @@ -

Configure the system to provide only ; and

 -

Prohibit or restrict the use of the following functions, ports, protocols, software, and/or services: .

 @@ -16045,29 +12411,11 @@ - - -

the system is configured to provide only ;

 - - @@ -16177,7 +12525,7 @@

services to be disabled or removed when deemed unnecessary or non-secure are defined;

- + @@ -16191,16 +12539,10 @@ -

Review the system to identify unnecessary and/or nonsecure functions, ports, protocols, software, and services; and

 -

Disable or remove .

 @@ -16211,33 +12553,11 @@ - - -

the system is reviewed to identify unnecessary and/or non-secure functions, ports, protocols, software, and services:

 - - - @@ -16325,7 +12645,7 @@

policies, rules of behavior, and/or access agreements regarding software program usage and restrictions are defined (if selected);

- + @@ -16339,9 +12659,6 @@ -

Prevent program execution in accordance with .

CM-7 (2) Additional FedRAMP Requirements and Guidance @@ -16355,13 +12672,6 @@

Prevention of program execution addresses organizational policies, rules of behavior, and/or access agreements that restrict software usage and the terms and conditions imposed by the developer or manufacturer, including software licensing and copyrights. Restrictions include prohibiting auto-execute features, restricting roles allowed to approve program execution, permitting or prohibiting specific software programs, or restricting the number of program instances executed at the same time.

 - -

program execution is prevented in accordance with .

@@ -16423,7 +12733,7 @@

frequency at which to review and update the list of authorized software programs is defined;

- + @@ -16445,23 +12755,14 @@ -

Identify ;

 -

Employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the system; and

 -

Review and update the list of authorized software programs .

 @@ -16472,46 +12773,17 @@ - - -

are identified;

 - -

a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the system is employed;

 - - -

the list of authorized software programs is reviewed and updated .

@@ -16576,7 +12848,7 @@

frequency at which to review and update the system component inventory is defined;

- + @@ -16612,9 +12884,6 @@ -

Develop and document an inventory of system components that:

@@ -16639,9 +12908,6 @@ -

Review and update the system component inventory .

 @@ -16662,81 +12928,26 @@ - - -

an inventory of system components that accurately reflects the system is developed and documented;

 - - -

an inventory of system components that includes all components within the system is developed and documented;

 - - -

an inventory of system components that does not include duplicate accounting of components or components assigned to any other system is developed and documented;

 - - -

an inventory of system components that is at the level of granularity deemed necessary for tracking and reporting is developed and documented;

 - - -

an inventory of system components that includes is developed and documented;

@@ -16744,17 +12955,6 @@ - - -

the system component inventory is reviewed and updated .

@@ -16795,6 +12995,7 @@ Updates During Installation and Removal + @@ -16807,26 +13008,12 @@ -

Update the inventory of system components as part of component installations, removals, and system updates.

Organizations can improve the accuracy, completeness, and consistency of system component inventories if the inventories are updated as part of component installations or removals or during general system updates. If inventories are not updated at these key times, there is a greater likelihood that the information will not be appropriately captured and documented. System updates include hardware, software, and firmware components.

 - - - @@ -16909,6 +13096,7 @@

automated mechanisms used to maintain the availability of the system component inventory are defined;

+ @@ -16920,26 +13108,12 @@ value="true"/> -

Maintain the currency, completeness, accuracy, and availability of the inventory of system components using .

Organizations maintain system inventories to the extent feasible. For example, virtual machines can be difficult to monitor because such machines are not visible to the network when not in use. In such cases, organizations maintain as up-to-date, complete, and accurate an inventory as is deemed reasonable. Automated maintenance can be achieved by the implementation of CM-2(2) for organizations that combine system component inventory and baseline configuration activities.

 - - - @@ -17056,6 +13230,7 @@

personnel or roles to be notified when unauthorized components are detected is/are defined (if selected);

+ @@ -17077,17 +13252,11 @@ -

Detect the presence of unauthorized hardware, software, and firmware components within the system using ; and

 -

Take the following actions when unauthorized components are detected: .

 @@ -17099,13 +13268,6 @@ - - @@ -17128,13 +13290,6 @@ - - @@ -17213,6 +13368,7 @@ role + @@ -17225,26 +13381,12 @@ -

Include in the system component inventory information, a means for identifying by , individuals responsible and accountable for administering those components.

Identifying individuals who are responsible and accountable for administering system components ensures that the assigned components are properly administered and that organizations can contact those individuals if some action is required (e.g., when the component is determined to be the source of a breach, needs to be recalled or replaced, or needs to be relocated).

 - - -

individuals responsible and accountable for administering system components are identified by in the system component inventory.

@@ -17289,6 +13431,7 @@

personnel or roles to review and approve the configuration management plan is/are defined;

+ @@ -17308,37 +13451,22 @@

Develop, document, and implement a configuration management plan for the system that:

-

Addresses roles, responsibilities, and configuration management processes and procedures;

 -

Establishes a process for identifying configuration items throughout the system development life cycle and for managing the configuration of the configuration items;

 -

Defines the configuration items for the system and places the configuration items under configuration management;

 -

Is reviewed and approved by ; and

 -

Protects the configuration management plan from unauthorized disclosure and modification.

 @@ -17353,13 +13481,6 @@

Organizations can employ templates to help ensure the consistent and timely development and implementation of configuration management plans. Templates can represent a configuration management plan for the organization with subsets of the plan implemented on a system by system basis. Configuration management approval processes include the designation of key stakeholders responsible for reviewing and approving proposed changes to systems, and personnel who conduct security and privacy impact analyses prior to the implementation of changes to the systems. Configuration items are the system components, such as the hardware, software, firmware, and documentation to be configuration-managed. As systems continue through the system development life cycle, new configuration items may be identified, and some existing configuration items may no longer need to be under configuration control.

 - - @@ -17372,13 +13493,6 @@ - - @@ -17400,29 +13514,11 @@ - - -

the configuration management plan establishes a process for identifying configuration items throughout the system development life cycle;

 - -

the configuration management plan establishes a process for managing the configuration of the configuration items;

@@ -17432,25 +13528,11 @@ - -

the configuration management plan defines the configuration items for the system;

 - -

the configuration management plan places the configuration items under configuration management;

@@ -17458,29 +13540,11 @@ - - -

the configuration management plan is reviewed and approved by ;

 - - @@ -17535,6 +13599,7 @@ Software Usage Restrictions + @@ -17549,23 +13614,14 @@ -

Use software and associated documentation in accordance with contract agreements and copyright laws;

 -

Track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and

 -

Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.

 @@ -17576,49 +13632,16 @@ - - -

software and associated documentation are used in accordance with contract agreements and copyright laws;

 - - -

the use of software and associated documentation protected by quantity licenses is tracked to control copying and distribution;

 - - -

the use of peer-to-peer file sharing technology is controlled and documented to ensure that peer-to-peer file sharing is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.

@@ -17687,6 +13710,7 @@

frequency with which to monitor compliance is defined;

+ @@ -17706,23 +13730,14 @@ -

Establish governing the installation of software by users;

 -

Enforce software installation policies through the following methods: ; and

 -

Monitor policy compliance .

 @@ -17733,46 +13748,17 @@ - - -

governing the installation of software by users are established;

 - - -

software installation policies are enforced through ;

 - -

compliance with is monitored .

@@ -17826,6 +13812,7 @@

information for which the location is to be identified and documented is defined;

+ @@ -17856,23 +13843,14 @@ -

Identify and document the location of and the specific system components on which the information is processed and stored;

 -

Identify and document the users who have access to the system and system components where the information is processed and stored; and

 -

Document changes to the location (i.e., system or system components) where the information is processed and stored.

 @@ -17892,49 +13870,16 @@ - - -

the location of is identified and documented;

 - - -

the specific system components on which is processed are identified and documented;

 - - -

the specific system components on which is stored are identified and documented;

@@ -17942,17 +13887,6 @@ - - - @@ -17967,17 +13901,6 @@ - - - @@ -18051,6 +13974,7 @@

system components where the information is located are defined;

+ @@ -18062,9 +13986,6 @@ value="true"/> -

Use automated tools to identify on to ensure controls are in place to protect organizational information and individual privacy.

CM-12 (1) Additional FedRAMP Requirements and Guidance @@ -18078,13 +13999,6 @@

The use of automated tools helps to increase the effectiveness and efficiency of the information location capability implemented within the system. Automation also helps organizations manage the data produced during information location activities and share such information across the organization. The output of automated information location tools can be used to guide and inform system architecture and design decisions.

 - -

automated tools are used to identify on to ensure that controls are in place to protect organizational information and individual privacy.

@@ -18144,6 +14058,7 @@

firmware components requiring verification of a digitally signed certificate before installation are defined;

+ @@ -18162,9 +14077,6 @@ -

Prevent the installation of without verification that the component has been digitally signed using a certificate that is recognized and approved by the organization.

@@ -18175,17 +14087,6 @@

Software and firmware components prevented from installation unless signed with recognized and approved certificates include software and firmware version updates, patches, service packs, device drivers, and basic input/output system updates. Organizations can identify applicable software and firmware components by type, by specific items, or a combination of both. Digital signatures and organizational verification of such signatures is a method of code authentication.

 - - - @@ -18307,6 +14208,7 @@

events that would require procedures to be reviewed and updated are defined;

+ @@ -18327,13 +14229,6 @@ - - -

This response must address all control sub-statement requirements.

- -

Develop, document, and disseminate to :

@@ -18355,20 +14250,10 @@ -

Designate an to manage the development, documentation, and dissemination of the contingency planning policy and procedures; and

 - - -

This response must address all control sub-statement requirements.

- -

Review and update the current contingency planning:

@@ -18389,57 +14274,21 @@ - - -

a contingency planning policy is developed and documented;

 - - -

the contingency planning policy is disseminated to ;

 - -

contingency planning procedures to facilitate the implementation of the contingency planning policy and associated contingency planning controls are developed and documented;

 - -

the contingency planning procedures are disseminated to ;

@@ -18447,13 +14296,6 @@ - - @@ -18493,13 +14335,6 @@ - -

the contingency planning policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

@@ -18509,17 +14344,6 @@ - - -

the is designated to manage the development, documentation, and dissemination of the contingency planning policy and procedures;

@@ -18527,17 +14351,6 @@ - - - @@ -18552,17 +14365,6 @@ - - - @@ -18657,6 +14459,7 @@

key contingency organizational elements to communicate changes to are defined;

+ @@ -18692,9 +14495,6 @@ -

Develop a contingency plan for the system that:

@@ -18727,51 +14527,30 @@ -

Distribute copies of the contingency plan to ;

 -

Coordinate contingency planning activities with incident handling activities;

 -

Review the contingency plan for the system ;

 -

Update the contingency plan to address changes to the organization, system, or environment of operation and problems encountered during contingency plan implementation, execution, or testing;

 -

Communicate contingency plan changes to ;

 -

Incorporate lessons learned from contingency plan testing, training, or actual contingency activities into contingency testing and training; and

 -

Protect the contingency plan from unauthorized disclosure and modification.

 @@ -18796,25 +14575,11 @@ - -

a contingency plan for the system is developed that identifies essential mission and business functions and associated contingency requirements;

 - - @@ -18834,13 +14599,6 @@ - - @@ -18860,49 +14618,21 @@ - -

a contingency plan for the system is developed that addresses maintaining essential mission and business functions despite a system disruption, compromise, or failure;

 - -

a contingency plan for the system is developed that addresses eventual, full-system restoration without deterioration of the controls originally planned and implemented;

 - -

a contingency plan for the system is developed that addresses the sharing of contingency information;

 - - @@ -18921,33 +14651,11 @@ - - -

copies of the contingency plan are distributed to ;

 - - -

copies of the contingency plan are distributed to ;

@@ -18955,33 +14663,11 @@ - - -

contingency planning activities are coordinated with incident handling activities;

 - - -

the contingency plan for the system is reviewed ;

@@ -18989,33 +14675,11 @@ - - -

the contingency plan is updated to address changes to the organization, system, or environment of operation;

 - - -

the contingency plan is updated to address problems encountered during contingency plan implementation, execution, or testing;

@@ -19023,17 +14687,6 @@ - - - @@ -19048,21 +14701,6 @@ - - - - @@ -19077,21 +14715,6 @@ - - - - @@ -19139,6 +14762,7 @@ Coordinate with Related Plans + @@ -19147,26 +14771,12 @@ value="organization"/> -

Coordinate contingency plan development with organizational elements responsible for related plans.

Plans that are related to contingency plans include Business Continuity Plans, Disaster Recovery Plans, Critical Infrastructure Plans, Continuity of Operations Plans, Crisis Communications Plans, Insider Threat Implementation Plans, Data Breach Response Plans, Cyber Incident Response Plans, Breach Response Plans, and Occupant Emergency Plans.

 - - -

contingency plan development is coordinated with organizational elements responsible for related plans.

@@ -19202,6 +14812,7 @@ Capacity Planning + @@ -19216,30 +14827,12 @@ -

Conduct capacity planning so that necessary capacity for information processing, telecommunications, and environmental support exists during contingency operations.

Capacity planning is needed because different threats can result in a reduction of the available processing, telecommunications, and support services intended to support essential mission and business functions. Organizations anticipate degraded operations during contingency operations and factor the degradation into capacity planning. For capacity planning, environmental support refers to any environmental factor for which the organization determines that it needs to provide support in a contingency situation, even if in a degraded state. Such determinations are based on an organizational assessment of risk, system categorization (impact level), and organizational risk tolerance.

 - - - - @@ -19304,6 +14897,7 @@

the contingency plan activation time period within which to resume mission and business functions is defined;

+ @@ -19312,26 +14906,12 @@ value="organization"/> -

Plan for the resumption of mission and business functions within of contingency plan activation.

Organizations may choose to conduct contingency planning activities to resume mission and business functions as part of business continuity planning or as part of business impact analyses. Organizations prioritize the resumption of mission and business functions. The time period for resuming mission and business functions may be dependent on the severity and extent of the disruptions to the system and its supporting infrastructure.

 - - -

the resumption of mission and business functions are planned for within of contingency plan activation.

@@ -19381,6 +14961,7 @@ essential + @@ -19389,9 +14970,6 @@ value="organization"/> -

Plan for the continuance of mission and business functions with minimal or no loss of operational continuity and sustains that continuity until full system restoration at primary processing and/or storage sites.

 @@ -19400,41 +14978,11 @@ - - - -

the continuance of mission and business functions with minimal or no loss of operational continuity is planned for;

 - - - -

continuity is sustained until full system restoration at primary processing and/or storage sites.

@@ -19484,6 +15032,7 @@ essential + @@ -19494,26 +15043,12 @@ -

Identify critical system assets supporting mission and business functions.

Organizations may choose to identify critical assets as part of criticality analysis, business continuity planning, or business impact analyses. Organizations identify critical system assets so that additional controls can be employed (beyond the controls routinely implemented) to help ensure that organizational mission and business functions can continue to be conducted during contingency operations. The identification of critical information assets also facilitates the prioritization of organizational resources. Critical system assets include technical and operational aspects. Technical aspects include system components, information technology services, information technology products, and mechanisms. Operational aspects include procedures (i.e., manually executed operations) and personnel (i.e., individuals operating technical controls and/or executing manual procedures). Organizational program protection plans can assist in identifying critical assets. If critical assets are resident within or supported by external service providers, organizations consider implementing CP-2(7) as a control enhancement.

 - - -

critical system assets supporting mission and business functions are identified.

@@ -19582,6 +15117,7 @@

events necessitating review and update of contingency training are defined;

+ @@ -19603,9 +15139,6 @@ -

Provide contingency training to system users consistent with assigned roles and responsibilities:

@@ -19623,9 +15156,6 @@ -

Review and update contingency training content and following .

 @@ -19645,49 +15175,16 @@ - - -

contingency training is provided to system users consistent with assigned roles and responsibilities within of assuming a contingency role or responsibility;

 - - -

contingency training is provided to system users consistent with assigned roles and responsibilities when required by system changes;

 - - -

contingency training is provided to system users consistent with assigned roles and responsibilities thereafter;

@@ -19697,33 +15194,11 @@ - - -

the contingency plan training content is reviewed and updated ;

 - - -

the contingency plan training content is reviewed and updated following .

@@ -19763,6 +15238,7 @@ Simulated Events + @@ -19774,30 +15250,12 @@ value="true"/> -

Incorporate simulated events into contingency training to facilitate effective response by personnel in crisis situations.

The use of simulated events creates an environment for personnel to experience actual threat events, including cyber-attacks that disable websites, ransomware attacks that encrypt organizational data on servers, hurricanes that damage or destroy organizational facilities, or hardware or software failures.

 - - - -

simulated events are incorporated into contingency training to facilitate effective response by personnel in crisis situations.

@@ -19866,7 +15324,7 @@

tests for determining readiness to execute the contingency plan are defined;

- + @@ -19892,23 +15350,14 @@ -

Test the contingency plan for the system using the following tests to determine the effectiveness of the plan and the readiness to execute the plan: .

 -

Review the contingency plan test results; and

 -

Initiate corrective actions, if needed.

 @@ -19932,62 +15381,17 @@ - - - -

the contingency plan for the system is tested ;

 - - - -

are used to determine the effectiveness of the plan;

 - - - -

are used to determine the readiness to execute the plan;

@@ -19996,33 +15400,11 @@ - - -

the contingency plan test results are reviewed;

 - - -

corrective actions are initiated, if needed.

@@ -20060,6 +15442,7 @@ Coordinate with Related Plans + @@ -20073,30 +15456,12 @@ -

Coordinate contingency plan testing with organizational elements responsible for related plans.

Plans related to contingency planning for organizational systems include Business Continuity Plans, Disaster Recovery Plans, Continuity of Operations Plans, Crisis Communications Plans, Critical Infrastructure Plans, Cyber Incident Response Plans, and Occupant Emergency Plans. Coordination of contingency plan testing does not require organizations to create organizational elements to handle related plans or to align such elements with specific plans. However, it does require that if such organizational elements are responsible for related plans, organizations coordinate with those elements.

 - - - -

contingency plan testing is coordinated with organizational elements responsible for related plans.

@@ -20133,6 +15498,7 @@ Alternate Processing Site + @@ -20147,16 +15513,10 @@

Test the contingency plan at the alternate processing site:

-

To familiarize contingency personnel with the facility and available resources; and

 -

To evaluate the capabilities of the alternate processing site to support contingency operations.

 @@ -20167,41 +15527,11 @@ - - - -

the contingency plan is tested at the alternate processing site to familiarize contingency personnel with the facility and available resources;

 - - - -

the contingency plan is tested at the alternate processing site to evaluate the capabilities of the alternate processing site to support contingency operations.

@@ -20243,6 +15573,7 @@ Alternate Storage Site + @@ -20262,16 +15593,10 @@ -

Establish an alternate storage site, including necessary agreements to permit the storage and retrieval of system backup information; and

 -

Ensure that the alternate storage site provides controls equivalent to that of the primary site.

 @@ -20284,41 +15609,11 @@ - - - -

an alternate storage site is established;

 - - - -

establishment of the alternate storage site includes necessary agreements to permit the storage and retrieval of system backup information;

@@ -20326,21 +15621,6 @@ - - - -

the alternate storage site provides controls equivalent to that of the primary site.

@@ -20379,6 +15659,7 @@ Separation from Primary Site + @@ -20388,30 +15669,12 @@ -

Identify an alternate storage site that is sufficiently separated from the primary storage site to reduce susceptibility to the same threats.

Threats that affect alternate storage sites are defined in organizational risk assessments and include natural disasters, structural failures, hostile attacks, and errors of omission or commission. Organizations determine what is considered a sufficient degree of separation between primary and alternate storage sites based on the types of threats that are of concern. For threats such as hostile attacks, the degree of separation between sites is less relevant.

 - - - -

an alternate storage site that is sufficiently separated from the primary storage site is identified to reduce susceptibility to the same threats.

@@ -20442,6 +15705,7 @@ Recovery Time and Recovery Point Objectives + @@ -20450,30 +15714,12 @@ value="organization"/> -

Configure the alternate storage site to facilitate recovery operations in accordance with recovery time and recovery point objectives.

Organizations establish recovery time and recovery point objectives as part of contingency planning. Configuration of the alternate storage site includes physical facilities and the systems supporting recovery operations that ensure accessibility and correct execution.

 - - - - @@ -20521,6 +15767,7 @@ Accessibility + @@ -20530,9 +15777,6 @@ -

Identify potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outline explicit mitigation actions.

 @@ -20541,33 +15785,11 @@ - - -

potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster are identified;

 - - -

explicit mitigation actions to address identified accessibility problems are outlined.

@@ -20614,6 +15836,7 @@

time period consistent with recovery time and recovery point objectives is defined;

+ @@ -20635,23 +15858,14 @@ -

Establish an alternate processing site, including necessary agreements to permit the transfer and resumption of for essential mission and business functions within when the primary processing capabilities are unavailable;

 -

Make available at the alternate processing site, the equipment and supplies required to transfer and resume operations or put contracts in place to support delivery to the site within the organization-defined time period for transfer and resumption; and

 -

Provide controls at the alternate processing site that are equivalent to those at the primary site.

 @@ -20669,21 +15883,6 @@ - - - -

an alternate processing site, including necessary agreements to permit the transfer and resumption of for essential mission and business functions, is established within when the primary processing capabilities are unavailable;

@@ -20691,41 +15890,11 @@ - - - -

the equipment and supplies required to transfer operations are made available at the alternate processing site or if contracts are in place to support delivery to the site within for transfer;

 - - - -

the equipment and supplies required to resume operations are made available at the alternate processing site or if contracts are in place to support delivery to the site within for resumption;

@@ -20733,21 +15902,6 @@ - - - -

controls provided at the alternate processing site are equivalent to those at the primary site.

@@ -20788,6 +15942,7 @@ Separation from Primary Site + @@ -20797,9 +15952,6 @@ -

Identify an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats.

CP-7 (1) Additional FedRAMP Requirements and Guidance @@ -20813,17 +15965,6 @@

Threats that affect alternate processing sites are defined in organizational assessments of risk and include natural disasters, structural failures, hostile attacks, and errors of omission or commission. Organizations determine what is considered a sufficient degree of separation between primary and alternate processing sites based on the types of threats that are of concern. For threats such as hostile attacks, the degree of separation between sites is less relevant.

 - - -

an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats is identified.

@@ -20854,6 +15995,7 @@ Accessibility + @@ -20863,9 +16005,6 @@ -

Identify potential accessibility problems to alternate processing sites in the event of an area-wide disruption or disaster and outlines explicit mitigation actions.

 @@ -20874,33 +16013,11 @@ - - -

potential accessibility problems to alternate processing sites in the event of an area-wide disruption or disaster are identified;

 - - -

explicit mitigation actions to address identified accessibility problems are outlined.

@@ -20933,6 +16050,7 @@ Priority of Service + @@ -20941,26 +16059,12 @@ value="organization"/> -

Develop alternate processing site agreements that contain priority-of-service provisions in accordance with availability requirements (including recovery time objectives).

Priority of service agreements refer to negotiated agreements with service providers that ensure that organizations receive priority treatment consistent with their availability requirements and the availability of information resources for logical alternate processing and/or at the physical alternate processing site. Organizations establish recovery time objectives as part of contingency planning.

 - - -

alternate processing site agreements that contain priority-of-service provisions in accordance with availability requirements (including recovery time objectives) are developed.

@@ -20991,6 +16095,7 @@ Preparation for Use + @@ -21002,30 +16107,12 @@ -

Prepare the alternate processing site so that the site can serve as the operational site supporting essential mission and business functions.

Site preparation includes establishing configuration settings for systems at the alternate processing site consistent with the requirements for such settings at the primary site and ensuring that essential supplies and logistical considerations are in place.

 - - - -

the alternate processing site is prepared so that the site can serve as the operational site supporting essential mission and business functions.

@@ -21076,6 +16163,7 @@

time period within which to resume essential mission and business functions when the primary telecommunications capabilities are unavailable is defined;

+ @@ -21089,9 +16177,6 @@ -

Establish alternate telecommunications services, including necessary agreements to permit the resumption of for essential mission and business functions within when the primary telecommunications capabilities are unavailable at either the primary or alternate processing or storage sites.

CP-8 Additional FedRAMP Requirements and Guidance @@ -21105,21 +16190,6 @@

Telecommunications services (for data and voice) for primary and alternate processing and storage sites are in scope for CP-8 . Alternate telecommunications services reflect the continuity requirements in contingency plans to maintain essential mission and business functions despite the loss of primary telecommunications services. Organizations may specify different time periods for primary or alternate sites. Alternate telecommunications services include additional organizational or commercial ground-based circuits or lines, network-based approaches to telecommunications, or the use of satellites. Organizations consider factors such as availability, quality of service, and access when entering into alternate telecommunications agreements.

 - - - -

alternate telecommunications services, including necessary agreements to permit the resumption of , are established for essential mission and business functions within when the primary telecommunications capabilities are unavailable at either the primary or alternate processing or storage sites.

@@ -21156,6 +16226,7 @@ Priority of Service Provisions + @@ -21165,16 +16236,10 @@ -

Develop primary and alternate telecommunications service agreements that contain priority-of-service provisions in accordance with availability requirements (including recovery time objectives); and

 -

Request Telecommunications Service Priority for all telecommunications services used for national security emergency preparedness if the primary and/or alternate telecommunications services are provided by a common carrier.

 @@ -21185,21 +16250,6 @@ - - - - @@ -21214,21 +16264,6 @@ - - - -

Telecommunications Service Priority is requested for all telecommunications services used for national security emergency preparedness if the primary and/or alternate telecommunications services are provided by a common carrier.

@@ -21268,6 +16303,7 @@ Single Points of Failure + @@ -21276,26 +16312,12 @@ value="organization"/> -

Obtain alternate telecommunications services to reduce the likelihood of sharing a single point of failure with primary telecommunications services.

In certain circumstances, telecommunications service providers or services may share the same physical lines, which increases the vulnerability of a single failure point. It is important to have provider transparency for the actual physical transmission capability for telecommunication services.

 - - -

alternate telecommunications services to reduce the likelihood of sharing a single point of failure with primary telecommunications services are obtained.

@@ -21325,6 +16347,7 @@ Separation of Primary and Alternate Providers + @@ -21333,26 +16356,12 @@ value="organization"/> -

Obtain alternate telecommunications services from providers that are separated from primary service providers to reduce susceptibility to the same threats.

Threats that affect telecommunications services are defined in organizational assessments of risk and include natural disasters, structural failures, cyber or physical attacks, and errors of omission or commission. Organizations can reduce common susceptibilities by minimizing shared infrastructure among telecommunications service providers and achieving sufficient geographic separation between services. Organizations may consider using a single service provider in situations where the service provider can provide alternate telecommunications services that meet the separation needs addressed in the risk assessment.

 - - -

alternate telecommunications services from providers that are separated from primary service providers are obtained to reduce susceptibility to the same threats.

@@ -21403,6 +16412,7 @@

frequency at which to obtain evidence of contingency training by providers is defined;

+ @@ -21414,23 +16424,14 @@ -

Require primary and alternate telecommunications service providers to have contingency plans;

 -

Review provider contingency plans to ensure that the plans meet organizational contingency requirements; and

 -

Obtain evidence of contingency testing and training by providers .

 @@ -21441,17 +16442,6 @@ - - - @@ -21466,33 +16456,11 @@ - - -

provider contingency plans are reviewed to ensure that the plans meet organizational contingency requirements;

 - - - @@ -21575,6 +16543,7 @@

frequency at which to conduct backups of system documentation consistent with recovery time and recovery point objectives is defined;

+ @@ -21598,31 +16567,19 @@ -

Conduct backups of user-level information contained in ;

 -

Conduct backups of system-level information contained in the system ;

 -

Conduct backups of system documentation, including security- and privacy-related documentation ; and

 -

Protect the confidentiality, integrity, and availability of backup information.

 @@ -21652,77 +16609,21 @@ - - - -

backups of user-level information contained in are conducted ;

 - - - -

backups of system-level information contained in the system are conducted ;

 - - - -

backups of system documentation, including security- and privacy-related documentation are conducted ;

 - - - @@ -21795,6 +16696,7 @@

frequency at which to test backup information for information integrity is defined;

+ @@ -21804,30 +16706,12 @@ -

Test backup information to verify media reliability and information integrity.

Organizations need assurance that backup information can be reliably retrieved. Reliability pertains to the systems and system components where the backup information is stored, the operations used to retrieve the information, and the integrity of the information being retrieved. Independent and specialized tests can be used for each of the aspects of reliability. For example, decrypting and transporting (or transmitting) a random sample of backup files from the alternate storage or backup site and comparing the information to the same information at the primary processing site can provide such assurance.

 - - - - @@ -21874,6 +16758,7 @@ Test Restoration Using Sampling + @@ -21883,26 +16768,12 @@ -

Use a sample of backup information in the restoration of selected system functions as part of contingency plan testing.

Organizations need assurance that system functions can be restored correctly and can support established organizational missions. To ensure that the selected system functions are thoroughly exercised during contingency plan testing, a sample of backup information is retrieved to determine whether the functions are operating as intended. Organizations can determine the sample size for the functions and backup information based on the level of assurance needed.

 - - -

a sample of backup information in the restoration of selected system functions is used as part of contingency plan testing.

@@ -21947,6 +16818,7 @@

critical system software and other security-related information backups to be stored in a separate facility are defined;

+ @@ -21958,30 +16830,12 @@ -

Store backup copies of in a separate facility or in a fire rated container that is not collocated with the operational system.

Separate storage for critical information applies to all critical information regardless of the type of backup storage media. Critical system software includes operating systems, middleware, cryptographic key management systems, and intrusion detection systems. Security-related information includes inventories of system hardware, software, and firmware components. Alternate storage sites, including geographically distributed architectures, serve as separate storage facilities for organizations. Organizations may provide separate storage by implementing automated backup processes at alternative storage sites (e.g., data centers). The General Services Administration (GSA) establishes standards and specifications for security and fire rated containers.

 - - - -

backup copies of are stored in a separate facility or in a fire rated container that is not collocated with the operational system.

@@ -22032,6 +16886,7 @@

transfer rate consistent with recovery time and recovery point objectives is defined;

+ @@ -22044,9 +16899,6 @@ -

Transfer system backup information to the alternate storage site .

 @@ -22055,41 +16907,11 @@ - - - -

system backup information is transferred to the alternate storage site for ;

 - - - -

system backup information is transferred to the alternate storage site .

@@ -22141,6 +16963,7 @@

backup information to protect against unauthorized disclosure and modification is defined;

+ @@ -22152,9 +16975,6 @@ -

Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of .

CP-9 (8) Additional FedRAMP Requirements and Guidance @@ -22168,21 +16988,6 @@

The selection of cryptographic mechanisms is based on the need to protect the confidentiality and integrity of backup information. The strength of mechanisms selected is commensurate with the security category or classification of the information. Cryptographic protection applies to system backup information in storage at both primary and alternate locations. Organizations that implement cryptographic mechanisms to protect information at rest also consider cryptographic key management solutions.

 - - - -

cryptographic mechanisms are implemented to prevent unauthorized disclosure and modification of .

@@ -22234,6 +17039,7 @@

time period consistent with recovery time and recovery point objectives for the reconstitution of the system is determined;

+ @@ -22251,30 +17057,12 @@ -

Provide for the recovery and reconstitution of the system to a known state within after a disruption, compromise, or failure.

Recovery is executing contingency plan activities to restore organizational mission and business functions. Reconstitution takes place following recovery and includes activities for returning systems to fully operational states. Recovery and reconstitution operations reflect mission and business priorities; recovery point, recovery time, and reconstitution objectives; and organizational metrics consistent with contingency plan requirements. Reconstitution includes the deactivation of interim system capabilities that may have been needed during recovery operations. Reconstitution also includes assessments of fully restored system capabilities, reestablishment of continuous monitoring activities, system reauthorization (if required), and activities to prepare the system and organization for future disruptions, breaches, compromises, or failures. Recovery and reconstitution capabilities can include automated mechanisms and manual procedures. Organizations establish recovery time and recovery point objectives as part of contingency planning.

 - - - - @@ -22322,6 +17110,7 @@ Transaction Recovery + @@ -22330,30 +17119,12 @@ value="organization"/> -

Implement transaction recovery for systems that are transaction-based.

Transaction-based systems include database management systems and transaction processing systems. Mechanisms supporting transaction recovery include transaction rollback and transaction journaling.

 - - - -

transaction recovery is implemented for systems that are transaction-based.

@@ -22404,6 +17175,7 @@

restoration time period within which to restore system components to a known, operational state is defined;

+ @@ -22414,30 +17186,12 @@ -

Provide the capability to restore system components within from configuration-controlled and integrity-protected information representing a known, operational state for the components.

Restoration of system components includes reimaging, which restores the components to known, operational states.

 - - - -

the capability to restore system components within from configuration-controlled and integrity-protected information representing a known, operational state for the components is provided.

@@ -22547,6 +17301,7 @@

events that would require identification and authentication procedures to be reviewed and updated are defined;

+ @@ -22573,13 +17328,6 @@ - - -

This response must address all control sub-statement requirements.

- -

Develop, document, and disseminate to :

@@ -22601,20 +17349,10 @@ -

Designate an to manage the development, documentation, and dissemination of the identification and authentication policy and procedures; and

 - - -

This response must address all control sub-statement requirements.

- -

Review and update the current identification and authentication:

@@ -22635,57 +17373,21 @@ - - -

an identification and authentication policy is developed and documented;

 - - -

the identification and authentication policy is disseminated to ;

 - -

identification and authentication procedures to facilitate the implementation of the identification and authentication policy and associated identification and authentication controls are developed and documented;

 - -

the identification and authentication procedures are disseminated to ;

@@ -22693,13 +17395,6 @@ - - @@ -22739,13 +17434,6 @@ - -

the identification and authentication policy is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines;

@@ -22755,17 +17443,6 @@ - - -

the is designated to manage the development, documentation, and dissemination of the identification and authentication policy and procedures;

@@ -22773,17 +17450,6 @@ - - - @@ -22798,17 +17464,6 @@ - - - @@ -22849,7 +17504,7 @@ Identification and Authentication (Organizational Users) - + @@ -22895,9 +17550,6 @@ -

Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.

IA-2 Additional FedRAMP Requirements and Guidance @@ -22927,41 +17579,11 @@ - - - -

organizational users are uniquely identified and authenticated;

 - - - -

the unique identification of authenticated organizational users is associated with processes acting on behalf of those users.

@@ -23002,7 +17624,7 @@ Multi-factor Authentication to Privileged Accounts - + @@ -23013,9 +17635,6 @@ -

Implement multi-factor authentication for access to privileged accounts.

IA-2 (1) Additional FedRAMP Requirements and Guidance @@ -23037,13 +17656,6 @@

Multi-factor authentication requires the use of two or more different factors to achieve authentication. The authentication factors are defined as follows: something you know (e.g., a personal identification number [PIN]), something you have (e.g., a physical authenticator such as a cryptographic private key), or something you are (e.g., a biometric). Multi-factor authentication solutions that feature physical authenticators include hardware authenticators that provide time-based or challenge-response outputs and smart cards such as the U.S. Government Personal Identity Verification (PIV) card or the Department of Defense (DoD) Common Access Card (CAC). In addition to authenticating users at the system level (i.e., at logon), organizations may employ authentication mechanisms at the application level, at their discretion, to provide increased security. Regardless of the type of access (i.e., local, network, remote), privileged accounts are authenticated using multi-factor options appropriate for the level of risk. Organizations can add additional security measures, such as additional or more rigorous authentication mechanisms, for specific types of access.

 - -

multi-factor authentication is implemented for access to privileged accounts.

@@ -23083,7 +17695,7 @@ Multi-factor Authentication to Non-privileged Accounts - + @@ -23093,9 +17705,6 @@ -

Implement multi-factor authentication for access to non-privileged accounts.

IA-2 (2) Additional FedRAMP Requirements and Guidance @@ -23117,13 +17726,6 @@

Multi-factor authentication requires the use of two or more different factors to achieve authentication. The authentication factors are defined as follows: something you know (e.g., a personal identification number [PIN]), something you have (e.g., a physical authenticator such as a cryptographic private key), or something you are (e.g., a biometric). Multi-factor authentication solutions that feature physical authenticators include hardware authenticators that provide time-based or challenge-response outputs and smart cards such as the U.S. Government Personal Identity Verification card or the DoD Common Access Card. In addition to authenticating users at the system level, organizations may also employ authentication mechanisms at the application level, at their discretion, to provide increased information security. Regardless of the type of access (i.e., local, network, remote), non-privileged accounts are authenticated using multi-factor options appropriate for the level of risk. Organizations can provide additional security measures, such as additional or more rigorous authentication mechanisms, for specific types of access.

 - -

multi-factor authentication for access to non-privileged accounts is implemented.

@@ -23163,7 +17765,7 @@ Individual Authentication with Group Authentication - + @@ -23175,22 +17777,12 @@ value="system"/> -

When shared accounts or authenticators are employed, require users to be individually authenticated before granting access to the shared accounts or resources.

Individual authentication prior to shared group authentication mitigates the risk of using group accounts or authenticators.

 - -

users are required to be individually authenticated before granting access to the shared accounts or resources when shared accounts or authenticators are employed.

@@ -23264,7 +17856,7 @@

the strength of mechanism requirements to be enforced by a device separate from the system gaining access to accounts is defined;

- + @@ -23276,16 +17868,10 @@

Implement multi-factor authentication for access to such that:

-

One of the factors is provided by a device separate from the system gaining access; and

 -

The device meets .

 @@ -23307,33 +17893,11 @@ - - -

multi-factor authentication is implemented for access to such that one of the factors is provided by a device separate from the system gaining access;

 - - -

multi-factor authentication is implemented for access to such that the device meets .

@@ -23386,7 +17950,7 @@ non-privileged accounts - + @@ -23395,26 +17959,12 @@ value="system"/> -

Implement replay-resistant authentication mechanisms for access to .

Authentication processes resist replay attacks if it is impractical to achieve successful authentications by replaying previous authentication messages. Replay-resistant techniques include protocols that use nonces or challenges such as time synchronous or cryptographic authenticators.

 - - -

replay-resistant authentication mechanisms for access to are implemented.

@@ -23455,7 +18005,7 @@ Acceptance of PIV Credentials - + @@ -23464,9 +18014,6 @@ value="system"/> -

Accept and electronically verify Personal Identity Verification-compliant credentials.

IA-2 (12) Additional FedRAMP Requirements and Guidance @@ -23480,17 +18027,6 @@

Acceptance of Personal Identity Verification (PIV)-compliant credentials applies to organizations implementing logical access control and physical access control systems. PIV-compliant credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. The adequacy and reliability of PIV card issuers are authorized using SP 800-79-2 . Acceptance of PIV-compliant credentials includes derived PIV credentials, the use of which is addressed in SP 800-166 . The DOD Common Access Card (CAC) is an example of a PIV credential.

 - - -

Personal Identity Verification-compliant credentials are accepted and electronically verified.

@@ -23546,6 +18082,7 @@ network + @@ -23565,26 +18102,12 @@ -

Uniquely identify and authenticate before establishing a connection.

Devices that require unique device-to-device identification and authentication are defined by type, device, or a combination of type and device. Organization-defined device types include devices that are not owned by the organization. Systems use shared known information (e.g., Media Access Control [MAC], Transmission Control Protocol/Internet Protocol [TCP/IP] addresses) for device identification or organizational authentication solutions (e.g., Institute of Electrical and Electronics Engineers (IEEE) 802.1x and Extensible Authentication Protocol [EAP], RADIUS server with EAP-Transport Layer Security [TLS] authentication, Kerberos) to identify and authenticate devices on local and wide area networks. Organizations determine the required strength of authentication mechanisms based on the security categories of systems and mission or business requirements. Because of the challenges of implementing device authentication on a large scale, organizations can restrict the application of the control to a limited number/type of devices based on mission or business needs.

 - - -

are uniquely identified and authenticated before establishing a connection.

@@ -23646,7 +18169,7 @@

a time period for preventing reuse of identifiers is defined;

- + @@ -23678,30 +18201,18 @@

Manage system identifiers by:

-

Receiving authorization from to assign an individual, group, role, service, or device identifier;

 -

Selecting an identifier that identifies an individual, group, role, service, or device;

 -

Assigning the identifier to the intended individual, group, role, service, or device; and

 -

Preventing reuse of identifiers for .

 @@ -23712,65 +18223,21 @@ - - -

system identifiers are managed by receiving authorization from to assign to an individual, group, role, or device identifier;

 - - -

system identifiers are managed by selecting an identifier that identifies an individual, group, role, service, or device;

 - - -

system identifiers are managed by assigning the identifier to the intended individual, group, role, service, or device;

 - - -

system identifiers are managed by preventing reuse of identifiers for .

@@ -23822,6 +18289,7 @@

characteristics used to identify individual status is defined;

+ @@ -23830,26 +18298,12 @@ value="organization"/> -

Manage individual identifiers by uniquely identifying each individual as .

Characteristics that identify the status of individuals include contractors, foreign nationals, and non-organizational users. Identifying the status of individuals by these characteristics provides additional information about the people with whom organizational personnel are communicating. For example, it might be useful for a government employee to know that one of the individuals on an email message is a contractor.

 - - -

individual identifiers are managed by uniquely identifying each individual as .

@@ -23898,7 +18352,7 @@

events that trigger the change or refreshment of authenticators are defined;

- + @@ -23937,65 +18391,38 @@

Manage system authenticators by:

-

Verifying, as part of the initial authenticator distribution, the identity of the individual, group, role, service, or device receiving the authenticator;

 -

Establishing initial authenticator content for any authenticators issued by the organization;

 -

Ensuring that authenticators have sufficient strength of mechanism for their intended use;

 -

Establishing and implementing administrative procedures for initial authenticator distribution, for lost or compromised or damaged authenticators, and for revoking authenticators;

 -

Changing default authenticators prior to first use;

 -

Changing or refreshing authenticators or when occur;

 -

Protecting authenticator content from unauthorized disclosure and modification;

 -

Requiring individuals to take, and having devices implement, specific controls to protect authenticators; and

 -

Changing authenticators for group or role accounts when membership to those accounts changes.

 @@ -24018,113 +18445,36 @@ - - -

system authenticators are managed through the verification of the identity of the individual, group, role, service, or device receiving the authenticator as part of the initial authenticator distribution;

 - - -

system authenticators are managed through the establishment of initial authenticator content for any authenticators issued by the organization;

 - - -

system authenticators are managed to ensure that authenticators have sufficient strength of mechanism for their intended use;

 - - -

system authenticators are managed through the establishment and implementation of administrative procedures for initial authenticator distribution; lost, compromised, or damaged authenticators; and the revocation of authenticators;

 - - -

system authenticators are managed through the change of default authenticators prior to first use;

 - - -

system authenticators are managed through the change or refreshment of authenticators or when occur;

 - - -

system authenticators are managed through the protection of authenticator content from unauthorized disclosure and modification;

@@ -24132,33 +18482,11 @@ - - -

system authenticators are managed through the requirement for individuals to take specific controls to protect authenticators;

 - - -

system authenticators are managed through the requirement for devices to implement specific controls to protect authenticators;

@@ -24166,17 +18494,6 @@ - - -

system authenticators are managed through the change of authenticators for group or role accounts when membership to those accounts changes.

@@ -24228,6 +18545,7 @@

authenticator composition and complexity rules are defined;

+ @@ -24242,58 +18560,34 @@

For password-based authentication:

-

Maintain a list of commonly-used, expected, or compromised passwords and update the list and when organizational passwords are suspected to have been compromised directly or indirectly;

 -

Verify, when users create or update passwords, that the passwords are not found on the list of commonly-used, expected, or compromised passwords in IA-5(1)(a);

 -

Transmit passwords only over cryptographically-protected channels;

 -

Store passwords using an approved salted key derivation function, preferably using a keyed hash;

 -

Require immediate selection of a new password upon account recovery;

 -

Allow user selection of long passwords and passphrases, including spaces and all printable characters;

 -

Employ automated tools to assist the user in selecting strong password authenticators; and

 -

Enforce the following composition and complexity rules: .

 @@ -24305,7 +18599,7 @@ -

For cases where technology doesn't allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.

+

For cases where technology doesn’t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.

For emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used.

 @@ -24320,109 +18614,41 @@ - - -

for password-based authentication, a list of commonly used, expected, or compromised passwords is maintained and updated and when organizational passwords are suspected to have been compromised directly or indirectly;

 - - -

for password-based authentication when passwords are created or updated by users, the passwords are verified not to be found on the list of commonly used, expected, or compromised passwords in IA-05(01)(a);

 - -

for password-based authentication, passwords are only transmitted over cryptographically protected channels;

 - -

for password-based authentication, passwords are stored using an approved salted key derivation function, preferably using a keyed hash;

 - -

for password-based authentication, immediate selection of a new password is required upon account recovery;

 - -

for password-based authentication, user selection of long passwords and passphrases is allowed, including spaces and all printable characters;

 - -

for password-based authentication, automated tools are employed to assist the user in selecting strong password authenticators;

 - - -

for password-based authentication, are enforced.

@@ -24463,6 +18689,7 @@ Public Key-based Authentication + @@ -24474,9 +18701,6 @@ -

For public key-based authentication:

@@ -24489,9 +18713,6 @@ -

When public key infrastructure (PKI) is used:

@@ -24512,25 +18733,11 @@ - -

authorized access to the corresponding private key is enforced for public key-based authentication;

 - -

the authenticated identity is mapped to the account of the individual or group for public key-based authentication;

@@ -24540,25 +18747,11 @@ - -

when public key infrastructure (PKI) is used, certificates are validated by constructing and verifying a certification path to an accepted trust anchor, including checking certificate status information;

 - -

when public key infrastructure (PKI) is used, a local cache of revocation data is implemented to support path discovery and validation.

@@ -24601,6 +18794,7 @@ Protection of Authenticators + @@ -24610,22 +18804,12 @@ -

Protect authenticators commensurate with the security category of the information to which use of the authenticator permits access.

For systems that contain multiple security categories of information without reliable physical or logical separation between categories, authenticators used to grant access to the systems are protected commensurate with the highest security category of information on the systems. Security categories of information are determined as part of the security categorization process.

 - -

authenticators are protected commensurate with the security category of the information to which use of the authenticator permits access.

@@ -24664,6 +18848,7 @@ No Embedded Unencrypted Static Authenticators + @@ -24672,9 +18857,6 @@ value="organization"/> -

Ensure that unencrypted static authenticators are not embedded in applications or other forms of static storage.

IA-5 (7) Additional FedRAMP Requirements and Guidance @@ -24688,13 +18870,6 @@

In addition to applications, other forms of static storage include access scripts and function keys. Organizations exercise caution when determining whether embedded or stored authenticators are in encrypted or unencrypted form. If authenticators are used in the manner stored, then those representations are considered unencrypted authenticators.

 - -

unencrypted static authenticators are not embedded in applications or other forms of static storage.

@@ -24745,6 +18920,7 @@

security controls implemented to manage the risk of compromise due to individuals having accounts on multiple systems are defined;

+ @@ -24754,9 +18930,6 @@ -

Implement to manage the risk of compromise due to individuals having accounts on multiple systems.

IA-5 (8) Additional FedRAMP Requirements and Guidance @@ -24770,17 +18943,6 @@

When individuals have accounts on multiple systems and use the same authenticators such as passwords, there is the risk that a compromise of one account may lead to the compromise of other accounts. Alternative approaches include having different authenticators (passwords) on all systems, employing a single sign-on or federation mechanism, or using some form of one-time passwords on all systems. Organizations can also use rules of behavior (see PL-4 ) and access agreements (see PS-6 ) to mitigate the risk of multiple system accounts.

 - - -

are implemented to manage the risk of compromise due to individuals having accounts on multiple systems.

@@ -24823,6 +18985,7 @@

the time period after which the use of cached authenticators is prohibited is defined;

+ @@ -24831,9 +18994,6 @@ value="system"/> -

Prohibit the use of cached authenticators after .

IA-5 (13) Additional FedRAMP Requirements and Guidance @@ -24847,17 +19007,6 @@

Cached authenticators are used to authenticate to the local machine when the network is not available. If cached authentication information is out of date, the validity of the authentication information may be questionable.

 - - -

the use of cached authenticators is prohibited after .

@@ -24896,6 +19045,7 @@ Authentication Feedback + @@ -24904,22 +19054,12 @@ value="system"/> -

Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals.

Authentication feedback from systems does not provide information that would allow unauthorized individuals to compromise authentication mechanisms. For some types of systems, such as desktops or notebooks with relatively large monitors, the threat (referred to as shoulder surfing) may be significant. For other types of systems, such as mobile devices with small displays, the threat may be less significant and is balanced against the increased likelihood of typographic input errors due to small keyboards. Thus, the means for obscuring authentication feedback is selected accordingly. Obscuring authentication feedback includes displaying asterisks when users type passwords into input devices or displaying feedback for a very limited time before obscuring it.

 - -

the feedback of authentication information is obscured during the authentication process to protect the information from possible exploitation and use by unauthorized individuals.

@@ -24956,6 +19096,7 @@ Cryptographic Module Authentication + @@ -24969,30 +19110,12 @@ -

Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication.

Authentication mechanisms may be required within a cryptographic module to authenticate an operator accessing the module and to verify that the operator is authorized to assume the requested role and perform services within that role.

 - - - -

mechanisms for authentication to a cryptographic module are implemented that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication.

@@ -25030,6 +19153,7 @@ Identification and Authentication (Non-organizational Users) + @@ -25060,22 +19184,12 @@ -

Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users.

Non-organizational users include system users other than organizational users explicitly covered by IA-2 . Non-organizational users are uniquely identified and authenticated for accesses other than those explicitly identified and documented in AC-14 . Identification and authentication of non-organizational users accessing federal systems may be required to protect federal, proprietary, or privacy-related information (with exceptions noted for national security systems). Organizations consider many factors—including security, privacy, scalability, and practicality—when balancing the need to ensure ease of use for access to federal information and systems with the need to protect and adequately mitigate risk.

 - -

non-organizational users or processes acting on behalf of non-organizational users are uniquely identified and authenticated.

@@ -25114,6 +19228,7 @@ Acceptance of PIV Credentials from Other Agencies + @@ -25123,22 +19238,12 @@ -

Accept and electronically verify Personal Identity Verification-compliant credentials from other federal agencies.

Acceptance of Personal Identity Verification (PIV) credentials from other federal agencies applies to both logical and physical access control systems. PIV credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidelines. The adequacy and reliability of PIV card issuers are addressed and authorized using SP 800-79-2.

 - - @@ -25190,6 +19295,7 @@ Acceptance of External Authenticators + @@ -25199,16 +19305,10 @@ -

Accept only external authenticators that are NIST-compliant; and

 -

Document and maintain a list of accepted external authenticators.

 @@ -25219,29 +19319,11 @@ - -

only external authenticators that are NIST-compliant are accepted;

 - - - @@ -25302,6 +19384,7 @@

identity management profiles are defined;

+ @@ -25310,30 +19393,12 @@ value="system"/> -

Conform to the following profiles for identity management .

Organizations define profiles for identity management based on open identity management standards. To ensure that open identity management standards are viable, robust, reliable, sustainable, and interoperable as documented, the Federal Government assesses and scopes the standards and technology implementations against applicable laws, executive orders, directives, policies, regulations, standards, and guidelines.

 - - - -

there is conformance with for identity management.

@@ -25379,6 +19444,7 @@

circumstances or situations requiring re-authentication are defined;

+ @@ -25395,9 +19461,6 @@ -

Require users to re-authenticate when .

IA-11 Additional FedRAMP Requirements and Guidance @@ -25418,21 +19481,6 @@

In addition to the re-authentication requirements associated with device locks, organizations may require re-authentication of individuals in certain situations, including when roles, authenticators or credentials change, when security categories of systems change, when the execution of privileged functions occurs, after a fixed time period, or periodically.

 - - - -

users are required to re-authenticate when .

@@ -25472,6 +19520,7 @@ Identity Proofing + @@ -25493,23 +19542,14 @@ -

Identity proof users that require accounts for logical access to systems based on appropriate identity assurance level requirements as specified in applicable standards and guidelines;

 -

Resolve user identities to a unique individual; and

 -

Collect, validate, and verify identity evidence.

 @@ -25527,53 +19567,16 @@ - - - -

users who require accounts for logical access to systems based on appropriate identity assurance level requirements as specified in applicable standards and guidelines are identity proofed;

 - - -

user identities are resolved to a unique individual;

 - - - @@ -25626,6 +19629,7 @@ Identity Evidence + @@ -25634,26 +19638,12 @@ value="organization"/> -

Require evidence of individual identification be presented to the registration authority.

Identity evidence, such as documentary evidence or a combination of documents and biometrics, reduces the likelihood of individuals using fraudulent identification to establish an identity or at least increases the work factor of potential adversaries. The forms of acceptable evidence are consistent with the risks to the systems, roles, and privileges associated with the user’s account.

 - - -

evidence of individual identification is presented to the registration authority.

@@ -25695,6 +19685,7 @@

methods of validation and verification of identity evidence are defined;

+ @@ -25703,30 +19694,12 @@ value="organization"/> -

Require that the presented identity evidence be validated and verified through .

Validation and verification of identity evidence increases the assurance that accounts and identifiers are being established for the correct user and authenticators are being bound to that user. Validation refers to the process of confirming that the evidence is genuine and authentic, and the data contained in the evidence is correct, current, and related to an individual. Verification confirms and establishes a linkage between the claimed identity and the actual existence of the user presenting the evidence. Acceptable methods for validating and verifying identity evidence are consistent with the risks to the systems, roles, and privileges associated with the users account.

 - - - -

the presented identity evidence is validated and verified through .

@@ -25762,6 +19735,7 @@ In-person Validation and Verification + @@ -25770,26 +19744,12 @@ value="organization"/> -

Require that the validation and verification of identity evidence be conducted in person before a designated registration authority.

In-person proofing reduces the likelihood of fraudulent credentials being issued because it requires the physical presence of individuals, the presentation of physical identity documents, and actual face-to-face interactions with designated registration authorities.

 - - -

the validation and verification of identity evidence is conducted in person before a designated registration authority.

@@ -25831,6 +19791,7 @@ notice of proofing + @@ -25840,9 +19801,6 @@ -

Require that a be delivered through an out-of-band channel to verify the users address (physical or digital) of record.

IA-12 (5) Additional FedRAMP Requirements and Guidance @@ -25856,17 +19814,6 @@

To make it more difficult for adversaries to pose as legitimate users during the identity proofing process, organizations can use out-of-band methods to ensure that the individual associated with an address of record is the same individual that participated in the registration. Confirmation can take the form of a temporary enrollment code or a notice of proofing. The delivery address for these artifacts is obtained from records and not self-asserted by the user. The address can include a physical or digital address. A home address is an example of a physical address. Email addresses and telephone numbers are examples of digital addresses.

 - - -

a is delivered through an out-of-band channel to verify the user’s address (physical or digital) of record.

@@ -25973,6 +19920,7 @@

events that would require the incident response procedures to be reviewed and updated are defined;

+ @@ -25995,13 +19943,6 @@ - - -

This response must address all control sub-statement requirements.

- -

Develop, document, and disseminate to :

@@ -26023,20 +19964,10 @@ -

Designate an to manage the development, documentation, and dissemination of the incident response policy and procedures; and

 - - -

This response must address all control sub-statement requirements.

- -

Review and update the current incident response:

@@ -26057,57 +19988,21 @@ - - -

an incident response policy is developed and documented;

 - - -

the incident response policy is disseminated to ;

 - -

incident response procedures to facilitate the implementation of the incident response policy and associated incident response controls are developed and documented;

 - -

the incident response procedures are disseminated to ;

@@ -26115,13 +20010,6 @@ - - @@ -26161,13 +20049,6 @@ - -

the incident response policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

@@ -26177,17 +20058,6 @@ - - -

the is designated to manage the development, documentation, and dissemination of the incident response policy and procedures;

@@ -26195,17 +20065,6 @@ - - - @@ -26220,17 +20079,6 @@ - - - @@ -26308,6 +20156,7 @@

events that initiate a review of the incident response training content are defined;

+ @@ -26329,9 +20178,6 @@ -

Provide incident response training to system users consistent with assigned roles and responsibilities:

@@ -26349,9 +20195,6 @@ -

Review and update incident response training content and following .

 @@ -26364,49 +20207,16 @@ - - -

incident response training is provided to system users consistent with assigned roles and responsibilities within of assuming an incident response role or responsibility or acquiring system access;

 - - -

incident response training is provided to system users consistent with assigned roles and responsibilities when required by system changes;

 - - -

incident response training is provided to system users consistent with assigned roles and responsibilities thereafter;

@@ -26416,33 +20226,11 @@ - - -

incident response training content is reviewed and updated ;

 - - -

incident response training content is reviewed and updated following .

@@ -26477,6 +20265,7 @@ Simulated Events + @@ -26488,26 +20277,12 @@ value="true"/> -

Incorporate simulated events into incident response training to facilitate the required response by personnel in crisis situations.

Organizations establish requirements for responding to incidents in incident response plans. Incorporating simulated events into incident response training helps to ensure that personnel understand their individual responsibilities and what specific actions to take in crisis situations.

 - - -

simulated events are incorporated into incident response training to facilitate the required response by personnel in crisis situations.

@@ -26550,6 +20325,7 @@

automated mechanisms used in an incident response training environment are defined;

+ @@ -26561,22 +20337,12 @@ value="true"/> -

Provide an incident response training environment using .

Automated mechanisms can provide a more thorough and realistic incident response training environment. This can be accomplished, for example, by providing more complete coverage of incident response issues, selecting more realistic training scenarios and environments, and stressing the response capability.

 - -

an incident response training environment is provided using .

@@ -26632,7 +20398,7 @@

tests used to test the effectiveness of the incident response capability for the system are defined;

- + @@ -26652,9 +20418,6 @@ -

Test the effectiveness of the incident response capability for the system using the following tests: .

IR-3-2 Additional FedRAMP Requirements and Guidance @@ -26668,17 +20431,6 @@

Organizations test incident response capabilities to determine their effectiveness and identify potential weaknesses or deficiencies. Incident response testing includes the use of checklists, walk-through or tabletop exercises, and simulations (parallel or full interrupt). Incident response testing can include a determination of the effects on organizational operations and assets and individuals due to incident response. The use of qualitative and quantitative data aids in determining the effectiveness of incident response processes.

 - - -

the effectiveness of the incident response capability for the system is tested using .

@@ -26711,6 +20463,7 @@ Coordination with Related Plans + @@ -26722,26 +20475,12 @@ value="true"/> -

Coordinate incident response testing with organizational elements responsible for related plans.

Organizational plans related to incident response testing include business continuity plans, disaster recovery plans, continuity of operations plans, contingency plans, crisis communications plans, critical infrastructure plans, and occupant emergency plans.

 - - -

incident response testing is coordinated with organizational elements responsible for related plans.

@@ -26780,7 +20519,7 @@ Incident Handling - + @@ -26820,30 +20559,18 @@ -

Implement an incident handling capability for incidents that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery;

 -

Coordinate incident handling activities with contingency planning activities;

 -

Incorporate lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implement the resulting changes accordingly; and

 -

Ensure the rigor, intensity, scope, and results of incident handling activities are comparable and predictable across the organization.

 @@ -26867,33 +20594,11 @@ - - -

an incident handling capability for incidents is implemented that is consistent with the incident response plan;

 - - -

the incident handling capability for incidents includes preparation;

@@ -26921,17 +20626,6 @@ - - -

incident handling activities are coordinated with contingency planning activities;

@@ -26939,33 +20633,11 @@ - - -

lessons learned from ongoing incident handling activities are incorporated into incident response procedures, training, and testing;

 - - -

the changes resulting from the incorporated lessons learned are implemented accordingly;

@@ -26973,17 +20645,6 @@ - - - @@ -27047,7 +20708,7 @@

automated mechanisms used to support the incident handling process are defined;

- + @@ -27056,26 +20717,12 @@ value="organization"/> -

Support the incident handling process using .

Automated mechanisms that support incident handling processes include online incident management systems and tools that support the collection of live response data, full network packet capture, and forensic analysis.

 - - -

the incident handling process is supported using .

@@ -27130,7 +20777,7 @@

system components that require dynamic reconfiguration are defined;

- + @@ -27142,26 +20789,12 @@ -

Include the following types of dynamic reconfiguration for as part of the incident response capability: .

Dynamic reconfiguration includes changes to router rules, access control lists, intrusion detection or prevention system parameters, and filter rules for guards or firewalls. Organizations may perform dynamic reconfiguration of systems to stop attacks, misdirect attackers, and isolate components of systems, thus limiting the extent of the damage from breaches or compromises. Organizations include specific time frames for achieving the reconfiguration of systems in the definition of the reconfiguration capability, considering the potential need for rapid response to effectively address cyber threats.

 - - -

for are included as part of the incident response capability.

@@ -27201,7 +20834,7 @@ Information Correlation - + @@ -27210,26 +20843,12 @@ value="organization"/> -

Correlate incident information and individual incident responses to achieve an organization-wide perspective on incident awareness and response.

Sometimes, a threat event, such as a hostile cyber-attack, can only be observed by bringing together information from different sources, including various reports and reporting procedures established by organizations.

 - - -

incident information and individual incident responses are correlated to achieve an organization-wide perspective on incident awareness and response.

@@ -27277,7 +20896,7 @@ Insider Threats - + @@ -27286,26 +20905,12 @@ value="organization"/> -

Implement an incident handling capability for incidents involving insider threats.

Explicit focus on handling incidents involving insider threats provides additional emphasis on this type of threat and the need for specific incident handling capabilities to provide appropriate and timely responses.

 - - -

an incident handling capability is implemented for incidents involving insider threats.

@@ -27349,6 +20954,7 @@

the time period within which an integrated incident response team can be deployed is defined;

+ @@ -27358,9 +20964,6 @@ -

Establish and maintain an integrated incident response team that can be deployed to any location identified by the organization in .

 @@ -27370,33 +20973,11 @@ - - -

an integrated incident response team is established and maintained;

 - - -

the integrated incident response team can be deployed to any location identified by the organization in .

@@ -27429,6 +21010,7 @@ Incident Monitoring + @@ -27452,26 +21034,12 @@ -

Track and document incidents.

Documenting incidents includes maintaining records about each incident, the status of the incident, and other pertinent information necessary for forensics as well as evaluating incident details, trends, and handling. Incident information can be obtained from a variety of sources, including network monitoring, incident reports, incident response teams, user complaints, supply chain partners, audit monitoring, physical access monitoring, and user and administrator reports. IR-4 provides information on the types of incidents that are appropriate for monitoring.

 - - - @@ -27537,6 +21105,7 @@

automated mechanisms used to analyze incident information are defined;

+ @@ -27548,30 +21117,12 @@ value="true"/> -

Track incidents and collect and analyze incident information using .

Automated mechanisms for tracking incidents and collecting and analyzing incident information include Computer Incident Response Centers or other electronic databases of incidents and network monitoring devices.

 - - - - @@ -27639,6 +21190,7 @@

authorities to whom incident information is to be reported are defined;

+ @@ -27657,16 +21209,10 @@ -

Require personnel to report suspected incidents to the organizational incident response capability within ; and

 -

Report incident information to .

 @@ -27684,33 +21230,11 @@ - - -

personnel is/are required to report suspected incidents to the organizational incident response capability within ;

 - - -

incident information is reported to .

@@ -27757,6 +21281,7 @@

automated mechanisms used for reporting incidents are defined;

+ @@ -27766,30 +21291,12 @@ -

Report incidents using .

The recipients of incident reports are specified in IR-6b . Automated reporting mechanisms include email, posting on websites (with automatic updates), and automated incident response tools and programs.

 - - - -

incidents are reported using .

@@ -27827,6 +21334,7 @@ Supply Chain Coordination + @@ -27836,26 +21344,12 @@ -

Provide incident information to the provider of the product or service and other organizations involved in the supply chain or supply chain governance for systems or system components related to the incident.

Organizations involved in supply chain activities include product developers, system integrators, manufacturers, packagers, assemblers, distributors, vendors, and resellers. Entities that provide supply chain governance include the Federal Acquisition Security Council (FASC). Supply chain incidents include compromises or breaches that involve information technology products, system components, development processes or personnel, distribution processes, or warehousing facilities. Organizations determine the appropriate information to share and consider the value gained from informing external organizations about supply chain incidents, including the ability to improve processes or to identify the root cause of an incident.

 - - -

incident information is provided to the provider of the product or service and other organizations involved in the supply chain or supply chain governance for systems or system components related to the incident.

@@ -27899,6 +21393,7 @@ Incident Response Assistance + @@ -27917,9 +21412,6 @@ -

Provide an incident response support resource, integral to the organizational incident response capability, that offers advice and assistance to users of the system for the handling and reporting of incidents.

 @@ -27928,33 +21420,11 @@ - - -

an incident response support resource, integral to the organizational incident response capability, is provided;

 - - -

the incident response support resource offers advice and assistance to users of the system for the response and reporting of incidents.

@@ -27998,6 +21468,7 @@

automated mechanisms used to increase the availability of incident response information and support are defined;

+ @@ -28006,30 +21477,12 @@ value="organization"/> -

Increase the availability of incident response information and support using .

Automated mechanisms can provide a push or pull capability for users to obtain incident response assistance. For example, individuals may have access to a website to query the assistance capability, or the assistance capability can proactively send incident response information to users (general distribution or targeted) as part of increasing understanding of current response capabilities and support.

 - - - -

the availability of incident response information and support is increased using .

@@ -28129,6 +21582,7 @@

organizational elements to which changes to the incident response plan are communicated are defined;

+ @@ -28151,9 +21605,6 @@ -

Develop an incident response plan that:

@@ -28199,30 +21650,18 @@ -

Distribute copies of the incident response plan to ;

 -

Update the incident response plan to address system and organizational changes or problems encountered during plan implementation, execution, or testing;

 -

Communicate incident response plan changes to ; and

 -

Protect the incident response plan from unauthorized disclosure and modification.

 @@ -28246,122 +21685,52 @@ - -

an incident response plan is developed that provides the organization with a roadmap for implementing its incident response capability;

 - -

an incident response plan is developed that describes the structure and organization of the incident response capability;

 - -

an incident response plan is developed that provides a high-level approach for how the incident response capability fits into the overall organization;

 - -

an incident response plan is developed that meets the unique requirements of the organization with regard to mission, size, structure, and functions;

 - -

an incident response plan is developed that defines reportable incidents;

 - -

an incident response plan is developed that provides metrics for measuring the incident response capability within the organization;

 - -

an incident response plan is developed that defines the resources and management support needed to effectively maintain and mature an incident response capability;

 - -

an incident response plan is developed that addresses the sharing of incident information;

 - -

an incident response plan is developed that is reviewed and approved by ;

 - -

an incident response plan is developed that explicitly designates responsibility for incident response to .

@@ -28369,13 +21738,6 @@ - - @@ -28390,33 +21752,11 @@ - - -

the incident response plan is updated to address system and organizational changes or problems encountered during plan implementation, execution, or testing;

 - - - @@ -28431,13 +21771,6 @@ - - @@ -28502,6 +21835,7 @@

actions to be performed are defined;

+ @@ -28519,51 +21853,30 @@

Respond to information spills by:

-

Assigning with responsibility for responding to information spills;

 -

Identifying the specific information involved in the system contamination;

 -

Alerting of the information spill using a method of communication not associated with the spill;

 -

Isolating the contaminated system or system component;

 -

Eradicating the information from the contaminated system or component;

 -

Identifying other systems or system components that may have been subsequently contaminated; and

 -

Performing the following additional actions: .

 @@ -28574,115 +21887,38 @@ - - -

is/are assigned the responsibility to respond to information spills;

 - - -

the specific information involved in the system contamination is identified in response to information spills;

 - - -

is/are alerted of the information spill using a method of communication not associated with the spill;

 - - -

the contaminated system or system component is isolated in response to information spills;

 - - -

the information is eradicated from the contaminated system or component in response to information spills;

 - - -

other systems or system components that may have been subsequently contaminated are identified in response to information spills;

 - - -

are performed in response to information spills.

@@ -28733,6 +21969,7 @@

frequency at which to provide information spillage response training is defined;

+ @@ -28745,22 +21982,12 @@ -

Provide information spillage response training .

Organizations establish requirements for responding to information spillage incidents in incident response plans. Incident response training on a regular basis helps to ensure that organizational personnel understand their individual responsibilities and what specific actions to take when spillage incidents occur.

 - -

information spillage response training is provided .

@@ -28796,6 +22023,7 @@

procedures to be implemented to ensure that organizational personnel impacted by information spills can continue to carry out assigned tasks while contaminated systems are undergoing corrective actions are defined;

+ @@ -28804,22 +22032,12 @@ value="organization"/> -

Implement the following procedures to ensure that organizational personnel impacted by information spills can continue to carry out assigned tasks while contaminated systems are undergoing corrective actions: .

Corrective actions for systems contaminated due to information spillages may be time-consuming. Personnel may not have access to the contaminated systems while corrective actions are being taken, which may potentially affect their ability to conduct organizational business.

 - -

are implemented to ensure that organizational personnel impacted by information spills can continue to carry out assigned tasks while contaminated systems are undergoing corrective actions.

@@ -28861,6 +22079,7 @@

controls employed for personnel exposed to information not within assigned access authorizations are defined;

+ @@ -28869,22 +22088,12 @@ value="organization"/> -

Employ the following controls for personnel exposed to information not within assigned access authorizations: .

Controls include ensuring that personnel who are exposed to spilled information are made aware of the laws, executive orders, directives, regulations, policies, standards, and guidelines regarding the information and the restrictions imposed based on exposure to such information.

 - -

are employed for personnel exposed to information not within assigned access authorizations.

@@ -28993,6 +22202,7 @@

events that would require the maintenance procedures to be reviewed and updated are defined;

+ @@ -29012,13 +22222,6 @@ - - -

This response must address all control sub-statement requirements.

- -

Develop, document, and disseminate to :

@@ -29040,20 +22243,10 @@ -

Designate an to manage the development, documentation, and dissemination of the maintenance policy and procedures; and

 - - -

This response must address all control sub-statement requirements.

- -

Review and update the current maintenance:

@@ -29074,57 +22267,21 @@ - - -

a maintenance policy is developed and documented;

 - - -

the maintenance policy is disseminated to ;

 - -

maintenance procedures to facilitate the implementation of the maintenance policy and associated maintenance controls are developed and documented;

 - -

the maintenance procedures are disseminated to ;

@@ -29132,13 +22289,6 @@ - - @@ -29178,13 +22328,6 @@ - -

the maintenance policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

@@ -29194,17 +22337,6 @@ - - -

the is designated to manage the development, documentation, and dissemination of the maintenance policy and procedures;

@@ -29212,17 +22344,6 @@ - - - @@ -29237,17 +22358,6 @@ - - - @@ -29305,6 +22415,7 @@

information to be included in organizational maintenance records is defined;

+ @@ -29327,44 +22438,26 @@ -

Schedule, document, and review records of maintenance, repair, and replacement on system components in accordance with manufacturer or vendor specifications and/or organizational requirements;

 -

Approve and monitor all maintenance activities, whether performed on site or remotely and whether the system or system components are serviced on site or removed to another location;

 -

Require that explicitly approve the removal of the system or system components from organizational facilities for off-site maintenance, repair, or replacement;

 -

Sanitize equipment to remove the following information from associated media prior to removal from organizational facilities for off-site maintenance, repair, or replacement: ;

 -

Check all potentially impacted controls to verify that the controls are still functioning properly following maintenance, repair, or replacement actions; and

 -

Include the following information in organizational maintenance records: .

 @@ -29375,21 +22468,6 @@ - - - - @@ -29409,17 +22487,6 @@ - - - @@ -29434,58 +22501,22 @@ - - -

is/are required to explicitly approve the removal of the system or system components from organizational facilities for off-site maintenance, repair, or replacement;

 - - -

equipment is sanitized to remove from associated media prior to removal from organizational facilities for off-site maintenance, repair, or replacement;

 - -

all potentially impacted controls are checked to verify that the controls are still functioning properly following maintenance, repair, or replacement actions;

 - -

is included in organizational maintenance records.

@@ -29550,6 +22581,7 @@

automated mechanisms used to document maintenance, repair, and replacement actions for the system are defined;

+ @@ -29560,16 +22592,10 @@ -

Schedule, conduct, and document maintenance, repair, and replacement actions for the system using ; and

 -

Produce up-to date, accurate, and complete records of all maintenance, repair, and replacement actions requested, scheduled, in process, and completed.

 @@ -29580,17 +22606,6 @@ - - - @@ -29613,17 +22628,6 @@ - - - @@ -29689,6 +22693,7 @@

frequency at which to review previously approved system maintenance tools is defined;

+ @@ -29700,16 +22705,10 @@ -

Approve, control, and monitor the use of system maintenance tools; and

 -

Review previously approved system maintenance tools .

 @@ -29722,21 +22721,6 @@ - - - - @@ -29756,21 +22740,6 @@ - - - -

previously approved system maintenance tools are reviewed .

@@ -29807,6 +22776,7 @@ Inspect Tools + @@ -29816,30 +22786,12 @@ -

Inspect the maintenance tools used by maintenance personnel for improper or unauthorized modifications.

Maintenance tools can be directly brought into a facility by maintenance personnel or downloaded from a vendor’s website. If, upon inspection of the maintenance tools, organizations determine that the tools have been modified in an improper manner or the tools contain malicious code, the incident is handled consistent with organizational policies and procedures for incident handling.

 - - - -

maintenance tools used by maintenance personnel are inspected for improper or unauthorized modifications.

@@ -29876,7 +22828,7 @@ Inspect Media - + @@ -29886,30 +22838,12 @@ -

Check media containing diagnostic and test programs for malicious code before the media are used in the system.

If, upon inspection of media containing maintenance, diagnostic, and test programs, organizations determine that the media contains malicious code, the incident is handled consistent with organizational incident handling policies and procedures.

 - - - -

media containing diagnostic and test programs are checked for malicious code before the media are used in the system.

@@ -29956,6 +22890,7 @@

personnel or roles who can authorize removal of equipment from the facility is/are defined;

+ @@ -29967,30 +22902,18 @@

Prevent the removal of maintenance equipment containing organizational information by:

-

Verifying that there is no organizational information contained on the equipment;

 -

Sanitizing or destroying the equipment;

 -

Retaining the equipment within the facility; or

 -

Obtaining an exemption from explicitly authorizing removal of the equipment from the facility.

 @@ -29999,21 +22922,6 @@

Organizational information includes all information owned by organizations and any information provided to organizations for which the organizations serve as information stewards.

 - - - - @@ -30074,6 +22982,7 @@ Nonlocal Maintenance + @@ -30102,37 +23011,22 @@ -

Approve and monitor nonlocal maintenance and diagnostic activities;

 -

Allow the use of nonlocal maintenance and diagnostic tools only as consistent with organizational policy and documented in the security plan for the system;

 -

Employ strong authentication in the establishment of nonlocal maintenance and diagnostic sessions;

 -

Maintain records for nonlocal maintenance and diagnostic activities; and

 -

Terminate session and network connections when nonlocal maintenance is completed.

 @@ -30143,17 +23037,6 @@ - - - @@ -30170,29 +23053,11 @@ - - -

the use of nonlocal maintenance and diagnostic tools are allowed only as consistent with organizational policy;

 - -

the use of nonlocal maintenance and diagnostic tools are documented in the security plan for the system;

@@ -30200,45 +23065,16 @@ - - - -

strong authentication is employed in the establishment of nonlocal maintenance and diagnostic sessions;

 - -

records for nonlocal maintenance and diagnostic activities are maintained;

 - - @@ -30292,6 +23128,7 @@ Comparable Security and Sanitization + @@ -30304,16 +23141,10 @@ -

Require that nonlocal maintenance and diagnostic services be performed from a system that implements a security capability comparable to the capability implemented on the system being serviced; or

 -

Remove the component to be serviced from the system prior to nonlocal maintenance or diagnostic services; sanitize the component (for organizational information); and after the service is performed, inspect and sanitize the component (for potentially malicious software) before reconnecting the component to the system.

 @@ -30324,17 +23155,6 @@ - - - @@ -30351,37 +23171,16 @@ - -

the component to be serviced is removed from the system prior to nonlocal maintenance or diagnostic services;

 - -

the component to be serviced is sanitized (for organizational information);

 - -

the component is inspected and sanitized (for potentially malicious software) after the service is performed and before reconnecting the component to the system.

@@ -30430,6 +23229,7 @@ Maintenance Personnel + @@ -30450,23 +23250,14 @@ -

Establish a process for maintenance personnel authorization and maintain a list of authorized maintenance organizations or personnel;

 -

Verify that non-escorted personnel performing maintenance on the system possess the required access authorizations; and

 -

Designate organizational personnel with required access authorizations and technical competence to supervise the maintenance activities of personnel who do not possess the required access authorizations.

 @@ -30477,13 +23268,6 @@ - - @@ -30498,41 +23282,11 @@ - - - -

non-escorted personnel performing maintenance on the system possess the required access authorizations;

 - - - -

organizational personnel with required access authorizations and technical competence is/are designated to supervise the maintenance activities of personnel who do not possess the required access authorizations.

@@ -30578,6 +23332,7 @@

alternate controls to be developed and implemented in the event that a system component cannot be sanitized, removed, or disconnected from the system are defined;

+ @@ -30589,9 +23344,6 @@ -

Implement procedures for the use of maintenance personnel that lack appropriate security clearances or are not U.S. citizens, that include the following requirements:

@@ -30604,9 +23356,6 @@ -

Develop and implement in the event a system component cannot be sanitized, removed, or disconnected from the system.

 @@ -30619,33 +23368,11 @@ - - -

procedures for the use of maintenance personnel who lack appropriate security clearances or are not U.S. citizens are implemented and include approved organizational personnel who are fully cleared, have appropriate access authorizations, and are technically qualified escorting and supervising maintenance personnel without the needed access authorization during the performance of maintenance and diagnostic activities;

 - - -

procedures for the use of maintenance personnel who lack appropriate security clearances or are not U.S. citizens are implemented and include all volatile information storage components within the system being sanitized and all non-volatile storage media being removed or physically disconnected from the system and secured prior to initiating maintenance or diagnostic activities;

@@ -30653,21 +23380,6 @@ - - - -

are developed and implemented in the event that a system cannot be sanitized, removed, or disconnected from the system.

@@ -30732,6 +23444,7 @@

time period within which maintenance support and/or spare parts are to be obtained after a failure are defined;

+ @@ -30748,30 +23461,12 @@ -

Obtain maintenance support and/or spare parts for within of failure.

Organizations specify the system components that result in increased risk to organizational operations and assets, individuals, other organizations, or the Nation when the functionality provided by those components is not operational. Organizational actions to obtain maintenance support include having appropriate contracts in place.

 - - - -

maintenance support and/or spare parts are obtained for within of failure.

@@ -30879,6 +23574,7 @@

events that would require media protection procedures to be reviewed and updated are defined;

+ @@ -30898,13 +23594,6 @@ - - -

This response must address all control sub-statement requirements.

- -

Develop, document, and disseminate to :

@@ -30926,20 +23615,10 @@ -

Designate an to manage the development, documentation, and dissemination of the media protection policy and procedures; and

 - - -

This response must address all control sub-statement requirements.

- -

Review and update the current media protection:

@@ -30960,57 +23639,21 @@ - - -

a media protection policy is developed and documented;

 - - -

the media protection policy is disseminated to ;

 - -

media protection procedures to facilitate the implementation of the media protection policy and associated media protection controls are developed and documented;

 - -

the media protection procedures are disseminated to ;

@@ -31018,13 +23661,6 @@ - - @@ -31064,13 +23700,6 @@ - -

the media protection policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

@@ -31080,17 +23709,6 @@ - - -

the is designated to manage the development, documentation, and dissemination of the media protection policy and procedures.

@@ -31098,17 +23716,6 @@ - - - @@ -31123,17 +23730,6 @@ - - - @@ -31208,6 +23804,7 @@

personnel or roles authorized to access non-digital media is/are defined;

+ @@ -31232,9 +23829,6 @@ -

Restrict access to to .

 @@ -31243,41 +23837,11 @@ - - - -

access to is restricted to ;

 - - - -

access to is restricted to .

@@ -31340,6 +23904,7 @@

controlled areas where media is exempt from marking are defined;

+ @@ -31356,16 +23921,10 @@ -

Mark system media indicating the distribution limitations, handling caveats, and applicable security markings (if any) of the information; and

 -

Exempt from marking if the media remain within .

 @@ -31383,25 +23942,11 @@ - -

system media is marked to indicate distribution limitations, handling caveats, and applicable security markings (if any) of the information;

 - -

remain within .

@@ -31493,6 +24038,7 @@

controlled areas within which to securely store non-digital media are defined;

+ @@ -31523,16 +24069,10 @@ -

Physically control and securely store within ; and

 -

Protect system media types defined in MP-4a until the media are destroyed or sanitized using approved equipment, techniques, and procedures.

 @@ -31552,84 +24092,24 @@ - - - -

are physically controlled;

 - - - -

are physically controlled;

 - - - -

are securely stored within ;

 - - - -

are securely stored within ;

@@ -31638,21 +24118,6 @@ - - - -

system media types (defined in MP-04_ODP[01], MP-04_ODP[02], MP-04_ODP[03], MP-04_ODP[04]) are protected until the media are destroyed or sanitized using approved equipment, techniques, and procedures.

@@ -31723,6 +24188,7 @@

controls used to control system media outside of controlled areas are defined;

+ @@ -31746,30 +24212,18 @@ -

Protect and control during transport outside of controlled areas using ;

 -

Maintain accountability for system media during transport outside of controlled areas;

 -

Document activities associated with the transport of system media; and

 -

Restrict the activities associated with the transport of system media to authorized personnel.

 @@ -31787,21 +24241,6 @@ - - - - @@ -31818,33 +24257,11 @@ - - - -

accountability for system media is maintained during transport outside of controlled areas;

 - -

activities associated with the transport of system media are documented;

@@ -31852,29 +24269,11 @@ - - -

personnel authorized to conduct media transport activities is/are identified;

 - -

activities associated with the transport of system media are restricted to identified authorized personnel.

@@ -31965,6 +24364,7 @@

sanitization techniques and procedures to be used for sanitization prior to release for reuse are defined;

+ @@ -31995,16 +24395,10 @@ -

Sanitize prior to disposal, release out of organizational control, or release for reuse using ; and

 -

Employ sanitization mechanisms with the strength and integrity commensurate with the security category or classification of the information.

 @@ -32015,21 +24409,6 @@ - - - - @@ -32052,21 +24431,6 @@ - - - -

sanitization mechanisms with strength and integrity commensurate with the security category or classification of the information are employed.

@@ -32111,6 +24475,7 @@ Review, Approve, Track, Document, and Verify + @@ -32119,9 +24484,6 @@ value="organization"/> -

Review, approve, track, document, and verify media sanitization and disposal actions.

MP-6 (1) Additional FedRAMP Requirements and Guidance @@ -32135,13 +24497,6 @@

Organizations review and approve media to be sanitized to ensure compliance with records retention policies. Tracking and documenting actions include listing personnel who reviewed and approved sanitization and disposal actions, types of media sanitized, files stored on the media, sanitization methods used, date and time of the sanitization actions, personnel who performed the sanitization, verification actions taken and personnel who performed the verification, and the disposal actions taken. Organizations verify that the sanitization of the media was effective prior to disposal.

 - - @@ -32231,6 +24586,7 @@

frequency with which to test sanitization procedures is defined;

+ @@ -32239,9 +24595,6 @@ value="organization"/> -

Test sanitization equipment and procedures to ensure that the intended sanitization is being achieved.

MP-6 (2) Additional FedRAMP Requirements and Guidance @@ -32255,13 +24608,6 @@

Testing of sanitization equipment and procedures may be conducted by qualified and authorized external entities, including federal agencies or external service providers.

 - - @@ -32319,6 +24665,7 @@

circumstances requiring sanitization of portable storage devices are defined;

+ @@ -32327,9 +24674,6 @@ value="organization"/> -

Apply nondestructive sanitization techniques to portable storage devices prior to connecting such devices to the system under the following circumstances: .

MP-6 (3) Additional FedRAMP Requirements and Guidance @@ -32343,17 +24687,6 @@

Portable storage devices include external or removable hard disk drives (e.g., solid state, magnetic), optical discs, magnetic or optical tapes, flash memory devices, flash memory cards, and other external or removable disks. Portable storage devices can be obtained from untrustworthy sources and contain malicious code that can be inserted into or transferred to organizational systems through USB ports or other entry portals. While scanning storage devices is recommended, sanitization provides additional assurance that such devices are free of malicious code. Organizations consider nondestructive sanitization of portable storage devices when the devices are purchased from manufacturers or vendors prior to initial use or when organizations cannot maintain a positive chain of custody for the devices.

 - - -

non-destructive sanitization techniques are applied to portable storage devices prior to connecting such devices to the system under .

@@ -32416,6 +24749,7 @@

controls to restrict or prohibit the use of specific types of system media on systems or system components are defined;

+ @@ -32432,17 +24766,11 @@ -

the use of on using ; and

 -

Prohibit the use of portable storage devices in organizational systems when such devices have no identifiable owner.

 @@ -32453,41 +24781,11 @@ - - - -

the use of is on using ;

 - - - -

the use of portable storage devices in organizational systems is prohibited when such devices have no identifiable owner.

@@ -32599,6 +24897,7 @@

events that would require the physical and environmental protection procedures to be reviewed and updated are defined;

+ @@ -32618,13 +24917,6 @@ - - -

This response must address all control sub-statement requirements.

- -

Develop, document, and disseminate to :

@@ -32646,20 +24938,10 @@ -

Designate an to manage the development, documentation, and dissemination of the physical and environmental protection policy and procedures; and

 - - -

This response must address all control sub-statement requirements.

- -

Review and update the current physical and environmental protection:

@@ -32680,57 +24962,21 @@ - - -

a physical and environmental protection policy is developed and documented;

 - - -

the physical and environmental protection policy is disseminated to ;

 - -

physical and environmental protection procedures to facilitate the implementation of the physical and environmental protection policy and associated physical and environmental protection controls are developed and documented;

 - -

the physical and environmental protection procedures are disseminated to ;

@@ -32738,13 +24984,6 @@ - - @@ -32784,13 +25023,6 @@ - -

the physical and environmental protection policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

@@ -32800,17 +25032,6 @@ - - -

the is designated to manage the development, documentation, and dissemination of the physical and environmental protection policy and procedures;

@@ -32818,17 +25039,6 @@ - - - @@ -32843,17 +25053,6 @@ - - - @@ -32904,6 +25103,7 @@

frequency at which to review the access list detailing authorized facility access by individuals is defined;

+ @@ -32930,30 +25130,18 @@ -

Develop, approve, and maintain a list of individuals with authorized access to the facility where the system resides;

 -

Issue authorization credentials for facility access;

 -

Review the access list detailing authorized facility access by individuals ; and

 -

Remove individuals from the facility access list when access is no longer required.

 @@ -32964,17 +25152,6 @@ - - - @@ -32994,37 +25171,16 @@ - -

authorization credentials are issued for facility access;

 - -

the access list detailing authorized facility access by individuals is reviewed ;

 - -

individuals are removed from the facility access list when access is no longer required.

@@ -33150,7 +25306,7 @@

frequency at which to change keys is defined;

- + @@ -33187,9 +25343,6 @@ -

Enforce physical access authorizations at by:

@@ -33202,44 +25355,26 @@ -

Maintain physical access audit logs for ;

 -

Control access to areas within the facility designated as publicly accessible by implementing the following controls: ;

 -

Escort visitors and control visitor activity ;

 -

Secure keys, combinations, and other physical access devices;

 -

Inventory every ; and

 -

Change combinations and keys and/or when keys are lost, combinations are compromised, or when individuals possessing the keys or combinations are transferred or terminated.

 @@ -33252,29 +25387,11 @@ - -

physical access authorizations are enforced at by verifying individual access authorizations before granting access to the facility;

 - - -

physical access authorizations are enforced at by controlling ingress and egress to the facility using ;

@@ -33282,29 +25399,11 @@ - - -

physical access audit logs are maintained for ;

 - -

access to areas within the facility designated as publicly accessible are maintained by implementing ;

@@ -33312,29 +25411,11 @@ - -

visitors are escorted;

 - - -

visitor activity is controlled ;

@@ -33342,13 +25423,6 @@ - - @@ -33368,17 +25442,6 @@ - - -

are inventoried ;

@@ -33387,25 +25450,11 @@ - -

combinations are changed , when combinations are compromised, or when individuals possessing the combinations are transferred or terminated;

 - -

keys are changed , when keys are lost, or when individuals possessing the keys are transferred or terminated.

@@ -33456,6 +25505,7 @@

physical spaces containing one or more components of the system are defined;

+ @@ -33464,9 +25514,6 @@ value="organization"/> -

Enforce physical access authorizations to the system in addition to the physical access controls for the facility at .

 @@ -33475,25 +25522,11 @@ - -

physical access authorizations to the system are enforced;

 - -

physical access controls are enforced for the facility at .

@@ -33548,6 +25581,7 @@

security controls to be implemented to control physical access to system distribution and transmission lines within the organizational facility are defined;

+ @@ -33565,26 +25599,12 @@ -

Control physical access to within organizational facilities using .

Security controls applied to system distribution and transmission lines prevent accidental damage, disruption, and physical tampering. Such controls may also be necessary to prevent eavesdropping or modification of unencrypted transmissions. Security controls used to control physical access to system distribution and transmission lines include disconnected or locked spare jacks, locked wiring closets, protection of cabling by conduit or cable trays, and wiretapping sensors.

 - - -

physical access to within organizational facilities is controlled using .

@@ -33627,6 +25647,7 @@

output devices that require physical access control to output are defined;

+ @@ -33639,22 +25660,12 @@ -

Control physical access to output from to prevent unauthorized individuals from obtaining the output.

Controlling physical access to output devices includes placing output devices in locked rooms or other secured areas with keypad or card reader access controls and allowing access to authorized individuals only, placing output devices in locations that can be monitored by personnel, installing monitor or screen filters, and using headphones. Examples of output devices include monitors, printers, scanners, audio devices, facsimile machines, and copiers.

 - -

physical access to output from is controlled to prevent unauthorized individuals from obtaining the output.

@@ -33709,6 +25720,7 @@

events or potential indication of events requiring physical access logs to be reviewed are defined;

+ @@ -33728,23 +25740,14 @@ -

Monitor physical access to the facility where the system resides to detect and respond to physical security incidents;

 -

Review physical access logs and upon occurrence of ; and

 -

Coordinate results of reviews and investigations with the organizational incident response capability.

 @@ -33755,17 +25758,6 @@ - - -

physical access to the facility where the system resides is monitored to detect and respond to physical security incidents;

@@ -33773,25 +25765,11 @@ - -

physical access logs are reviewed ;

 - -

physical access logs are reviewed upon occurrence of ;

@@ -33801,33 +25779,11 @@ - - -

results of reviews are coordinated with organizational incident response capabilities;

 - - -

results of investigations are coordinated with organizational incident response capabilities.

@@ -33869,6 +25825,7 @@ Intrusion Alarms and Surveillance Equipment + @@ -33880,22 +25837,12 @@ value="true"/> -

Monitor physical access to the facility where the system resides using physical intrusion alarms and surveillance equipment.

Physical intrusion alarms can be employed to alert security personnel when unauthorized access to the facility is attempted. Alarm systems work in conjunction with physical barriers, physical access control systems, and security guards by triggering a response when these other forms of security have been compromised or breached. Physical intrusion alarms can include different types of sensor devices, such as motion sensors, contact sensors, and broken glass sensors. Surveillance equipment includes video cameras installed at strategic locations throughout the facility.

 - - @@ -33952,6 +25899,7 @@

physical spaces containing one or more components of the system are defined;

+ @@ -33963,22 +25911,12 @@ value="true"/> -

Monitor physical access to the system in addition to the physical access monitoring of the facility at .

Monitoring physical access to systems provides additional monitoring for those areas within facilities where there is a concentration of system components, including server rooms, media storage areas, and communications centers. Physical access monitoring can be coordinated with intrusion detection systems and system monitoring capabilities to provide comprehensive and integrated threat coverage for the organization.

 - -

physical access to the system is monitored in addition to the physical access monitoring of the facility at .

@@ -34049,6 +25987,7 @@

personnel to whom visitor access records anomalies are reported to is/are defined;

+ @@ -34063,23 +26002,14 @@ -

Maintain visitor access records to the facility where the system resides for ;

 -

Review visitor access records ; and

 -

Report anomalies in visitor access records to .

 @@ -34090,45 +26020,16 @@ - - -

visitor access records for the facility where the system resides are maintained for ;

 - -

visitor access records are reviewed ;

 - - -

visitor access records anomalies are reported to .

@@ -34183,6 +26084,7 @@

automated mechanisms used to review visitor access records are defined;

+ @@ -34191,9 +26093,6 @@ value="organization"/> -

Maintain and review visitor access records using .

 @@ -34202,29 +26101,11 @@ - - -

visitor access records are maintained using ;

 - -

visitor access records are reviewed using .

@@ -34264,6 +26145,7 @@ Power Equipment and Cabling + @@ -34272,22 +26154,12 @@ value="organization"/> -

Protect power equipment and power cabling for the system from damage and destruction.

Organizations determine the types of protection necessary for the power equipment and cabling employed at different locations that are both internal and external to organizational facilities and environments of operation. Types of power equipment and cabling include internal cabling and uninterruptable power sources in offices or data centers, generators and power cabling outside of buildings, and power sources for self-contained components such as satellites, vehicles, and other deployable systems.

 - - @@ -34347,6 +26219,7 @@

location of emergency shutoff switches or devices by system or system component is defined;

+ @@ -34356,23 +26229,14 @@ -

Provide the capability of shutting off power to in emergency situations;

 -

Place emergency shutoff switches or devices in to facilitate access for authorized personnel; and

 -

Protect emergency power shutoff capability from unauthorized activation.

 @@ -34383,45 +26247,16 @@ - - -

the capability to shut off power to in emergency situations is provided;

 - -

emergency shutoff switches or devices are placed in to facilitate access for authorized personnel;

 - - -

the emergency power shutoff capability is protected from unauthorized activation.

@@ -34465,6 +26300,7 @@ transition of the system to long-term alternate power + @@ -34475,26 +26311,12 @@ -

Provide an uninterruptible power supply to facilitate in the event of a primary power source loss.

An uninterruptible power supply (UPS) is an electrical system or mechanism that provides emergency power when there is a failure of the main power source. A UPS is typically used to protect computers, data centers, telecommunication equipment, or other electrical equipment where an unexpected power disruption could cause injuries, fatalities, serious mission or business disruption, or loss of data or information. A UPS differs from an emergency power system or backup generator in that the UPS provides near-instantaneous protection from unanticipated power interruptions from the main power source by providing energy stored in batteries, supercapacitors, or flywheels. The battery duration of a UPS is relatively short but provides sufficient time to start a standby power source, such as a backup generator, or properly shut down the system.

 - - -

an uninterruptible power supply is provided to facilitate in the event of a primary power source loss.

@@ -34541,6 +26363,7 @@ automatically + @@ -34549,9 +26372,6 @@ value="organization"/> -

Provide an alternate power supply for the system that is activated and that can maintain minimally required operational capability in the event of an extended loss of the primary power source.

 @@ -34560,33 +26380,11 @@ - - -

an alternate power supply provided for the system is activated ;

 - - -

the alternate power supply provided for the system can maintain minimally required operational capability in the event of an extended loss of the primary power source.

@@ -34626,6 +26424,7 @@ Emergency Lighting + @@ -34635,9 +26434,6 @@ -

Employ and maintain automatic emergency lighting for the system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility.

 @@ -34646,49 +26442,21 @@ - -

automatic emergency lighting that activates in the event of a power outage or disruption is employed for the system;

 - -

automatic emergency lighting that activates in the event of a power outage or disruption is maintained for the system;

 - -

automatic emergency lighting for the system covers emergency exits within the facility;

 - -

automatic emergency lighting for the system covers evacuation routes within the facility.

@@ -34726,6 +26494,7 @@ Fire Protection + @@ -34734,9 +26503,6 @@ value="organization"/> -

Employ and maintain fire detection and suppression systems that are supported by an independent energy source.

 @@ -34745,97 +26511,31 @@ - - -

fire detection systems are employed;

 - - -

employed fire detection systems are supported by an independent energy source;

 - - -

employed fire detection systems are maintained;

 - - -

fire suppression systems are employed;

 - - -

employed fire suppression systems are supported by an independent energy source;

 - - -

employed fire suppression systems are maintained.

@@ -34894,6 +26594,7 @@

emergency responders to be notified in the event of a fire are defined;

+ @@ -34902,9 +26603,6 @@ value="organization"/> -

Employ fire detection systems that activate automatically and notify and in the event of a fire.

 @@ -34913,45 +26611,16 @@ - -

fire detection systems that activate automatically are employed in the event of a fire;

 - - -

fire detection systems that notify automatically are employed in the event of a fire;

 - - -

fire detection systems that notify automatically are employed in the event of a fire.

@@ -35006,6 +26675,7 @@

emergency responders to be notified in the event of a fire are defined;

+ @@ -35015,16 +26685,10 @@ -

Employ fire suppression systems that activate automatically and notify and ; and

 -

Employ an automatic fire suppression capability when the facility is not staffed on a continuous basis.

 @@ -35037,45 +26701,16 @@ - -

fire suppression systems that activate automatically are employed;

 - - -

fire suppression systems that notify automatically are employed;

 - - -

fire suppression systems that notify automatically are employed;

@@ -35083,17 +26718,6 @@ - - -

an automatic fire suppression capability is employed when the facility is not staffed on a continuous basis.

@@ -35175,6 +26799,7 @@

frequency at which to monitor environmental control levels is defined;

+ @@ -35185,16 +26810,10 @@ -

Maintain levels within the facility where the system resides at ; and

 -

Monitor environmental control levels .

 @@ -35212,34 +26831,12 @@ - - -

levels are maintained at within the facility where the system resides;

 - - -

environmental control levels are monitored .

@@ -35283,6 +26880,7 @@

personnel or roles to be notified by environmental control monitoring when environmental changes are potentially harmful to personnel or equipment is/are defined;

+ @@ -35291,9 +26889,6 @@ value="organization"/> -

Employ environmental control monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment to .

 @@ -35302,29 +26897,11 @@ - -

environmental control monitoring is employed;

 - - -

the environmental control monitoring capability provides an alarm or notification to when changes are potentially harmful to personnel or equipment.

@@ -35363,6 +26940,7 @@ Water Damage Protection + @@ -35372,9 +26950,6 @@ -

Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel.

 @@ -35383,65 +26958,21 @@ - - -

the system is protected from damage resulting from water leakage by providing master shutoff or isolation valves;

 - - -

the master shutoff or isolation valves are accessible;

 - - -

the master shutoff or isolation valves are working properly;

 - - -

the master shutoff or isolation valves are known to key personnel.

@@ -35497,6 +27028,7 @@

automated mechanisms used to detect the presence of water near the system are defined;

+ @@ -35505,9 +27037,6 @@ value="organization"/> -

Detect the presence of water near the system and alert using .

 @@ -35516,29 +27045,11 @@ - -

the presence of water near the system can be detected automatically;

 - - -

is/are alerted using .

@@ -35599,6 +27110,7 @@

types of system components to be authorized and controlled when exiting the facility are defined;

+ @@ -35617,16 +27129,10 @@ -

Authorize and control entering and exiting the facility; and

 -

Maintain records of the system components.

 @@ -35639,68 +27145,24 @@ - - -

are authorized when entering the facility;

 - - -

are controlled when entering the facility;

 - - -

are authorized when exiting the facility;

 - - -

are controlled when exiting the facility;

@@ -35709,17 +27171,6 @@ - - -

records of the system components are maintained.

@@ -35769,6 +27220,7 @@

controls to be employed at alternate work sites are defined;

+ @@ -35781,30 +27233,18 @@ -

Determine and document the allowed for use by employees;

 -

Employ the following controls at alternate work sites: ;

 -

Assess the effectiveness of controls at alternate work sites; and

 -

Provide a means for employees to communicate with information security and privacy personnel in case of incidents.

 @@ -35815,67 +27255,23 @@ - - -

are determined and documented;

 - - -

are employed at alternate work sites;

 - - -

the effectiveness of controls at alternate work sites is assessed;

 - - -

a means for employees to communicate with information security and privacy personnel in case of incidents is provided.

@@ -35929,6 +27325,7 @@

physical and environmental hazards that could result in potential damage to system components within the facility are defined;

+ @@ -35941,26 +27338,12 @@ -

Position system components within the facility to minimize potential damage from and to minimize the opportunity for unauthorized access.

Physical and environmental hazards include floods, fires, tornadoes, earthquakes, hurricanes, terrorism, vandalism, an electromagnetic pulse, electrical interference, and other forms of incoming electromagnetic radiation. Organizations consider the location of entry points where unauthorized individuals, while not being granted access, might nonetheless be near systems. Such proximity can increase the risk of unauthorized access to organizational communications using wireless packet sniffers or microphones, or unauthorized disclosure of information.

 - - -

system components are positioned within the facility to minimize potential damage from and to minimize the opportunity for unauthorized access.

@@ -36066,6 +27449,7 @@

events that would require procedures to be reviewed and updated are defined;

+ @@ -36086,13 +27470,6 @@ - - -

This response must address all control sub-statement requirements.

- -

Develop, document, and disseminate to :

@@ -36114,20 +27491,10 @@ -

Designate an to manage the development, documentation, and dissemination of the planning policy and procedures; and

 - - -

This response must address all control sub-statement requirements.

- -

Review and update the current planning:

@@ -36148,57 +27515,21 @@ - - -

a planning policy is developed and documented.

 - - -

the planning policy is disseminated to ;

 - -

planning procedures to facilitate the implementation of the planning policy and associated planning controls are developed and documented;

 - -

the planning procedures are disseminated to ;

@@ -36206,13 +27537,6 @@ - - @@ -36252,13 +27576,6 @@ - -

the planning policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

@@ -36268,17 +27585,6 @@ - - -

the is designated to manage the development, documentation, and dissemination of the planning policy and procedures;

@@ -36286,17 +27592,6 @@ - - - @@ -36311,17 +27606,6 @@ - - - @@ -36393,6 +27677,7 @@

frequency to review system security and privacy plans is defined;

+ @@ -36446,9 +27731,6 @@ -

Develop security and privacy plans for the system that:

@@ -36513,30 +27795,18 @@ -

Distribute copies of the plans and communicate subsequent changes to the plans to ;

 -

Review the plans ;

 -

Update the plans to address changes to the system and environment of operation or problems identified during plan implementation or control assessments; and

 -

Protect the plans from unauthorized disclosure and modification.

 @@ -36554,77 +27824,11 @@ - - - - - - - - -

a security plan for the system is developed that is consistent with the organization’s enterprise architecture;

 - - - - - - - - -

a privacy plan for the system is developed that is consistent with the organization’s enterprise architecture;

@@ -36662,25 +27866,11 @@ - -

a security plan for the system is developed that identifies the individuals that fulfill system roles and responsibilities;

 - -

a privacy plan for the system is developed that identifies the individuals that fulfill system roles and responsibilities;

@@ -36688,13 +27878,6 @@ - - @@ -36709,13 +27892,6 @@ - - @@ -36730,13 +27906,6 @@ - - @@ -36751,13 +27920,6 @@ - - @@ -36772,17 +27934,6 @@ - - - @@ -36799,25 +27950,11 @@ - -

a security plan for the system is developed that provides an overview of the security requirements for the system;

 - -

a privacy plan for the system is developed that provides an overview of the privacy requirements for the system;

@@ -36825,13 +27962,6 @@ - - @@ -36848,25 +27978,11 @@ - -

a security plan for the system is developed that describes the controls in place or planned for meeting the security requirements, including rationale for any tailoring decisions;

 - -

a privacy plan for the system is developed that describes the controls in place or planned for meeting the privacy requirements, including rationale for any tailoring decisions;

@@ -36876,33 +27992,11 @@ - - -

a security plan for the system is developed that includes risk determinations for security architecture and design decisions;

 - - -

a privacy plan for the system is developed that includes risk determinations for privacy architecture and design decisions;

@@ -36912,33 +28006,11 @@ - - -

a security plan for the system is developed that includes security-related activities affecting the system that require planning and coordination with ;

 - - -

a privacy plan for the system is developed that includes privacy-related activities affecting the system that require planning and coordination with ;

@@ -36948,33 +28020,11 @@ - - -

a security plan for the system is developed that is reviewed and approved by the authorizing official or designated representative prior to plan implementation;

 - - -

a privacy plan for the system is developed that is reviewed and approved by the authorizing official or designated representative prior to plan implementation.

@@ -36984,17 +28034,6 @@ - - - @@ -37009,33 +28048,11 @@ - - -

plans are reviewed ;

 - - - @@ -37055,17 +28072,6 @@ - - - @@ -37149,6 +28155,7 @@

frequency for individuals to read and re-acknowledge the rules of behavior is defined (if selected);

+ @@ -37181,30 +28188,18 @@ -

Establish and provide to individuals requiring access to the system, the rules that describe their responsibilities and expected behavior for information and system usage, security, and privacy;

 -

Receive a documented acknowledgment from such individuals, indicating that they have read, understand, and agree to abide by the rules of behavior, before authorizing access to information and the system;

 -

Review and update the rules of behavior ; and

 -

Require individuals who have acknowledged a previous version of the rules of behavior to read and re-acknowledge .

 @@ -37215,17 +28210,6 @@ - - - @@ -37240,49 +28224,16 @@ - - -

before authorizing access to information and the system, a documented acknowledgement from such individuals indicating that they have read, understand, and agree to abide by the rules of behavior is received;

 - - -

rules of behavior are reviewed and updated ;

 - - -

individuals who have acknowledged a previous version of the rules of behavior are required to read and reacknowledge .

@@ -37321,6 +28272,7 @@ Social Media and External Site/Application Usage Restrictions + @@ -37336,23 +28288,14 @@

Include in the rules of behavior, restrictions on:

-

Use of social media, social networking sites, and external sites/applications;

 -

Posting organizational information on public websites; and

 -

Use of organization-provided identifiers (e.g., email addresses) and authentication secrets (e.g., passwords) for creating accounts on external sites/applications.

 @@ -37363,49 +28306,16 @@ - - -

the rules of behavior include restrictions on the use of social media, social networking sites, and external sites/applications;

 - - -

the rules of behavior include restrictions on posting organizational information on public websites;

 - - -

the rules of behavior include restrictions on the use of organization-provided identifiers (e.g., email addresses) and authentication secrets (e.g., passwords) for creating accounts on external sites/applications.

@@ -37456,6 +28366,7 @@

frequency for review and update to reflect changes in the enterprise architecture;

+ @@ -37483,9 +28394,6 @@ -

Develop security and privacy architectures for the system that:

@@ -37506,16 +28414,10 @@ -

Review and update the architectures to reflect changes in the enterprise architecture; and

 -

Reflect planned architecture changes in security and privacy plans, Concept of Operations (CONOPS), criticality analysis, organizational procedures, and procurements and acquisitions.

 @@ -37540,45 +28442,16 @@ - - -

a security architecture for the system describes the requirements and approach to be taken for protecting the confidentiality, integrity, and availability of organizational information;

 - - -

a privacy architecture describes the requirements and approach to be taken for processing personally identifiable information to minimize privacy risk to individuals;

 - - @@ -37593,13 +28466,6 @@ - - @@ -37616,17 +28482,6 @@ - - -

changes in the enterprise architecture are reviewed and updated to reflect changes in the enterprise architecture;

@@ -37634,97 +28489,31 @@ - - -

planned architecture changes are reflected in the security plan;

 - - -

planned architecture changes are reflected in the privacy plan;

 - - -

planned architecture changes are reflected in the Concept of Operations (CONOPS);

 - - -

planned architecture changes are reflected in criticality analysis;

 - - -

planned architecture changes are reflected in organizational procedures;

 - - -

planned architecture changes are reflected in procurements and acquisitions.

@@ -37769,6 +28558,7 @@ Baseline Selection + @@ -37791,9 +28581,6 @@ -

Select a control baseline for the system.

PL-10 Additional FedRAMP Requirements and Guidance @@ -37807,13 +28594,6 @@

Control baselines are predefined sets of controls specifically assembled to address the protection needs of a group, organization, or community of interest. Controls are chosen for baselines to either satisfy mandates imposed by laws, executive orders, directives, regulations, policies, standards, and guidelines or address threats common to all users of the baseline under the assumptions specific to the baseline. Baselines represent a starting point for the protection of individuals’ privacy, information, and information systems with subsequent tailoring actions to manage risk in accordance with mission, business, or other constraints (see PL-11 ). Federal control baselines are provided in SP 800-53B . The selection of a control baseline is determined by the needs of stakeholders. Stakeholder needs consider mission and business requirements as well as mandates imposed by applicable laws, executive orders, directives, policies, regulations, standards, and guidelines. For example, the control baselines in SP 800-53B are based on the requirements from FISMA and PRIVACT . The requirements, along with the NIST standards and guidelines implementing the legislation, direct organizations to select one of the control baselines after the reviewing the information types and the information that is processed, stored, and transmitted on the system; analyzing the potential adverse impact of the loss or compromise of the information or system on the organization’s operations and assets, individuals, other organizations, or the Nation; and considering the results from system and organizational risk assessments. CNSSI 1253 provides guidance on control baselines for national security systems.

 - -

a control baseline for the system is selected.

@@ -37855,6 +28635,7 @@ Baseline Tailoring + @@ -37877,26 +28658,12 @@ -

Tailor the selected control baseline by applying specified tailoring actions.

The concept of tailoring allows organizations to specialize or customize a set of baseline controls by applying a defined set of tailoring actions. Tailoring actions facilitate such specialization and customization by allowing organizations to develop security and privacy plans that reflect their specific mission and business functions, the environments where their systems operate, the threats and vulnerabilities that can affect their systems, and any other conditions or situations that can impact their mission or business success. Tailoring guidance is provided in SP 800-53B . Tailoring a control baseline is accomplished by identifying and designating common controls, applying scoping considerations, selecting compensating controls, assigning values to control parameters, supplementing the control baseline with additional controls as needed, and providing information for control implementation. The general tailoring actions in SP 800-53B can be supplemented with additional actions based on the needs of organizations. Tailoring actions can be applied to the baselines in SP 800-53B in accordance with the security and privacy requirements from FISMA, PRIVACT , and OMB A-130 . Alternatively, other communities of interest adopting different control baselines can apply the tailoring actions in SP 800-53B to specialize or customize the controls that represent the specific needs and concerns of those entities.

 - - -

the selected control baseline is tailored by applying specified tailoring actions.

@@ -38007,6 +28774,7 @@

events that would require the personnel security procedures to be reviewed and updated are defined;

+ @@ -38025,13 +28793,6 @@ - - -

This response must address all control sub-statement requirements.

- -

Develop, document, and disseminate to :

@@ -38053,20 +28814,10 @@ -

Designate an to manage the development, documentation, and dissemination of the personnel security policy and procedures; and

 - - -

This response must address all control sub-statement requirements.

- -

Review and update the current personnel security:

@@ -38087,57 +28838,21 @@ - - -

a personnel security policy is developed and documented;

 - - -

the personnel security policy is disseminated to ;

 - -

personnel security procedures to facilitate the implementation of the personnel security policy and associated personnel security controls are developed and documented;

 - -

the personnel security procedures are disseminated to ;

@@ -38145,13 +28860,6 @@ - - @@ -38191,13 +28899,6 @@ - -

the personnel security policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

@@ -38207,17 +28908,6 @@ - - -

the is designated to manage the development, documentation, and dissemination of the personnel security policy and procedures;

@@ -38225,17 +28915,6 @@ - - - @@ -38250,17 +28929,6 @@ - - - @@ -38313,6 +28981,7 @@

the frequency at which to review and update position risk designations is defined;

+ @@ -38333,23 +29002,14 @@ -

Assign a risk designation to all organizational positions;

 -

Establish screening criteria for individuals filling those positions; and

 -

Review and update position risk designations .

 @@ -38360,49 +29020,16 @@ - - -

a risk designation is assigned to all organizational positions;

 - - -

screening criteria are established for individuals filling organizational positions;

 - - -

position risk designations are reviewed and updated .

@@ -38462,6 +29089,7 @@

the frequency of rescreening individuals where it is so indicated is defined;

+ @@ -38488,16 +29116,10 @@ -

Screen individuals prior to authorizing access to the system; and

 -

Rescreen individuals in accordance with .

 @@ -38508,33 +29130,11 @@ - - -

individuals are screened prior to authorizing access to the system;

 - - - @@ -38582,13 +29182,14 @@ -

personnel screening criteria - as required by specific information

+

personnel screening criteria – as required by specific information

additional personnel screening criteria to be satisfied for individuals accessing a system processing, storing, or transmitting information requiring special protection are defined;

 + @@ -38599,16 +29200,10 @@

Verify that individuals accessing a system processing, storing, or transmitting information requiring special protection:

-

Have valid access authorizations that are demonstrated by assigned official government duties; and

 -

Satisfy .

 @@ -38619,33 +29214,11 @@ - - -

individuals accessing a system processing, storing, or transmitting information requiring special protection have valid access authorizations that are demonstrated by assigned official government duties;

 - - -

individuals accessing a system processing, storing, or transmitting information requiring special protection satisfy .

@@ -38702,6 +29275,7 @@

information security topics to be discussed when conducting exit interviews are defined;

+ @@ -38717,37 +29291,22 @@

Upon termination of individual employment:

-

Disable system access within ;

 -

Terminate or revoke any authenticators and credentials associated with the individual;

 -

Conduct exit interviews that include a discussion of ;

 -

Retrieve all security-related organizational system-related property; and

 -

Retain access to organizational information and systems formerly controlled by terminated individual.

 @@ -38758,73 +29317,26 @@ - -

upon termination of individual employment, system access is disabled within ;

 - -

upon termination of individual employment, any authenticators and credentials are terminated or revoked;

 - - -

upon termination of individual employment, exit interviews that include a discussion of are conducted;

 - - -

upon termination of individual employment, all security-related organizational system-related property is retrieved;

 - - -

upon termination of individual employment, access to organizational information and systems formerly controlled by the terminated individual are retained.

@@ -38889,6 +29401,7 @@

personnel or roles to be notified upon termination of an individual is/are defined (if selected);

+ @@ -38897,26 +29410,12 @@ value="organization"/> -

Use to .

In organizations with many employees, not all personnel who need to know about termination actions receive the appropriate notifications, or if such notifications are received, they may not occur in a timely manner. Automated mechanisms can be used to send automatic alerts or notifications to organizational personnel or roles when individuals are terminated. Such automatic alerts or notifications can be conveyed in a variety of ways, including via telephone, electronic mail, text message, or websites. Automated mechanisms can also be employed to quickly and thoroughly disable access to system resources after an employee is terminated.

 - - -

are used to .

@@ -38995,6 +29494,7 @@

time period within which to notify organization-defined personnel or roles when individuals are reassigned or transferred to other positions within the organization is defined;

+ @@ -39009,30 +29509,18 @@ -

Review and confirm ongoing operational need for current logical and physical access authorizations to systems and facilities when individuals are reassigned or transferred to other positions within the organization;

 -

Initiate within ;

 -

Modify access authorization as needed to correspond with any changes in operational need due to reassignment or transfer; and

 -

Notify within .

 @@ -39043,62 +29531,22 @@ - - -

the ongoing operational need for current logical and physical access authorizations to systems and facilities are reviewed and confirmed when individuals are reassigned or transferred to other positions within the organization;

 - - -

are initiated within ;

 - -

access authorization is modified as needed to correspond with any changes in operational need due to reassignment or transfer;

 - - -

are notified within .

@@ -39162,6 +29610,7 @@

the frequency at which to re-sign access agreements to maintain access to organizational information is defined;

+ @@ -39183,23 +29632,14 @@ -

Develop and document access agreements for organizational systems;

 -

Review and update the access agreements ; and

 -

Verify that individuals requiring access to organizational information and systems:

@@ -39218,29 +29658,11 @@ - -

access agreements are developed and documented for organizational systems;

 - - -

the access agreements are reviewed and updated ;

@@ -39248,33 +29670,11 @@ - - -

individuals requiring access to organizational information and systems sign appropriate access agreements prior to being granted access;

 - - -

individuals requiring access to organizational information and systems re-sign access agreements to maintain access to organizational systems when access agreements have been updated or .

@@ -39341,6 +29741,7 @@

time period within which third-party providers are required to notify organization-defined personnel or roles of any personnel transfers or terminations of external personnel who possess organizational credentials and/or badges or who have system privileges is defined;

+ @@ -39366,37 +29767,22 @@ -

Establish personnel security requirements, including security roles and responsibilities for external providers;

 -

Require external providers to comply with personnel security policies and procedures established by the organization;

 -

Document personnel security requirements;

 -

Require external providers to notify of any personnel transfers or terminations of external personnel who possess organizational credentials and/or badges, or who have system privileges within ; and

 -

Monitor provider compliance with personnel security requirements.

 @@ -39407,77 +29793,26 @@ - - -

personnel security requirements are established, including security roles and responsibilities for external providers;

 - - -

external providers are required to comply with personnel security policies and procedures established by the organization;

 - -

personnel security requirements are documented;

 - - -

external providers are required to notify of any personnel transfers or terminations of external personnel who possess organizational credentials and/or badges or who have system privileges within ;

 - - -

provider compliance with personnel security requirements is monitored.

@@ -39542,6 +29877,7 @@

the time period within which organization-defined personnel or roles must be notified when a formal employee sanctions process is initiated is defined;

+ @@ -39554,16 +29890,10 @@ -

Employ a formal sanctions process for individuals failing to comply with established information security and privacy policies and procedures; and

 -

Notify within when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction.

 @@ -39574,33 +29904,11 @@ - - -

a formal sanctions process is employed for individuals failing to comply with established information security and privacy policies and procedures;

 - - -

is/are notified within when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction.

@@ -39644,6 +29952,7 @@ Position Descriptions + @@ -39652,22 +29961,12 @@ value="organization"/> -

Incorporate security and privacy roles and responsibilities into organizational position descriptions.

Specification of security and privacy roles in individual organizational position descriptions facilitates clarity in understanding the security or privacy responsibilities associated with the roles and the role-based security and privacy training requirements for the roles.

 - - @@ -39784,6 +30083,7 @@

events that would require risk assessment procedures to be reviewed and updated are defined;

+ @@ -39803,13 +30103,6 @@ - - -

This response must address all control sub-statement requirements.

- -

Develop, document, and disseminate to :

@@ -39831,20 +30124,10 @@ -

Designate an to manage the development, documentation, and dissemination of the risk assessment policy and procedures; and

 - - -

This response must address all control sub-statement requirements.

- -

Review and update the current risk assessment:

@@ -39865,57 +30148,21 @@ - - -

a risk assessment policy is developed and documented;

 - - -

the risk assessment policy is disseminated to ;

 - -

risk assessment procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls are developed and documented;

 - -

the risk assessment procedures are disseminated to ;

@@ -39923,13 +30170,6 @@ - - @@ -39969,13 +30209,6 @@ - -

the risk assessment policy is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines;

@@ -39985,17 +30218,6 @@ - - -

the is designated to manage the development, documentation, and dissemination of the risk assessment policy and procedures;

@@ -40003,17 +30225,6 @@ - - - @@ -40028,17 +30239,6 @@ - - - @@ -40077,6 +30277,7 @@ Security Categorization + @@ -40109,23 +30310,14 @@ -

Categorize the system and information it processes, stores, and transmits;

 -

Document the security categorization results, including supporting rationale, in the security plan for the system; and

 -

Verify that the authorizing official or authorizing official designated representative reviews and approves the security categorization decision.

 @@ -40138,41 +30330,16 @@ - -

the system and the information it processes, stores, and transmits are categorized;

 - -

the security categorization results, including supporting rationale, are documented in the security plan for the system;

 - - -

the authorizing official or authorizing official designated representative reviews and approves the security categorization decision.

@@ -40258,6 +30425,7 @@

the frequency to update the risk assessment is defined;

+ @@ -40302,9 +30470,6 @@ -

Conduct a risk assessment, including:

@@ -40321,37 +30486,22 @@ -

Integrate risk assessment results and risk management decisions from the organization and mission or business process perspectives with system-level risk assessments;

 -

Document risk assessment results in ;

 -

Review risk assessment results ;

 -

Disseminate risk assessment results to ; and

 -

Update the risk assessment or when there are significant changes to the system, its environment of operation, or other conditions that may impact the security or privacy state of the system.

 @@ -40377,49 +30527,16 @@ - - -

a risk assessment is conducted to identify threats to and vulnerabilities in the system;

 - - -

a risk assessment is conducted to determine the likelihood and magnitude of harm from unauthorized access, use, disclosure, disruption, modification, or destruction of the system; the information it processes, stores, or transmits; and any related information;

 - - -

a risk assessment is conducted to determine the likelihood and impact of adverse effects on individuals arising from the processing of personally identifiable information;

@@ -40427,77 +30544,26 @@ - - -

risk assessment results and risk management decisions from the organization and mission or business process perspectives are integrated with system-level risk assessments;

 - -

risk assessment results are documented in ;

 - - -

risk assessment results are reviewed ;

 - - -

risk assessment results are disseminated to ;

 - - -

the risk assessment is updated or when there are significant changes to the system, its environment of operation, or other conditions that may impact the security or privacy state of the system.

@@ -40551,6 +30617,7 @@

the frequency at which to update the supply chain risk assessment is defined;

+ @@ -40568,16 +30635,10 @@ -

Assess supply chain risks associated with ; and

 -

Update the supply chain risk assessment , when there are significant changes to the relevant supply chain, or when changes to the system, environments of operation, or other conditions may necessitate a change in the supply chain.

 @@ -40588,33 +30649,11 @@ - - -

supply chain risks associated with are assessed;

 - - -

the supply chain risk assessment is updated , when there are significant changes to the relevant supply chain, or when changes to the system, environments of operation, or other conditions may necessitate a change in the supply chain.

@@ -40698,7 +30737,7 @@

personnel or roles with whom information obtained from the vulnerability scanning process and control assessments is to be shared;

- + @@ -40736,16 +30775,10 @@ -

Monitor and scan for vulnerabilities in the system and hosted applications and when new vulnerabilities potentially affecting the system are identified and reported;

 -

Employ vulnerability monitoring tools and techniques that facilitate interoperability among tools and automate parts of the vulnerability management process by using standards for:

@@ -40762,30 +30795,18 @@ -

Analyze vulnerability scan reports and results from vulnerability monitoring;

 -

Remediate legitimate vulnerabilities in accordance with an organizational assessment of risk;

 -

Share information obtained from the vulnerability monitoring process and control assessments with to help eliminate similar vulnerabilities in other systems; and

 -

Employ vulnerability monitoring tools that include the capability to readily update the vulnerabilities to be scanned.

 @@ -40811,7 +30832,7 @@

Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.

Warning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.

-

Warnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a "warning" as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on "Tracking of Compliance Scans" in FAQs.

+

Warnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a “warning” as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on “Tracking of Compliance Scans” in FAQs.

 @@ -40824,17 +30845,6 @@ - - - @@ -40849,63 +30859,19 @@ - - -

vulnerability monitoring tools and techniques are employed to facilitate interoperability among tools;

- - -

vulnerability monitoring tools and techniques are employed to automate parts of the vulnerability management process by using standards for enumerating platforms, software flaws, and improper configurations;

 - - -

vulnerability monitoring tools and techniques are employed to facilitate interoperability among tools and to automate parts of the vulnerability management process by using standards for formatting checklists and test procedures;

 - - -

vulnerability monitoring tools and techniques are employed to facilitate interoperability among tools and to automate parts of the vulnerability management process by using standards for measuring vulnerability impact;

@@ -40913,65 +30879,21 @@ - - -

vulnerability scan reports and results from vulnerability monitoring are analyzed;

 - - -

legitimate vulnerabilities are remediated in accordance with an organizational assessment of risk;

 - - -

information obtained from the vulnerability monitoring process and control assessments is shared with to help eliminate similar vulnerabilities in other systems;

 - - -

vulnerability monitoring tools that include the capability to readily update the vulnerabilities to be scanned are employed.

@@ -41034,7 +30956,7 @@

the frequency for updating the system vulnerabilities to be scanned is defined (if selected);

- + @@ -41047,26 +30969,12 @@ -

Update the system vulnerabilities to be scanned .

Due to the complexity of modern software, systems, and other factors, new vulnerabilities are discovered on a regular basis. It is important that newly discovered vulnerabilities are added to the list of vulnerabilities to be scanned to ensure that the organization can take steps to mitigate those vulnerabilities in a timely manner.

 - - -

the system vulnerabilities to be scanned are updated .

@@ -41105,7 +31013,7 @@ Breadth and Depth of Coverage - + @@ -41117,26 +31025,12 @@ value="true"/> -

Define the breadth and depth of vulnerability scanning coverage.

The breadth of vulnerability scanning coverage can be expressed as a percentage of components within the system, by the particular types of systems, by the criticality of systems, or by the number of vulnerabilities to be checked. Conversely, the depth of vulnerability scanning coverage can be expressed as the level of the system design that the organization intends to monitor (e.g., component, module, subsystem, element). Organizations can determine the sufficiency of vulnerability scanning coverage with regard to its risk tolerance and other factors. Scanning tools and how the tools are configured may affect the depth and coverage. Multiple scanning tools may be needed to achieve the desired depth and coverage. SP 800-53A provides additional information on the breadth and depth of coverage.

 - - -

the breadth and depth of vulnerability scanning coverage are defined.

@@ -41185,6 +31079,7 @@

corrective actions to be taken if information about the system is discoverable are defined;

+ @@ -41198,9 +31093,6 @@ -

Determine information about the system that is discoverable and take .

 @@ -41209,33 +31101,11 @@ - - -

information about the system is discoverable;

 - - -

are taken when information about the system is confirmed as discoverable.

@@ -41307,6 +31177,7 @@

vulnerability scanning activities selected for privileged access authorization to system components are defined;

+ @@ -41318,26 +31189,12 @@ value="true"/> -

Implement privileged access authorization to for .

In certain situations, the nature of the vulnerability scanning may be more intrusive, or the system component that is the subject of the scanning may contain classified or controlled unclassified information, such as personally identifiable information. Privileged access authorization to selected system components facilitates more thorough vulnerability scanning and protects the sensitive nature of such scanning.

 - - -

privileged access authorization is implemented to for .

@@ -41395,6 +31252,7 @@

a time period for a potential previous exploit of a system is defined;

+ @@ -41408,9 +31266,6 @@ -

Review historic audit logs to determine if a vulnerability identified in a has been previously exploited within an .

RA-5(8) Additional FedRAMP Requirement @@ -41424,17 +31279,6 @@

Reviewing historic audit logs to determine if a recently detected vulnerability in a system has been previously exploited by an adversary can provide important information for forensic analyses. Such analyses can help identify, for example, the extent of a previous intrusion, the trade craft employed during the attack, organizational information exfiltrated or modified, mission or business capabilities affected, and the duration of the attack.

 - - -

historic audit logs are reviewed to determine if a vulnerability identified in a has been previously exploited within .

@@ -41477,6 +31321,7 @@ Public Disclosure Program + @@ -41488,26 +31333,12 @@ value="true"/> -

Establish a public reporting channel for receiving reports of vulnerabilities in organizational systems and system components.

The reporting channel is publicly discoverable and contains clear language authorizing good-faith research and the disclosure of vulnerabilities to the organization. The organization does not condition its authorization on an expectation of indefinite non-disclosure to the public by the reporting entity but may request a specific time period to properly remediate the vulnerability.

 - - -

a public reporting channel is established for receiving reports of vulnerabilities in organizational systems and system components.

@@ -41550,6 +31381,7 @@ Risk Response + @@ -41573,26 +31405,12 @@ -

Respond to findings from security and privacy assessments, monitoring, and audits in accordance with organizational risk tolerance.

Organizations have many options for responding to risk including mitigating risk by implementing new controls or strengthening existing controls, accepting risk with appropriate justification or rationale, sharing or transferring risk, or avoiding risk. The risk tolerance of the organization influences risk response decisions and actions. Risk response addresses the need to determine an appropriate response to risk before generating a plan of action and milestones entry. For example, the response may be to accept risk or reject risk, or it may be possible to mitigate the risk immediately so that a plan of action and milestones entry is not needed. However, if the risk response is to mitigate the risk, and the mitigation cannot be completed immediately, a plan of action and milestones entry is generated.

 - - - @@ -41660,6 +31478,7 @@

decision points in the system development life cycle when a criticality analysis is to be performed are defined;

+ @@ -41679,9 +31498,6 @@ -

Identify critical system components and functions by performing a criticality analysis for at .

 @@ -41690,17 +31506,6 @@

Criticality analysis is performed when an architecture or design is being developed, modified, or upgraded. If such analysis is performed early in the system development life cycle, organizations may be able to modify the system design to reduce the critical nature of these components and functions, such as by adding redundancy or alternate paths into the system design. Criticality analysis can also influence the protection measures required by development contractors. In addition to criticality analysis for systems, system components, and system services, criticality analysis of information is an important consideration. Such analysis is conducted as part of security categorization in RA-2.

 - - -

critical system components and functions are identified by performing a criticality analysis for at .

@@ -41809,6 +31614,7 @@

events that would require the system and services acquisition procedures to be reviewed and updated are defined;

+ @@ -41830,13 +31636,6 @@ - - -

This response must address all control sub-statement requirements.

- -

Develop, document, and disseminate to :

@@ -41858,20 +31657,10 @@ -

Designate an to manage the development, documentation, and dissemination of the system and services acquisition policy and procedures; and

 - - -

This response must address all control sub-statement requirements.

- -

Review and update the current system and services acquisition:

@@ -41892,57 +31681,21 @@ - - -

a system and services acquisition policy is developed and documented;

 - - -

the system and services acquisition policy is disseminated to ;

 - -

system and services acquisition procedures to facilitate the implementation of the system and services acquisition policy and associated system and services acquisition controls are developed and documented;

 - -

the system and services acquisition procedures are disseminated to ;

@@ -41950,13 +31703,6 @@ - - @@ -41996,13 +31742,6 @@ - -

the system and services acquisition policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

@@ -42012,17 +31751,6 @@ - - -

the is designated to manage the development, documentation, and dissemination of the system and services acquisition policy and procedures;

@@ -42030,17 +31758,6 @@ - - - @@ -42055,17 +31772,6 @@ - - - @@ -42109,6 +31815,7 @@ Allocation of Resources + @@ -42129,23 +31836,14 @@ -

Determine the high-level information security and privacy requirements for the system or system service in mission and business process planning;

 -

Determine, document, and allocate the resources required to protect the system or system service as part of the organizational capital planning and investment control process; and

 -

Establish a discrete line item for information security and privacy in organizational programming and budgeting documentation.

 @@ -42158,33 +31856,11 @@ - - -

the high-level information security requirements for the system or system service are determined in mission and business process planning;

 - - -

the high-level privacy requirements for the system or system service are determined in mission and business process planning;

@@ -42194,33 +31870,11 @@ - - -

the resources required to protect the system or system service are determined and documented as part of the organizational capital planning and investment control process;

 - - -

the resources required to protect the system or system service are allocated as part of the organizational capital planning and investment control process;

@@ -42230,33 +31884,11 @@ - - -

a discrete line item for information security is established in organizational programming and budgeting documentation;

 - - -

a discrete line item for privacy is established in organizational programming and budgeting documentation.

@@ -42308,6 +31940,7 @@

system development life cycle is defined;

+ @@ -42339,30 +31972,18 @@ -

Acquire, develop, and manage the system using that incorporates information security and privacy considerations;

 -

Define and document information security and privacy roles and responsibilities throughout the system development life cycle;

 -

Identify individuals having information security and privacy roles and responsibilities; and

 -

Integrate the organizational information security and privacy risk management process into system development life cycle activities.

 @@ -42376,33 +31997,11 @@ - - -

the system is acquired, developed, and managed using that incorporates information security considerations;

 - - -

the system is acquired, developed, and managed using that incorporates privacy considerations;

@@ -42412,33 +32011,11 @@ - - -

information security roles and responsibilities are defined and documented throughout the system development life cycle;

 - - -

privacy roles and responsibilities are defined and documented throughout the system development life cycle;

@@ -42448,33 +32025,11 @@ - - -

individuals with information security roles and responsibilities are identified;

 - - -

individuals with privacy roles and responsibilities are identified;

@@ -42484,33 +32039,11 @@ - - -

organizational information security risk management processes are integrated into system development life cycle activities;

 - - -

organizational privacy risk management processes are integrated into system development life cycle activities.

@@ -42574,6 +32107,7 @@

contract language is defined (if selected);

+ @@ -42621,65 +32155,38 @@

Include the following requirements, descriptions, and criteria, explicitly or by reference, using in the acquisition contract for the system, system component, or system service:

-

Security and privacy functional requirements;

 -

Strength of mechanism requirements;

 -

Security and privacy assurance requirements;

 -

Controls needed to satisfy the security and privacy requirements.

 -

Security and privacy documentation requirements;

 -

Requirements for protecting security and privacy documentation;

 -

Description of the system development environment and environment in which the system is intended to operate;

 -

Allocation of responsibility or identification of parties responsible for information security, privacy, and supply chain risk management; and

 -

Acceptance criteria.

 @@ -42706,77 +32213,11 @@ - - - - - - - - -

security functional requirements, descriptions, and criteria are included explicitly or by reference using in the acquisition contract for the system, system component, or system service;

 - - - - - - - - -

privacy functional requirements, descriptions, and criteria are included explicitly or by reference using in the acquisition contract for the system, system component, or system service;

@@ -42784,17 +32225,6 @@ - - -

strength of mechanism requirements, descriptions, and criteria are included explicitly or by reference using in the acquisition contract for the system, system component, or system service;

@@ -42828,17 +32258,6 @@ - - - @@ -42853,17 +32272,6 @@ - - - @@ -42878,33 +32286,11 @@ - - -

the description of the system development environment and environment in which the system is intended to operate, requirements, and criteria are included explicitly or by reference using in the acquisition contract for the system, system component, or system service;

 - - - @@ -42924,17 +32310,6 @@ - - -

acceptance criteria requirements and descriptions are included explicitly or by reference using in the acquisition contract for the system, system component, or system service.

@@ -42978,6 +32353,7 @@ Functional Properties of Controls + @@ -42989,26 +32365,12 @@ value="true"/> -

Require the developer of the system, system component, or system service to provide a description of the functional properties of the controls to be implemented.

Functional properties of security and privacy controls describe the functionality (i.e., security or privacy capability, functions, or mechanisms) visible at the interfaces of the controls and specifically exclude functionality and data structures internal to the operation of the controls.

 - - -

the developer of the system, system component, or system service is required to provide a description of the functional properties of the controls to be implemented.

@@ -43078,6 +32440,7 @@

level of detail is defined;

+ @@ -43089,26 +32452,12 @@ value="true"/> -

Require the developer of the system, system component, or system service to provide design and implementation information for the controls that includes: at .

Organizations may require different levels of detail in the documentation for the design and implementation of controls in organizational systems, system components, or system services based on mission and business requirements, requirements for resiliency and trustworthiness, and requirements for analysis and testing. Systems can be partitioned into multiple subsystems. Each subsystem within the system can contain one or more modules. The high-level design for the system is expressed in terms of subsystems and the interfaces between subsystems providing security-relevant functionality. The low-level design for the system is expressed in terms of modules and the interfaces between modules providing security-relevant functionality. Design and implementation documentation can include manufacturer, version, serial number, verification hash signature, software libraries used, date of purchase or download, and the vendor or download source. Source code and hardware schematics are referred to as the implementation representation of the system.

 - - -

the developer of the system, system component, or system service is required to provide design and implementation information for the controls that includes using at .

@@ -43161,6 +32510,7 @@

security configurations for the system, component, or service are defined;

+ @@ -43174,16 +32524,10 @@

Require the developer of the system, system component, or system service to:

-

Deliver the system, component, or service with implemented; and

 -

Use the configurations as the default for any subsequent system, component, or service reinstallation or upgrade.

 @@ -43194,33 +32538,11 @@ - - -

the developer of the system, system component, or system service is required to deliver the system, component, or service with implemented;

 - - -

the configurations are used as the default for any subsequent system, component, or service reinstallation or upgrade.

@@ -43262,6 +32584,7 @@ Functions, Ports, Protocols, and Services in Use + @@ -43275,26 +32598,12 @@ -

Require the developer of the system, system component, or system service to identify the functions, ports, protocols, and services intended for organizational use.

The identification of functions, ports, protocols, and services early in the system development life cycle (e.g., during the initial requirements definition and design stages) allows organizations to influence the design of the system, system component, or system service. This early involvement in the system development life cycle helps organizations avoid or minimize the use of functions, ports, protocols, or services that pose unnecessarily high risks and understand the trade-offs involved in blocking specific ports, protocols, or services or requiring system service providers to do so. Early identification of functions, ports, protocols, and services avoids costly retrofitting of controls after the system, component, or system service has been implemented. SA-9 describes the requirements for external system services. Organizations identify which functions, ports, protocols, and services are provided from external sources.

 - - - @@ -43350,6 +32659,7 @@ Use of Approved PIV Products + @@ -43364,26 +32674,12 @@ -

Employ only information technology products on the FIPS 201-approved products list for Personal Identity Verification (PIV) capability implemented within organizational systems.

Products on the FIPS 201-approved products list meet NIST requirements for Personal Identity Verification (PIV) of Federal Employees and Contractors. PIV cards are used for multi-factor authentication in systems and organizations.

 - - -

only information technology products on the FIPS 201-approved products list for the Personal Identity Verification (PIV) capability implemented within organizational systems are employed.

@@ -43442,6 +32738,7 @@

personnel or roles to distribute system documentation to is/are defined;

+ @@ -43473,9 +32770,6 @@ -

Obtain or develop administrator documentation for the system, system component, or system service that describes:

@@ -43492,9 +32786,6 @@ -

Obtain or develop user documentation for the system, system component, or system service that describes:

@@ -43511,16 +32802,10 @@ -

Document attempts to obtain system, system component, or system service documentation when such documentation is either unavailable or nonexistent and take in response; and

 -

Distribute documentation to .

 @@ -43533,17 +32818,6 @@ - - - @@ -43565,65 +32839,21 @@ - - -

administrator documentation for the system, system component, or system service that describes the effective use of security functions and mechanisms is obtained or developed;

 - - -

administrator documentation for the system, system component, or system service that describes the effective maintenance of security functions and mechanisms is obtained or developed;

 - - -

administrator documentation for the system, system component, or system service that describes the effective use of privacy functions and mechanisms is obtained or developed;

 - - -

administrator documentation for the system, system component, or system service that describes the effective maintenance of privacy functions and mechanisms is obtained or developed;

@@ -43631,17 +32861,6 @@ - - - @@ -43662,65 +32881,21 @@ - - -

user documentation for the system, system component, or system service that describes user-accessible security functions and mechanisms is obtained or developed;

 - - -

user documentation for the system, system component, or system service that describes how to effectively use those (user-accessible security) functions and mechanisms is obtained or developed;

 - - -

user documentation for the system, system component, or system service that describes user-accessible privacy functions and mechanisms is obtained or developed;

 - - -

user documentation for the system, system component, or system service that describes how to effectively use those (user-accessible privacy) functions and mechanisms is obtained or developed;

@@ -43730,33 +32905,11 @@ - - -

user documentation for the system, system component, or system service that describes methods for user interaction, which enable individuals to use the system, component, or service in a more secure manner is obtained or developed;

 - - -

user documentation for the system, system component, or system service that describes methods for user interaction, which enable individuals to use the system, component, or service to protect individual privacy is obtained or developed;

@@ -43766,33 +32919,11 @@ - - -

user documentation for the system, system component, or system service that describes user responsibilities for maintaining the security of the system, component, or service is obtained or developed;

 - - -

user documentation for the system, system component, or system service that describes user responsibilities for maintaining the privacy of individuals is obtained or developed;

@@ -43804,33 +32935,11 @@ - - -

attempts to obtain system, system component, or system service documentation when such documentation is either unavailable or nonexistent is documented;

 - - -

after attempts to obtain system, system component, or system service documentation when such documentation is either unavailable or nonexistent, are taken in response;

@@ -43838,17 +32947,6 @@ - - -

documentation is distributed to .

@@ -43910,6 +33008,7 @@

privacy engineering principles are defined;

+ @@ -43948,9 +33047,6 @@ -

Apply the following systems security and privacy engineering principles in the specification, design, development, implementation, and modification of the system and system components: .

 @@ -43961,170 +33057,60 @@ - - -

are applied in the specification of the system and system components;

 - - -

are applied in the design of the system and system components;

 - - -

are applied in the development of the system and system components;

 - - -

are applied in the implementation of the system and system components;

 - - -

are applied in the modification of the system and system components;

 - - -

are applied in the specification of the system and system components;

 - - -

are applied in the design of the system and system components;

 - - -

are applied in the development of the system and system components;

 - - -

are applied in the implementation of the system and system components;

 - - -

are applied in the modification of the system and system components.

@@ -44192,7 +33178,7 @@

processes, methods, and techniques employed to monitor control compliance by external service providers are defined;

- + @@ -44221,23 +33207,14 @@ -

Require that providers of external system services comply with organizational security and privacy requirements and employ the following controls: ;

 -

Define and document organizational oversight and user roles and responsibilities with regard to external system services; and

 -

Employ the following processes, methods, and techniques to monitor control compliance by external service providers on an ongoing basis: .

 @@ -44250,45 +33227,16 @@ - - -

providers of external system services comply with organizational security requirements;

 - - -

providers of external system services comply with organizational privacy requirements;

 - -

providers of external system services employ ;

@@ -44298,25 +33246,11 @@ - -

organizational oversight with regard to external system services are defined and documented;

 - -

user roles and responsibilities with regard to external system services are defined and documented;

@@ -44324,17 +33258,6 @@ - - -

are employed to monitor control compliance by external service providers on an ongoing basis.

@@ -44388,6 +33311,7 @@

personnel or roles that approve the acquisition or outsourcing of dedicated information security services is/are defined;

+ @@ -44403,16 +33327,10 @@ -

Conduct an organizational assessment of risk prior to the acquisition or outsourcing of information security services; and

 -

Verify that the acquisition or outsourcing of dedicated information security services is approved by .

 @@ -44423,33 +33341,11 @@ - - -

an organizational assessment of risk is conducted prior to the acquisition or outsourcing of information security services;

 - - -

approve the acquisition or outsourcing of dedicated information security services.

@@ -44508,6 +33404,7 @@

external system services that require the identification of functions, ports, protocols, and other services are defined;

+ @@ -44521,26 +33418,12 @@ -

Require providers of the following external system services to identify the functions, ports, protocols, and other services required for the use of such services: .

Information from external service providers regarding the specific functions, ports, protocols, and services used in the provision of such services can be useful when the need arises to understand the trade-offs involved in restricting certain functions and services or blocking certain ports and protocols.

 - - -

providers of are required to identify the functions, ports, protocols, and other services required for the use of such services.

@@ -44609,6 +33492,7 @@

requirements or conditions for restricting the location of are defined;

+ @@ -44622,26 +33506,12 @@ -

Restrict the location of to based on .

The location of information processing, information and data storage, or system services can have a direct impact on the ability of organizations to successfully execute their mission and business functions. The impact occurs when external providers control the location of processing, storage, or services. The criteria that external providers use for the selection of processing, storage, or service locations may be different from the criteria that organizations use. For example, organizations may desire that data or information storage locations be restricted to certain locations to help facilitate incident response activities in case of information security incidents or breaches. Incident response activities, including forensic analyses and after-the-fact investigations, may be adversely affected by the governing laws, policies, or protocols in the locations where processing and storage occur and/or the locations from which system services emanate.

 - - -

based on , is/are restricted to .

@@ -44713,6 +33583,7 @@

personnel to whom security flaws and flaw resolutions within the system, component, or service are reported is/are defined;

+ @@ -44744,37 +33615,22 @@

Require the developer of the system, system component, or system service to:

-

Perform configuration management during system, component, or service ;

 -

Document, manage, and control the integrity of changes to ;

 -

Implement only organization-approved changes to the system, component, or service;

 -

Document approved changes to the system, component, or service and the potential security and privacy impacts of such changes; and

 -

Track security flaws and flaw resolution within the system, component, or service and report findings to .

 @@ -44793,37 +33649,11 @@ - - -

the developer of the system, system component, or system service is required to perform configuration management during system, component, or service ;

 - - - - @@ -44843,33 +33673,11 @@ - - -

the developer of the system, system component, or system service is required to implement only organization-approved changes to the system, component, or service;

 - - - @@ -44889,17 +33697,6 @@ - - - @@ -44980,6 +33777,7 @@

depth and coverage of testing/evaluation is defined;

+ @@ -45010,37 +33808,22 @@

Require the developer of the system, system component, or system service, at all post-design stages of the system development life cycle, to:

-

Develop and implement a plan for ongoing security and privacy control assessments;

 -

Perform testing/evaluation at ;

 -

Produce evidence of the execution of the assessment plan and the results of the testing and evaluation;

 -

Implement a verifiable flaw remediation process; and

 -

Correct flaws identified during testing and evaluation.

 @@ -45054,81 +33837,21 @@ - - - -

the developer of the system, system component, or system service is required at all post-design stages of the system development life cycle to develop a plan for ongoing security assessments;

 - - - -

the developer of the system, system component, or system service is required at all post-design stages of the system development life cycle to implement a plan for ongoing security assessments;

 - - - -

the developer of the system, system component, or system service is required at all post-design stages of the system development life cycle to develop a plan for privacy assessments;

 - - - -

the developer of the system, system component, or system service is required at all post-design stages of the system development life cycle to implement a plan for ongoing privacy assessments;

@@ -45136,33 +33859,11 @@ - - -

the developer of the system, system component, or system service is required at all post-design stages of the system development life cycle to perform testing/evaluation at ;

 - - - @@ -45177,33 +33878,11 @@ - - -

the developer of the system, system component, or system service is required at all post-design stages of the system development life cycle to implement a verifiable flaw remediation process;

 - - -

the developer of the system, system component, or system service is required at all post-design stages of the system development life cycle to correct flaws identified during testing and evaluation.

@@ -45254,7 +33933,7 @@ Static Code Analysis - + @@ -45266,9 +33945,6 @@ value="true"/> -

Require the developer of the system, system component, or system service to employ static code analysis tools to identify common flaws and document the results of the analysis.

SA-11(1) Additional FedRAMP Requirements @@ -45283,17 +33959,6 @@

Static code analysis provides a technology and methodology for security reviews and includes checking for weaknesses in the code as well as for the incorporation of libraries or other included code with known vulnerabilities or that are out-of-date and not supported. Static code analysis can be used to identify vulnerabilities and enforce secure coding practices. It is most effective when used early in the development process, when each code change can automatically be scanned for potential weaknesses. Static code analysis can provide clear remediation guidance and identify defects for developers to fix. Evidence of the correct implementation of static analysis can include aggregate defect density for critical defect types, evidence that defects were inspected by developers or security professionals, and evidence that defects were remediated. A high density of ignored findings, commonly referred to as false positives, indicates a potential problem with the analysis process or the analysis tool. In such cases, organizations weigh the validity of the evidence against evidence from other sources.

 - - - @@ -45396,6 +34061,7 @@

acceptance criteria to be met by produced evidence for vulnerability analyses are defined;

+ @@ -45412,30 +34078,18 @@

Require the developer of the system, system component, or system service to perform threat modeling and vulnerability analyses during development and the subsequent testing and evaluation of the system, component, or service that:

-

Uses the following contextual information: ;

 -

Employs the following tools and methods: ;

 -

Conducts the modeling and analyses at the following level of rigor: ; and

 -

Produces evidence that meets the following acceptance criteria: .

 @@ -45448,65 +34102,21 @@ - - -

the developer of the system, system component, or system service is required to perform threat modeling during development of the system, component, or service that uses ;

 - - -

the developer of the system, system component, or system service is required to perform vulnerability analyses during development of the system, component, or service that uses ;

 - - -

the developer of the system, system component, or system service is required to perform threat modeling during the subsequent testing and evaluation of the system, component, or service that uses ;

 - - -

the developer of the system, system component, or system service is required to perform vulnerability analyses during the subsequent testing and evaluation of the system, component, or service that uses ;

@@ -45516,65 +34126,21 @@ - - -

the developer of the system, system component, or system service is required to perform threat modeling during development of the system, component, or service that employs ;

 - - -

the developer of the system, system component, or system service is required to perform threat modeling during the subsequent testing and evaluation of the system, component, or service that employs ;

 - - -

the developer of the system, system component, or system service is required to perform vulnerability analyses during development of the system, component, or service that employs ;

 - - -

the developer of the system, system component, or system service is required to perform vulnerability analyses during the subsequent testing and evaluation of the system, component, or service that employs ;

@@ -45584,33 +34150,11 @@ - - -

the developer of the system, system component, or system service is required to perform threat modeling at during development of the system, component, or service;

 - - -

the developer of the system, system component, or system service is required to perform vulnerability analyses during the subsequent testing and evaluation of the system, component, or service that conducts modeling and analyses at ;

@@ -45620,65 +34164,21 @@ - - -

the developer of the system, system component, or system service is required to perform threat modeling during development of the system, component, or service that produces evidence that meets ;

 - - -

the developer of the system, system component, or system service is required to perform threat modeling during the subsequent testing and evaluation of the system, component, or service that produces evidence that meets ;

 - - -

the developer of the system, system component, or system service is required to perform vulnerability analyses during development of the system, component, or service that produces evidence that meets ;

 - - -

the developer of the system, system component, or system service is required to perform vulnerability analyses during the subsequent testing and evaluation of the system, component, or service that produces evidence that meets .

@@ -45761,6 +34261,7 @@

privacy requirements to be satisfied by the process, standards, tools, tool options, and tool configurations are defined;

+ @@ -45785,9 +34286,6 @@ -

Require the developer of the system, system component, or system service to follow a documented development process that:

@@ -45808,9 +34306,6 @@ -

Review the development process, standards, tools, tool options, and tool configurations to determine if the process, standards, tools, tool options and tool configurations selected and employed can satisfy the following security and privacy requirements: .

 @@ -45825,33 +34320,11 @@ - - -

the developer of the system, system component, or system service is required to follow a documented development process that explicitly addresses security requirements;

 - - -

the developer of the system, system component, or system service is required to follow a documented development process that explicitly addresses privacy requirements;

@@ -45859,17 +34332,6 @@ - - - @@ -45884,17 +34346,6 @@ - - - @@ -45909,21 +34360,6 @@ - - - -

the developer of the system, system component, or system service is required to follow a documented development process that documents, manages, and ensures the integrity of changes to the process and/or tools used in development;

@@ -45933,33 +34369,11 @@ - - -

the developer of the system, system component, or system service is required to follow a documented development process in which the development process, standards, tools, tool options, and tool configurations are reviewed to determine that the process, standards, tools, tool options, and tool configurations selected and employed satisfy ;

 - - -

the developer of the system, system component, or system service is required to follow a documented development process in which the development process, standards, tools, tool options, and tool configurations are reviewed to determine that the process, standards, tools, tool options, and tool configurations selected and employed satisfy .

@@ -46027,6 +34441,7 @@

the depth of criticality analysis is defined;

+ @@ -46041,16 +34456,10 @@

Require the developer of the system, system component, or system service to perform a criticality analysis:

-

At the following decision points in the system development life cycle: ; and

 -

At the following level of rigor: .

 @@ -46059,17 +34468,6 @@

Criticality analysis performed by the developer provides input to the criticality analysis performed by organizations. Developer input is essential to organizational criticality analysis because organizations may not have access to detailed design documentation for system components that are developed as commercial off-the-shelf products. Such design documentation includes functional specifications, high-level designs, low-level designs, source code, and hardware schematics. Criticality analysis is important for organizational systems that are designated as high value assets. High value assets can be moderate- or high-impact systems due to heightened adversarial interest or potential adverse effects on the federal enterprise. Developer input is especially important when organizations conduct supply chain criticality analyses.

 - - - @@ -46140,6 +34538,7 @@

training on the correct use and operation of the implemented security and privacy functions, controls, and/or mechanisms provided by the developer of the system, system component, or system service is defined;

+ @@ -46155,26 +34554,12 @@ -

Require the developer of the system, system component, or system service to provide the following training on the correct use and operation of the implemented security and privacy functions, controls, and/or mechanisms: .

Developer-provided training applies to external and internal (in-house) developers. Training personnel is essential to ensuring the effectiveness of the controls implemented within organizational systems. Types of training include web-based and computer-based training, classroom-style training, and hands-on training (including micro-training). Organizations can also request training materials from developers to conduct in-house training or offer self-training to organizational personnel. Organizations determine the type of training necessary and may require different types of training for different security and privacy functions, controls, and mechanisms.

 - - -

the developer of the system, system component, or system service is required to provide on the correct use and operation of the implemented security and privacy functions, controls, and/or mechanisms.

@@ -46213,6 +34598,7 @@ Developer Security and Privacy Architecture and Design + @@ -46235,23 +34621,14 @@

Require the developer of the system, system component, or system service to produce a design specification and security and privacy architecture that:

-

Is consistent with the organization’s security and privacy architecture that is an integral part the organization’s enterprise architecture;

 -

Accurately and completely describes the required security and privacy functionality, and the allocation of controls among physical and logical components; and

 -

Expresses how individual security and privacy functions, mechanisms, and services work together to provide required security and privacy capabilities and a unified approach to protection.

 @@ -46264,33 +34641,11 @@ - - -

the developer of the system, system component, or system service is required to produce a design specification and security architecture that are consistent with the organization’s security architecture, which is an integral part the organization’s enterprise architecture;

 - - -

the developer of the system, system component, or system service is required to produce a design specification and privacy architecture that are consistent with the organization’s privacy architecture, which is an integral part the organization’s enterprise architecture;

@@ -46300,33 +34655,11 @@ - - -

the developer of the system, system component, or system service is required to produce a design specification and security architecture that accurately and completely describe the required security functionality and the allocation of controls among physical and logical components;

 - - -

the developer of the system, system component, or system service is required to produce a design specification and privacy architecture that accurately and completely describe the required privacy functionality and the allocation of controls among physical and logical components;

@@ -46336,33 +34669,11 @@ - - -

the developer of the system, system component, or system service is required to produce a design specification and security architecture that express how individual security functions, mechanisms, and services work together to provide required security capabilities and a unified approach to protection;

 - - -

the developer of the system, system component, or system service is required to produce a design specification and privacy architecture that express how individual privacy functions, mechanisms, and services work together to provide required privacy capabilities and a unified approach to protection.

@@ -46421,6 +34732,7 @@

additional personnel screening criteria for the developer are defined;

+ @@ -46439,16 +34751,10 @@

Require that the developer of :

-

Has appropriate access authorizations as determined by assigned ; and

 -

Satisfies the following additional personnel screening criteria: .

 @@ -46459,33 +34765,11 @@ - - -

the developer of is required to have appropriate access authorizations as determined by assigned ;

 - - -

the developer of is required to satisfy .

@@ -46545,6 +34829,7 @@

support from external providers is defined (if selected);

+ @@ -46558,16 +34843,10 @@ -

Replace system components when support for the components is no longer available from the developer, vendor, or manufacturer; or

 -

Provide the following options for alternative sources for continued support for unsupported components .

 @@ -46579,33 +34858,11 @@ - - -

system components are replaced when support for the components is no longer available from the developer, vendor, or manufacturer;

 - - -

provide options for alternative sources for continued support for unsupported components.

@@ -46717,6 +34974,7 @@

events that would require the system and communications protection procedures to be reviewed and updated are defined;

+ @@ -46735,13 +34993,6 @@ - - -

This response must address all control sub-statement requirements.

- -

Develop, document, and disseminate to :

@@ -46763,20 +35014,10 @@ -

Designate an to manage the development, documentation, and dissemination of the system and communications protection policy and procedures; and

 - - -

This response must address all control sub-statement requirements.

- -

Review and update the current system and communications protection:

@@ -46797,57 +35038,21 @@ - - -

a system and communications protection policy is developed and documented;

 - - -

the system and communications protection policy is disseminated to ;

 - -

system and communications protection procedures to facilitate the implementation of the system and communications protection policy and associated system and communications protection controls are developed and documented;

 - -

the system and communications protection procedures are disseminated to ;

@@ -46855,13 +35060,6 @@ - - @@ -46901,13 +35099,6 @@ - -

the system and communications protection policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

@@ -46917,17 +35108,6 @@ - - -

the is designated to manage the development, documentation, and dissemination of the system and communications protection policy and procedures;

@@ -46935,17 +35115,6 @@ - - - @@ -46960,17 +35129,6 @@ - - - @@ -47012,6 +35170,7 @@ Separation of System and User Functionality + @@ -47030,26 +35189,12 @@ -

Separate user functionality, including user interface services, from system management functionality.

System management functionality includes functions that are necessary to administer databases, network components, workstations, or servers. These functions typically require privileged user access. The separation of user functions from system management functions is physical or logical. Organizations may separate system management functions from user functions by using different computers, instances of operating systems, central processing units, or network addresses; by employing virtualization techniques; or some combination of these or other methods. Separation of system management functions from user functions includes web administrative interfaces that employ separate authentication methods for users of any other system resources. Separation of system and user functions may include isolating administrative interfaces on different domains and with additional access controls. The separation of system and user functionality can be achieved by applying the systems security engineering design principles in SA-8 , including SA-8(1), SA-8(3), SA-8(4), SA-8(10), SA-8(12), SA-8(13), SA-8(14) , and SA-8(18).

 - - -

user functionality, including user interface services, is separated from system management functionality.

@@ -47086,6 +35231,7 @@ Security Function Isolation + @@ -47111,26 +35257,12 @@ -

Isolate security functions from nonsecurity functions.

Security functions are isolated from nonsecurity functions by means of an isolation boundary implemented within a system via partitions and domains. The isolation boundary controls access to and protects the integrity of the hardware, software, and firmware that perform system security functions. Systems implement code separation in many ways, such as through the provision of security kernels via processor rings or processor modes. For non-kernel code, security function isolation is often achieved through file system protections that protect the code on disk and address space protections that protect executing code. Systems can restrict access to security functions using access control mechanisms and by implementing least privilege capabilities. While the ideal is for all code within the defined security function isolation boundary to only contain security-relevant code, it is sometimes necessary to include nonsecurity functions as an exception. The isolation of security functions from nonsecurity functions can be achieved by applying the systems security engineering design principles in SA-8 , including SA-8(1), SA-8(3), SA-8(4), SA-8(10), SA-8(12), SA-8(13), SA-8(14) , and SA-8(18).

 - - -

security functions are isolated from non-security functions.

@@ -47168,6 +35300,7 @@ Information in Shared System Resources + @@ -47178,26 +35311,12 @@ -

Prevent unauthorized and unintended information transfer via shared system resources.

Preventing unauthorized and unintended information transfer via shared system resources stops information produced by the actions of prior users or roles (or the actions of processes acting on behalf of prior users or roles) from being available to current users or roles (or current processes acting on behalf of current users or roles) that obtain access to shared system resources after those resources have been released back to the system. Information in shared system resources also applies to encrypted representations of information. In other contexts, control of information in shared system resources is referred to as object reuse and residual information protection. Information in shared system resources does not address information remanence, which refers to the residual representation of data that has been nominally deleted; covert channels (including storage and timing channels), where shared system resources are manipulated to violate information flow restrictions; or components within systems for which there are only single users or roles.

 - - - @@ -47271,6 +35390,7 @@

controls to achieve the denial-of-service objective by type of denial-of-service event are defined;

+ @@ -47285,17 +35405,11 @@ -

the effects of the following types of denial-of-service events: ; and

 -

Employ the following controls to achieve the denial-of-service objective: .

 @@ -47306,29 +35420,11 @@ - - -

the effects of are ;

 - -

are employed to achieve the denial-of-service protection objective.

@@ -47377,7 +35473,7 @@ logically - + @@ -47417,23 +35513,14 @@ -

Monitor and control communications at the external managed interfaces to the system and at key internal managed interfaces within the system;

 -

Implement subnetworks for publicly accessible system components that are separated from internal organizational networks; and

 -

Connect to external networks or systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security and privacy architecture.

 @@ -47453,65 +35540,21 @@ - - -

communications at external managed interfaces to the system are monitored;

 - - -

communications at external managed interfaces to the system are controlled;

 - - -

communications at key internal managed interfaces within the system are monitored;

 - - -

communications at key internal managed interfaces within the system are controlled;

@@ -47519,41 +35562,11 @@ - - - -

subnetworks for publicly accessible system components are separated from internal organizational networks;

 - - - -

external networks or systems are only connected to through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security and privacy architecture.

@@ -47595,7 +35608,7 @@ Access Points - + @@ -47604,30 +35617,12 @@ value="system"/> -

Limit the number of external network connections to the system.

Limiting the number of external network connections facilitates monitoring of inbound and outbound communications traffic. The Trusted Internet Connection DHS TIC initiative is an example of a federal guideline that requires limits on the number of external network connections. Limiting the number of external network connections to the system is important during transition periods from older to newer technologies (e.g., transitioning from IPv4 to IPv6 network protocols). Such transitions may require implementing the older and newer technologies simultaneously during the transition period and thus increase the number of access points to the system.

 - - - -

the number of external network connections to the system is limited.

@@ -47679,7 +35674,7 @@

the frequency at which to review exceptions to traffic flow policy is defined;

- + @@ -47694,58 +35689,34 @@ -

Implement a managed interface for each external telecommunication service;

 -

Establish a traffic flow policy for each managed interface;

 -

Protect the confidentiality and integrity of the information being transmitted across each interface;

 -

Document each exception to the traffic flow policy with a supporting mission or business need and duration of that need;

 -

Review exceptions to the traffic flow policy and remove exceptions that are no longer supported by an explicit mission or business need;

 -

Prevent unauthorized exchange of control plane traffic with external networks;

 -

Publish information to enable remote networks to detect unauthorized control plane traffic from internal networks; and

 -

Filter unauthorized control plane traffic from external networks.

 @@ -47756,53 +35727,16 @@ - - - -

a managed interface is implemented for each external telecommunication service;

 - - -

a traffic flow policy is established for each managed interface;

 - - - @@ -47817,33 +35751,11 @@ - - -

each exception to the traffic flow policy is documented with a supporting mission or business need and duration of that need;

 - - - @@ -47858,61 +35770,16 @@ - - - -

unauthorized exchanges of control plan traffic with external networks are prevented;

 - - - -

information is published to enable remote networks to detect unauthorized control plane traffic from internal networks;

 - - - -

unauthorized control plane traffic is filtered from external networks.

@@ -47978,7 +35845,7 @@

systems for which network communications traffic is denied by default and network communications traffic is allowed by exception are defined (if selected).

- + @@ -47987,9 +35854,6 @@ value="system"/> -

Deny network communications traffic by default and allow network communications traffic by exception .

SC-7 (5) Additional FedRAMP Requirements and Guidance @@ -48003,21 +35867,6 @@

Denying by default and allowing by exception applies to inbound and outbound network communications traffic. A deny-all, permit-by-exception network communications traffic policy ensures that only those system connections that are essential and approved are allowed. Deny by default, allow by exception also applies to a system that is connected to an external system.

 - - - - @@ -48070,7 +35919,7 @@

safeguards to securely provision split tunneling are defined;

- + @@ -48079,30 +35928,12 @@ value="system"/> -

Prevent split tunneling for remote devices connecting to organizational systems unless the split tunnel is securely provisioned using .

Split tunneling is the process of allowing a remote user or device to establish a non-remote connection with a system and simultaneously communicate via some other connection to a resource in an external network. This method of network access enables a user to access remote devices and simultaneously, access uncontrolled networks. Split tunneling might be desirable by remote users to communicate with local system resources, such as printers or file servers. However, split tunneling can facilitate unauthorized external connections, making the system vulnerable to attack and to exfiltration of organizational information. Split tunneling can be prevented by disabling configuration settings that allow such capability in remote devices and by preventing those configuration settings from being configurable by users. Prevention can also be achieved by the detection of split tunneling (or of configuration settings that allow split tunneling) in the remote device, and by prohibiting the connection if the remote device is using split tunneling. A virtual private network (VPN) can be used to securely provision a split tunnel. A securely provisioned VPN includes locking connectivity to exclusive, managed, and named environments, or to a specific set of pre-approved addresses, without user control.

 - - - -

split tunneling is prevented for remote devices connecting to organizational systems unless the split tunnel is securely provisioned using .

@@ -48160,7 +35991,7 @@

external networks to which internal communications traffic is to be routed are defined;

- + @@ -48170,30 +36001,12 @@ -

Route to through authenticated proxy servers at managed interfaces.

External networks are networks outside of organizational control. A proxy server is a server (i.e., system or application) that acts as an intermediary for clients requesting system resources from non-organizational or other organizational servers. System resources that may be requested include files, connections, web pages, or services. Client requests established through a connection to a proxy server are assessed to manage complexity and provide additional protection by limiting direct connectivity. Web content filtering devices are one of the most common proxy servers that provide access to the Internet. Proxy servers can support the logging of Transmission Control Protocol sessions and the blocking of specific Uniform Resource Locators, Internet Protocol addresses, and domain names. Web proxies can be configured with organization-defined lists of authorized and unauthorized websites. Note that proxy servers may inhibit the use of virtual private networks (VPNs) and create the potential for man-in-the-middle attacks (depending on the implementation).

 - - - -

is routed to through authenticated proxy servers at managed interfaces.

@@ -48240,6 +36053,7 @@

the frequency for conducting exfiltration tests is defined;

+ @@ -48252,16 +36066,10 @@ -

Prevent the exfiltration of information; and

 -

Conduct exfiltration tests .

 @@ -48272,37 +36080,11 @@ - - - -

the exfiltration of information is prevented;

 - - -

exfiltration tests are conducted .

@@ -48358,7 +36140,7 @@

system components where host-based boundary protection mechanisms are to be implemented are defined;

- + @@ -48367,30 +36149,12 @@ value="system"/> -

Implement at .

Host-based boundary protection mechanisms include host-based firewalls. System components that employ host-based boundary protection mechanisms include servers, workstations, notebook computers, and mobile devices.

 - - - -

are implemented at .

@@ -48430,7 +36194,7 @@ Fail Secure - + @@ -48445,30 +36209,12 @@ -

Prevent systems from entering unsecure states in the event of an operational failure of a boundary protection device.

Fail secure is a condition achieved by employing mechanisms to ensure that in the event of operational failures of boundary protection devices at managed interfaces, systems do not enter into unsecure states where intended security properties no longer hold. Managed interfaces include routers, firewalls, and application gateways that reside on protected subnetworks (commonly referred to as demilitarized zones). Failures of boundary protection devices cannot lead to or cause information external to the devices to enter the devices nor can failures permit unauthorized information releases.

 - - - -

systems are prevented from entering unsecure states in the event of an operational failure of a boundary protection device.

@@ -48513,7 +36259,7 @@

system components to be dynamically isolated from other system components are defined;

- + @@ -48522,30 +36268,12 @@ value="system"/> -

Provide the capability to dynamically isolate from other system components.

The capability to dynamically isolate certain internal system components is useful when it is necessary to partition or separate system components of questionable origin from components that possess greater trustworthiness. Component isolation reduces the attack surface of organizational systems. Isolating selected system components can also limit the damage from successful attacks when such attacks occur.

 - - - -

the capability to dynamically isolate from other system components is provided.

@@ -48598,7 +36326,7 @@

missions and/or business functions to be supported by system components isolated by boundary protection mechanisms are defined;

- + @@ -48614,30 +36342,12 @@ -

Employ boundary protection mechanisms to isolate supporting .

Organizations can isolate system components that perform different mission or business functions. Such isolation limits unauthorized information flows among system components and provides the opportunity to deploy greater levels of protection for selected system components. Isolating system components with boundary protection mechanisms provides the capability for increased protection of individual system components and to more effectively control information flows between those components. Isolating system components provides enhanced protection that limits the potential harm from hostile cyber-attacks and errors. The degree of isolation varies depending upon the mechanisms chosen. Boundary protection mechanisms include routers, gateways, and firewalls that separate system components into physically separate networks or subnetworks; cross-domain devices that separate subnetworks; virtualization techniques; and the encryption of information flows among system components using distinct encryption keys.

 - - - -

boundary protection mechanisms are employed to isolate supporting .

@@ -48689,7 +36399,7 @@ integrity - + @@ -48720,9 +36430,6 @@ -

Protect the of transmitted information.

SC-8 Additional FedRAMP Requirements and Guidance @@ -48738,7 +36445,7 @@
  • Replication between availability zones
  • Transmission of backups to storage
  • From a load balancer to a compute instance
    • -
  • Flows from management tools required for their work - e.g. log collection, scanning, etc.
    • +
  • Flows from management tools required for their work – e.g. log collection, scanning, etc.

    • The following applies only when choosing SC-8 (5) in lieu of SC-8 (1).

    @@ -48752,7 +36459,7 @@

    Hardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).

    -

    Controlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS's Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS' recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).

    +

    Controlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS’s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS’ recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).

    Note: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.

    @@ -48769,21 +36476,6 @@

    Organizations that rely on commercial providers who offer transmission services as commodity services rather than as fully dedicated services may find it difficult to obtain the necessary assurances regarding the implementation of needed controls for transmission confidentiality and integrity. In such situations, organizations determine what types of confidentiality or integrity services are available in standard, commercial telecommunications service packages. If it is not feasible to obtain the necessary controls and assurances of control effectiveness through appropriate contracting vehicles, organizations can implement appropriate compensating controls.

     - - - -

    the of transmitted information is/are protected.

    @@ -48830,6 +36522,7 @@ detect changes to information + @@ -48840,9 +36533,6 @@ -

    Implement cryptographic mechanisms to during transmission.

    SC-8 (1) Additional FedRAMP Requirements and Guidance @@ -48869,21 +36559,6 @@

    Encryption protects information from unauthorized disclosure and modification during transmission. Cryptographic mechanisms that protect the confidentiality and integrity of information during transmission include TLS and IPSec. Cryptographic mechanisms used to protect information integrity include cryptographic hash functions that have applications in digital signatures, checksums, and message authentication codes.

     - - - -

    cryptographic mechanisms are implemented to during transmission.

    @@ -48934,6 +36609,7 @@

    a time period of inactivity after which the system terminates a network connection associated with a communication session is defined;

    + @@ -48943,30 +36619,12 @@ -

    Terminate the network connection associated with a communications session at the end of the session or after of inactivity.

    Network disconnect applies to internal and external networks. Terminating network connections associated with specific communications sessions includes de-allocating TCP/IP address or port pairs at the operating system level and de-allocating the networking assignments at the application level if multiple application sessions are using a single operating system-level network connection. Periods of inactivity may be established by organizations and include time periods by type of network access or for specific network accesses.

     - - - -

    the network connection associated with a communication session is terminated at the end of the session or after of inactivity.

    @@ -49015,7 +36673,7 @@

    requirements for key generation, distribution, storage, access, and destruction are defined;

    - + @@ -49047,7 +36705,6 @@ - @@ -49056,9 +36713,6 @@ -

    Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: .

    SC-12 Additional FedRAMP Requirements and Guidance @@ -49080,21 +36734,6 @@

    Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Organizations define key management requirements in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines and specify appropriate options, parameters, and levels. Organizations manage trust stores to ensure that only approved trust anchors are part of such trust stores. This includes certificates with visibility external to organizational systems and certificates related to the internal operations of systems. NIST CMVP and NIST CAVP provide additional information on validated cryptographic modules and algorithms that can be used in cryptographic key management and establishment.

     - - - - @@ -49140,6 +36779,7 @@ Availability + @@ -49151,26 +36791,12 @@ value="system"/> -

    Maintain availability of information in the event of the loss of cryptographic keys by users.

    Escrowing of encryption keys is a common practice for ensuring availability in the event of key loss. A forgotten passphrase is an example of losing a cryptographic key.

     - - -

    information availability is maintained in the event of the loss of cryptographic keys by users.

    @@ -49225,7 +36851,7 @@

    types of cryptography for each specified cryptographic use are defined;

    - + @@ -49264,16 +36890,10 @@ -

    Determine the ; and

     -

    Implement the following types of cryptography required for each specified cryptographic use: .

     @@ -49324,38 +36944,12 @@ - - -

    are identified;

     - - - -

    for each specified cryptographic use (defined in SC-13_ODP[01]) are implemented.

    @@ -49409,6 +37003,7 @@

    exceptions where remote activation is to be allowed are defined;

    + @@ -49419,16 +37014,10 @@ -

    Prohibit remote activation of collaborative computing devices and applications with the following exceptions: ; and

     -

    Provide an explicit indication of use to users physically present at the devices.

     @@ -49446,37 +37035,11 @@ - - -

    remote activation of collaborative computing devices and applications is prohibited except ;

     - - - -

    an explicit indication of use is provided to users physically present at the devices.

    @@ -49524,6 +37087,7 @@

    a certificate policy for issuing public key certificates is defined;

    + @@ -49543,16 +37107,10 @@ -

    Issue public key certificates under an or obtain public key certificates from an approved service provider; and

     -

    Include only approved trust anchors in trust stores or certificate stores managed by the organization.

     @@ -49563,37 +37121,11 @@ - - -

    public key certificates are issued under , or public key certificates are obtained from an approved service provider;

     - - - -

    only approved trust anchors are included in trust stores or certificate stores managed by the organization.

    @@ -49632,6 +37164,7 @@     Mobile Code + @@ -49646,16 +37179,10 @@ -

    Define acceptable and unacceptable mobile code and mobile code technologies; and

     -

    Authorize, monitor, and control the use of mobile code within the system.

     @@ -49666,13 +37193,6 @@ - - @@ -49697,17 +37217,6 @@ - - - @@ -49765,6 +37274,7 @@     Secure Name/Address Resolution Service (Authoritative Source) + @@ -49782,16 +37292,10 @@ -

    Provide additional data origin authentication and integrity verification artifacts along with the authoritative name resolution data the system returns in response to external name/address resolution queries; and

     -

    Provide the means to indicate the security status of child zones and (if the child supports secure resolution services) to enable verification of a chain of trust among parent and child domains, when operating as part of a distributed, hierarchical namespace.

     @@ -49825,21 +37329,6 @@ - - - - @@ -49856,41 +37345,11 @@ - - - -

    the means to indicate the security status of child zones (and if the child supports secure resolution services) is provided when operating as part of a distributed, hierarchical namespace;

     - - - -

    the means to enable verification of a chain of trust among parent and child domains when operating as part of a distributed, hierarchical namespace is provided.

    @@ -49930,7 +37389,7 @@     Secure Name/Address Resolution Service (Recursive or Caching Resolver) - + @@ -49941,9 +37400,6 @@ -

    Request and perform data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources.

    SC-21 Additional FedRAMP Requirements and Guidance @@ -49977,21 +37433,6 @@

    Each client of name resolution services either performs this validation on its own or has authenticated channels to trusted validation providers. Systems that provide name and address resolution services for local clients include recursive resolving or caching domain name system (DNS) servers. DNS client resolvers either perform validation of DNSSEC signatures, or clients use authenticated channels to recursive resolvers that perform such validations. Systems that use technologies other than the DNS to map between host and service names and network addresses provide some other means to enable clients to verify the authenticity and integrity of response data.

     - - - - @@ -50047,6 +37488,7 @@     Architecture and Provisioning for Name/Address Resolution Service + @@ -50059,30 +37501,12 @@ -

    Ensure the systems that collectively provide name/address resolution service for an organization are fault-tolerant and implement internal and external role separation.

    Systems that provide name and address resolution services include domain name system (DNS) servers. To eliminate single points of failure in systems and enhance redundancy, organizations employ at least two authoritative domain name system servers—one configured as the primary server and the other configured as the secondary server. Additionally, organizations typically deploy the servers in two geographically separated network subnetworks (i.e., not located in the same physical facility). For role separation, DNS servers with internal roles only process name and address resolution requests from within organizations (i.e., from internal clients). DNS servers with external roles only process name and address resolution information requests from clients external to organizations (i.e., on external networks, including the Internet). Organizations specify clients that can access authoritative DNS servers in certain roles (e.g., by address ranges and explicit lists).

     - - - - @@ -50135,6 +37559,7 @@     Session Authenticity + @@ -50150,30 +37575,12 @@ -

    Protect the authenticity of communications sessions.

    Protecting session authenticity addresses communications protection at the session level, not at the packet level. Such protection establishes grounds for confidence at both ends of communications sessions in the ongoing identities of other parties and the validity of transmitted information. Authenticity protection includes protecting against man-in-the-middle attacks, session hijacking, and the insertion of false information into sessions.

     - - - -

    the authenticity of communication sessions is protected.

    @@ -50227,6 +37634,7 @@

    system state information to be preserved in the event of a system failure is defined;

    + @@ -50245,30 +37653,12 @@ -

    Fail to a for the following failures on the indicated components while preserving in failure: .

    Failure in a known state addresses security concerns in accordance with the mission and business needs of organizations. Failure in a known state prevents the loss of confidentiality, integrity, or availability of information in the event of failures of organizational systems or system components. Failure in a known safe state helps to prevent systems from failing to a state that may cause injury to individuals or destruction to property. Preserving system state information facilitates system restart and return to the operational mode with less disruption of mission and business processes.

     - - - -

    fail to a while preserving in failure.

    @@ -50326,7 +37716,7 @@

    information at rest requiring protection is defined;

    - + @@ -50362,9 +37752,6 @@ -

    Protect the of the following information at rest: .

    SC-28 Additional FedRAMP Requirements and Guidance @@ -50386,21 +37773,6 @@

    Information at rest refers to the state of information when it is not in process or in transit and is located on system components. Such components include internal or external hard disk drives, storage area network devices, or databases. However, the focus of protecting information at rest is not on the type of storage device or frequency of access but rather on the state of the information. Information at rest addresses the confidentiality and integrity of information and covers user information and system information. System-related information that requires protection includes configurations or rule sets for firewalls, intrusion detection and prevention systems, filtering routers, and authentication information. Organizations may employ different mechanisms to achieve confidentiality and integrity protections, including the use of cryptographic mechanisms and file share scanning. Integrity protection can be achieved, for example, by implementing write-once-read-many (WORM) technologies. When adequate protection of information at rest cannot otherwise be achieved, organizations may employ other controls, including frequent scanning to identify malicious code at rest and secure offline storage in lieu of online storage.

     - - - -

    the of is/are protected.

    @@ -50454,6 +37826,7 @@

    system components or media requiring cryptographic protection is/are defined;

    + @@ -50465,9 +37838,6 @@ -

    Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of the following information at rest on : .

    SC-28 (1) Additional FedRAMP Requirements and Guidance @@ -50485,21 +37855,6 @@

    The selection of cryptographic mechanisms is based on the need to protect the confidentiality and integrity of organizational information. The strength of mechanism is commensurate with the security category or classification of the information. Organizations have the flexibility to encrypt information on system components or media or encrypt data structures, including files, records, or fields.

     - - - - @@ -50547,6 +37902,7 @@     Process Isolation + @@ -50566,30 +37922,12 @@ -

    Maintain a separate execution domain for each executing system process.

    Systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each system process has a distinct address space so that communication between processes is performed in a manner controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces. Process isolation technologies, including sandboxing or virtualization, logically separate software and firmware from other software, firmware, and data. Process isolation helps limit the access of potentially untrusted software to other system resources. The capability to maintain separate execution domains is available in commercial operating systems that employ multi-state processor technologies.

     - - - -

    a separate execution domain is maintained for each executing system process.

    @@ -50623,6 +37961,7 @@     System Time Synchronization + @@ -50635,30 +37974,12 @@ -

    Synchronize system clocks within and between systems and system components.

    Time synchronization of system clocks is essential for the correct execution of many system services, including identification and authentication processes that involve certificates and time-of-day restrictions as part of access control. Denial of service or failure to deny expired credentials may result without properly synchronized clocks within and between systems and system components. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. The granularity of time measurements refers to the degree of synchronization between system clocks and reference clocks, such as clocks synchronizing within hundreds of milliseconds or tens of milliseconds. Organizations may define different time granularities for system components. Time service can be critical to other security capabilities—such as access control and identification and authentication—depending on the nature of the mechanisms used to support the capabilities.

     - - - -

    system clocks are synchronized within and between systems and system components.

    @@ -50727,7 +38048,7 @@

    the time period to compare the internal system clocks with the authoritative time source is defined;

    - + @@ -50737,16 +38058,10 @@ -

    Compare the internal system clocks with ; and

     -

    Synchronize the internal system clocks to the authoritative time source when the time difference is greater than .

     @@ -50772,29 +38087,11 @@ - - -

    the internal system clocks are compared with ;

     - -

    the internal system clocks are synchronized with the authoritative time source when the time difference is greater than .

    @@ -50904,6 +38201,7 @@

    events that would require the system and information integrity procedures to be reviewed and updated are defined;

    + @@ -50922,13 +38220,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -50950,20 +38241,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the system and information integrity policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current system and information integrity:

    @@ -50984,57 +38265,21 @@ - - -

    a system and information integrity policy is developed and documented;

     - - -

    the system and information integrity policy is disseminated to ;

     - -

    system and information integrity procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls are developed and documented;

     - -

    the system and information integrity procedures are disseminated to ;

    @@ -51042,13 +38287,6 @@ - - @@ -51088,13 +38326,6 @@ - -

    the system and information integrity policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

    @@ -51104,17 +38335,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the system and information integrity policy and procedures;

    @@ -51122,17 +38342,6 @@ - - - @@ -51147,17 +38356,6 @@ - - - @@ -51208,6 +38406,7 @@

    time period within which to install security-relevant software updates after the release of the updates is defined;

    + @@ -51238,30 +38437,18 @@ -

    Identify, report, and correct system flaws;

     -

    Test software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation;

     -

    Install security-relevant software and firmware updates within of the release of the updates; and

     -

    Incorporate flaw remediation into the organizational configuration management process.

     @@ -51273,21 +38460,6 @@ - - - - @@ -51307,17 +38479,6 @@ - - - @@ -51342,17 +38503,6 @@ - - - @@ -51367,17 +38517,6 @@ - - -

    flaw remediation is incorporated into the organizational configuration management process.

    @@ -51441,6 +38580,7 @@

    the frequency at which to determine if applicable security-relevant software and firmware updates are installed on system components is defined;

    + @@ -51451,9 +38591,6 @@ -

    Determine if system components have applicable security-relevant software and firmware updates installed using .

     @@ -51461,21 +38598,6 @@

    Automated mechanisms can track and determine the status of known flaws for system components.

     - - - -

    system components have applicable security-relevant software and firmware updates installed using .

    @@ -51521,6 +38643,7 @@

    the benchmarks for taking corrective actions are defined;

    + @@ -51530,16 +38653,10 @@ -

    Measure the time between flaw identification and flaw remediation; and

     -

    Establish the following benchmarks for taking corrective actions: .

     @@ -51550,37 +38667,11 @@ - - - -

    the time between flaw identification and flaw remediation is measured;

     - - -

    for taking corrective actions have been established.

    @@ -51688,7 +38779,7 @@

    personnel or roles to be alerted when malicious code is detected is/are defined;

    - + @@ -51722,23 +38813,14 @@ -

    Implement malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code;

     -

    Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management policy and procedures;

     -

    Configure malicious code protection mechanisms to:

    @@ -51752,9 +38834,6 @@     -

    Address the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the system.

     @@ -51767,17 +38846,6 @@ - - - @@ -51794,17 +38862,6 @@ - - -

    malicious code protection mechanisms are updated automatically as new releases are available in accordance with organizational configuration management policy and procedures;

    @@ -51814,33 +38871,11 @@ - - -

    malicious code protection mechanisms are configured to perform periodic scans of the system ;

     - - -

    malicious code protection mechanisms are configured to perform real-time scans of files from external sources at as the files are downloaded, opened, or executed in accordance with organizational policy;

    @@ -51850,33 +38885,11 @@ - - -

    malicious code protection mechanisms are configured to in response to malicious code detection;

     - - -

    malicious code protection mechanisms are configured to send alerts to in response to malicious code detection;

    @@ -51886,17 +38899,6 @@     - - -

    the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the system are addressed.

    @@ -51984,6 +38986,7 @@

    a frequency for providing system monitoring to personnel or roles is defined (if selected);

    + @@ -52044,9 +39047,6 @@ -

    Monitor the system to detect:

    @@ -52059,16 +39059,10 @@     -

    Identify unauthorized use of the system through the following techniques and methods: ;

     -

    Invoke internal monitoring capabilities or deploy monitoring devices:

    @@ -52081,30 +39075,18 @@     -

    Analyze detected events and anomalies;

     -

    Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation;

     -

    Obtain legal opinion regarding system monitoring activities; and

     -

    Provide to .

    @@ -52126,41 +39108,11 @@ - - - -

    the system is monitored to detect attacks and indicators of potential attacks in accordance with ;

     - - - - @@ -52182,17 +39134,6 @@ - - -

    unauthorized use of the system is identified through ;

    @@ -52200,41 +39141,11 @@ - - - -

    internal monitoring capabilities are invoked or monitoring devices are deployed strategically within the system to collect organization-determined essential information;

     - - - -

    internal monitoring capabilities are invoked or monitoring devices are deployed at ad hoc locations within the system to track specific types of transactions of interest to the organization;

    @@ -52242,17 +39153,6 @@     - - - @@ -52267,53 +39167,16 @@ - - -

    the level of system monitoring activity is adjusted when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation;

     - - -

    a legal opinion regarding system monitoring activities is obtained;

     - - - -

    is provided to @@ -52359,7 +39222,7 @@ System-wide Intrusion Detection System - + @@ -52374,9 +39237,6 @@ value="true"/> -

    Connect and configure individual intrusion detection tools into a system-wide intrusion detection system.

     @@ -52385,33 +39245,11 @@ - - -

    individual intrusion detection tools are connected to a system-wide intrusion detection system;

     - - -

    individual intrusion detection tools are configured into a system-wide intrusion detection system.

    @@ -52455,7 +39293,7 @@     Automated Tools and Mechanisms for Real-time Analysis - + @@ -52469,30 +39307,12 @@ -

    Employ automated tools and mechanisms to support near real-time analysis of events.

    Automated tools and mechanisms include host-based, network-based, transport-based, or storage-based event monitoring tools and mechanisms or security information and event management (SIEM) technologies that provide real-time analysis of alerts and notifications generated by organizational systems. Automated monitoring techniques can create unintended privacy risks because automated controls may connect to external or otherwise unrelated systems. The matching of records between these systems may create linkages with unintended consequences. Organizations assess and document these risks in their privacy impact assessment and make determinations that are in alignment with their privacy program plan.

     - - - -

    automated tools and mechanisms are employed to support a near real-time analysis of events.

    @@ -52575,6 +39395,7 @@

    unusual or unauthorized activities or conditions that are to be monitored in outbound communications traffic are defined;

    + @@ -52587,16 +39408,10 @@ -

    Determine criteria for unusual or unauthorized activities or conditions for inbound and outbound communications traffic;

     -

    Monitor inbound and outbound communications traffic for .

     @@ -52607,17 +39422,6 @@ - - - @@ -52632,21 +39436,6 @@ - - - - @@ -52713,6 +39502,7 @@

    compromise indicators are defined;

    + @@ -52727,9 +39517,6 @@ -

    Alert when the following system-generated indications of compromise or potential compromise occur: .

    SI-4 (5) Additional FedRAMP Requirements and Guidance @@ -52743,21 +39530,6 @@

    Alerts may be generated from a variety of sources, including audit records or inputs from malicious code protection mechanisms, intrusion detection or prevention mechanisms, or boundary protection devices such as firewalls, gateways, and routers. Alerts can be automated and may be transmitted telephonically, by electronic mail messages, or by text messaging. Organizational personnel on the alert notification list can include system administrators, mission or business owners, system owners, information owners/stewards, senior agency information security officers, senior agency officials for privacy, system security officers, or privacy officers. In contrast to alerts generated by the system, alerts generated by organizations in SI-4(12) focus on information sources external to the system, such as suspicious activity reports and reports on potential insider threats.

     - - - -

    are alerted when system-generated occur.

    @@ -52817,7 +39589,7 @@

    system monitoring tools and mechanisms to be provided access to encrypted communications traffic are defined;

    - + @@ -52829,9 +39601,6 @@ value="true"/> -

    Make provisions so that is visible to .

    SI-4 (10) Additional FedRAMP Requirements and Guidance @@ -52845,17 +39614,6 @@

    Organizations balance the need to encrypt communications traffic to protect data confidentiality with the need to maintain visibility into such traffic from a monitoring perspective. Organizations determine whether the visibility requirement applies to internal encrypted traffic, encrypted traffic intended for external destinations, or a subset of the traffic types.

     - - -

    provisions are made so that is visible to .

    @@ -52904,6 +39662,7 @@

    interior points within the system where communications traffic is to be analyzed are defined;

    + @@ -52918,30 +39677,12 @@ value="true"/> -

    Analyze outbound communications traffic at the external interfaces to the system and selected to discover anomalies.

    Organization-defined interior points include subnetworks and subsystems. Anomalies within organizational systems include large file transfers, long-time persistent connections, attempts to access information from unexpected locations, the use of unusual protocols and ports, the use of unmonitored network protocols (e.g., IPv6 usage during IPv4 transition), and attempted communications with suspected malicious external addresses.

     - - - - @@ -53013,6 +39754,7 @@

    activities that trigger alerts to personnel or are defined;

    + @@ -53027,30 +39769,12 @@ value="true"/> -

    Alert using when the following indications of inappropriate or unusual activities with security or privacy implications occur: .

    Organizational personnel on the system alert notification list include system administrators, mission or business owners, system owners, senior agency information security officer, senior agency official for privacy, system security officers, or privacy officers. Automated organization-generated alerts are the security alerts generated by organizations and transmitted using automated means. The sources for organization-generated alerts are focused on other entities such as suspicious activity reports and reports on potential insider threats. In contrast to alerts generated by the organization, alerts generated by the system in SI-4(5) focus on information sources that are internal to the systems, such as audit records.

     - - - -

    is/are alerted using when indicate inappropriate or unusual activities with security or privacy implications.

    @@ -53100,6 +39824,7 @@     Wireless Intrusion Detection + @@ -53113,26 +39838,12 @@ -

    Employ a wireless intrusion detection system to identify rogue wireless devices and to detect attack attempts and potential compromises or breaches to the system.

    Wireless signals may radiate beyond organizational facilities. Organizations proactively search for unauthorized wireless connections, including the conduct of thorough scans for unauthorized wireless access points. Wireless scans are not limited to those areas within facilities containing systems but also include areas outside of facilities to verify that unauthorized wireless access points are not connected to organizational systems.

     - - - @@ -53189,7 +39900,7 @@     Correlate Monitoring Information - + @@ -53205,26 +39916,12 @@ -

    Correlate information from monitoring tools and mechanisms employed throughout the system.

    Correlating information from different system monitoring tools and mechanisms can provide a more comprehensive view of system activity. Correlating system monitoring tools and mechanisms that typically work in isolation—including malicious code protection software, host monitoring, and network monitoring—can provide an organization-wide monitoring view and may reveal otherwise unseen attack patterns. Understanding the capabilities and limitations of diverse monitoring tools and mechanisms and how to maximize the use of information generated by those tools and mechanisms can help organizations develop, operate, and maintain effective monitoring programs. The correlation of monitoring information is especially important during the transition from older to newer technologies (e.g., transitioning from IPv4 to IPv6 network protocols).

     - - -

    information from monitoring tools and mechanisms employed throughout the system is correlated.

    @@ -53274,6 +39971,7 @@

    interior points within the system where communications traffic is to be analyzed are defined;

    + @@ -53288,26 +39986,12 @@ value="true"/> -

    Analyze outbound communications traffic at external interfaces to the system and at the following interior points to detect covert exfiltration of information: .

    Organization-defined interior points include subnetworks and subsystems. Covert means that can be used to exfiltrate information include steganography.

     - - - @@ -53373,7 +40057,7 @@

    sources that identify individuals who pose an increased level of risk are defined;

    - + @@ -53385,26 +40069,12 @@ value="true"/> -

    Implement of individuals who have been identified by as posing an increased level of risk.

    Indications of increased risk from individuals can be obtained from different sources, including personnel records, intelligence agencies, law enforcement organizations, and other sources. The monitoring of individuals is coordinated with the management, legal, security, privacy, and human resource officials who conduct such monitoring. Monitoring is conducted in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.

     - - -

    is implemented on individuals who have been identified by as posing an increased level of risk.

    @@ -53456,7 +40126,7 @@

    additional monitoring of privileged users is defined;

    - + @@ -53469,30 +40139,12 @@ -

    Implement the following additional monitoring of privileged users: .

    Privileged users have access to more sensitive information, including security-related information, than the general user population. Access to such information means that privileged users can potentially do greater damage to systems and organizations than non-privileged users. Therefore, implementing additional monitoring on privileged users helps to ensure that organizations can identify malicious activity at the earliest possible time and take appropriate actions.

     - - - -

    of privileged users is implemented.

    @@ -53554,6 +40206,7 @@

    personnel or roles to be alerted upon the detection of network services that have not been authorized or approved by authorization or approval processes is/are defined (if selected);

    + @@ -53567,16 +40220,10 @@ -

    Detect network services that have not been authorized or approved by ; and

     -

    when detected.

    @@ -53588,37 +40235,11 @@ - - - -

    network services that have not been authorized or approved by are detected;

     - - -

    is/are initiated when network services that have not been authorized or approved by authorization or approval processes are detected.

    @@ -53680,7 +40301,7 @@

    system components where host-based monitoring is to be implemented are defined;

    - + @@ -53694,30 +40315,12 @@ -

    Implement the following host-based monitoring mechanisms at : .

    Host-based monitoring collects information about the host (or system in which it resides). System components in which host-based monitoring can be implemented include servers, notebook computers, and mobile devices. Organizations may consider employing host-based monitoring mechanisms from multiple product developers or vendors.

     - - - -

    are implemented on .

    @@ -53810,6 +40413,7 @@

    external organizations to whom security alerts, advisories, and directives are to be disseminated are defined (if selected);

    + @@ -53825,30 +40429,18 @@ -

    Receive system security alerts, advisories, and directives from on an ongoing basis;

     -

    Generate internal security alerts, advisories, and directives as deemed necessary;

     -

    Disseminate security alerts, advisories, and directives to: ; and

     -

    Implement security directives in accordance with established time frames, or notify the issuing organization of the degree of noncompliance.

     @@ -53864,73 +40456,21 @@ - - - -

    system security alerts, advisories, and directives are received from on an ongoing basis;

     - - -

    internal security alerts, advisories, and directives are generated as deemed necessary;

     - - - -

    security alerts, advisories, and directives are disseminated to ;

     - - -

    security directives are implemented in accordance with established time frames or if the issuing organization is notified of the degree of noncompliance.

    @@ -53977,6 +40517,7 @@

    automated mechanisms used to broadcast security alert and advisory information throughout the organization are defined;

    + @@ -53988,26 +40529,12 @@ value="true"/> -

    Broadcast security alert and advisory information throughout the organization using .

    The significant number of changes to organizational systems and environments of operation requires the dissemination of security-related information to a variety of organizational entities that have a direct interest in the success of organizational mission and business functions. Based on information provided by security alerts and advisories, changes may be required at one or more of the three levels related to the management of risk, including the governance level, mission and business process level, and the information system level.

     - - -

    are used to broadcast security alert and advisory information throughout the organization.

    @@ -54126,7 +40653,7 @@

    alternative action(s) to be performed when anomalies are discovered are defined (if selected);

    - + @@ -54143,30 +40670,18 @@ -

    Verify the correct operation of ;

     -

    Perform the verification of the functions specified in SI-6a ;

     -

    Alert to failed security and privacy verification tests; and

     -

    when anomalies are discovered.

    @@ -54178,17 +40693,6 @@ - - - @@ -54205,17 +40709,6 @@ - - - @@ -54232,17 +40725,6 @@ - - - @@ -54259,17 +40741,6 @@ - - -

    is/are initiated when anomalies are discovered.

    @@ -54358,7 +40829,7 @@

    actions to be taken when unauthorized changes to information are detected are defined;

    - + @@ -54403,16 +40874,10 @@ -

    Employ integrity verification tools to detect unauthorized changes to the following software, firmware, and information: ; and

     -

    Take the following actions when unauthorized changes to the software, firmware, and information are detected: .

     @@ -54423,17 +40888,6 @@ - - - @@ -54453,17 +40907,6 @@ - - - @@ -54636,7 +41079,7 @@

    frequency with which to perform an integrity check (of information) is defined (if selected);

    - + @@ -54648,9 +41091,6 @@ value="true"/> -

    Perform an integrity check of .

     @@ -54658,21 +41098,6 @@

    Security-relevant events include the identification of new threats to which organizational systems are susceptible and the installation of new hardware, software, or firmware. Transitional states include system startup, restart, shutdown, and abort.

     - - - - @@ -54737,6 +41162,7 @@

    personnel or roles to whom notification is to be provided upon discovering discrepancies during integrity verification is/are defined;

    + @@ -54748,30 +41174,12 @@ value="true"/> -

    Employ automated tools that provide notification to upon discovering discrepancies during integrity verification.

    The employment of automated tools to report system and information integrity violations and to notify organizational personnel in a timely matter is essential to effective risk response. Personnel with an interest in system and information integrity violations include mission and business owners, system owners, senior agency information security official, senior agency official for privacy, system administrators, software developers, systems integrators, information security officers, and privacy officers.

     - - - -

    automated tools that provide notification to upon discovering discrepancies during integrity verification are employed.

    @@ -54831,6 +41239,7 @@

    controls to be implemented automatically when integrity violations are discovered are defined (if selected);

    + @@ -54842,30 +41251,12 @@ value="true"/> -

    Automatically when integrity violations are discovered.

    Organizations may define different integrity-checking responses by type of information, specific information, or a combination of both. Types of information include firmware, software, and user data. Specific information includes boot firmware for certain types of machines. The automatic implementation of controls within organizational systems includes reversing the changes, halting the system, or triggering audit alerts when unauthorized modifications to critical security files occur.

     - - - -

    are automatically performed when integrity violations are discovered.

    @@ -54916,6 +41307,7 @@

    security-relevant changes to the system are defined;

    + @@ -54932,26 +41324,12 @@ -

    Incorporate the detection of the following unauthorized changes into the organizational incident response capability: .

    Integrating detection and response helps to ensure that detected events are tracked, monitored, corrected, and available for historical purposes. Maintaining historical records is important for being able to identify and discern adversary actions over an extended time period and for possible legal actions. Security-relevant changes include unauthorized changes to established configuration settings or the unauthorized elevation of system privileges.

     - - -

    the detection of are incorporated into the organizational incident response capability.

    @@ -55004,6 +41382,7 @@

    software or firmware components to be authenticated by cryptographic mechanisms prior to installation are defined;

    + @@ -55018,26 +41397,12 @@ -

    Implement cryptographic mechanisms to authenticate the following software or firmware components prior to installation: .

    Cryptographic authentication includes verifying that software or firmware components have been digitally signed using certificates recognized and approved by organizations. Code signing is an effective method to protect against malicious code. Organizations that employ cryptographic mechanisms also consider cryptographic key management solutions.

     - - -

    cryptographic mechanisms are implemented to authenticate prior to installation.

    @@ -55078,6 +41443,7 @@     Spam Protection + @@ -55094,16 +41460,10 @@ -

    Employ spam protection mechanisms at system entry and exit points to detect and act on unsolicited messages; and

     -

    Update spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.

     @@ -55126,17 +41486,6 @@ - - - @@ -55161,17 +41510,6 @@ - - -

    spam protection mechanisms are updated when new releases are available in accordance with organizational configuration management policies and procedures.

    @@ -55221,6 +41559,7 @@

    the frequency at which to automatically update spam protection mechanisms is defined;

    + @@ -55229,26 +41568,12 @@ value="system"/> -

    Automatically update spam protection mechanisms .

    Using automated mechanisms to update spam protection mechanisms helps to ensure that updates occur on a regular basis and provide the latest content and protection capabilities.

     - - -

    spam protection mechanisms are automatically updated .

    @@ -55297,7 +41622,7 @@

    information inputs to the system requiring validity checks are defined;

    - + @@ -55309,9 +41634,6 @@ value="true"/> -

    Check the validity of the following information inputs: .

    SI-10 Additional FedRAMP Requirements and Guidance @@ -55326,13 +41648,6 @@ abc, or %K% are invalid inputs and are not accepted as input to the system. Valid inputs are likely to vary from field to field within a software application. Applications typically follow well-defined protocols that use structured messages (i.e., commands or queries) to communicate between software modules or system components. Structured messages can contain raw or unstructured data interspersed with metadata or control information. If software applications use attacker-supplied inputs to construct structured messages without properly encoding such messages, then the attacker could insert malicious commands or special characters that can cause the data to be interpreted as control information or metadata. Consequently, the module or component that receives the corrupted output will perform the wrong operations or otherwise interpret the data incorrectly. Prescreening inputs prior to passing them to interpreters prevents the content from being unintentionally interpreted as commands. Input validation ensures accurate and correct inputs and prevents attacks such as cross-site scripting and a variety of injection attacks.

     - -

    the validity of the is checked.

    @@ -55386,6 +41701,7 @@

    personnel or roles to whom error messages are to be revealed is/are defined;

    + @@ -55399,16 +41715,10 @@ -

    Generate error messages that provide information necessary for corrective actions without revealing information that could be exploited; and

     -

    Reveal error messages only to .

     @@ -55419,25 +41729,11 @@ - -

    error messages that provide the information necessary for corrective actions are generated without revealing information that could be exploited;

     - -

    error messages are revealed only to .

    @@ -55481,6 +41777,7 @@     Information Management and Retention + @@ -55521,26 +41818,12 @@ -

    Manage and retain information within the system and information output from the system in accordance with applicable laws, executive orders, directives, regulations, policies, standards, guidelines and operational requirements.

    Information management and retention requirements cover the full life cycle of information, in some cases extending beyond system disposal. Information to be retained may also include policies, procedures, plans, reports, data output from control implementation, and other types of administrative information. The National Archives and Records Administration (NARA) provides federal policy and guidance on records retention and schedules. If organizations have a records management office, consider coordinating with records management personnel. Records produced from the output of implemented controls that may require management and retention include, but are not limited to: All XX-1, AC-6(9), AT-4, AU-12, CA-2, CA-3, CA-5, CA-6, CA-7, CA-8, CA-9, CM-2, CM-3, CM-4, CM-6, CM-8, CM-9, CM-12, CM-13, CP-2, IR-6, IR-8, MA-2, MA-4, PE-2, PE-8, PE-16, PE-17, PL-2, PL-4, PL-7, PL-8, PM-5, PM-8, PM-9, PM-18, PM-21, PM-27, PM-28, PM-30, PM-31, PS-2, PS-6, PS-7, PT-2, PT-3, PT-7, RA-2, RA-3, RA-5, RA-8, SA-4, SA-5, SA-8, SA-10, SI-4, SR-2, SR-4, SR-8.

     - - - @@ -55612,6 +41895,7 @@

    controls to be implemented to protect the system memory from unauthorized code execution are defined;

    + @@ -55625,26 +41909,12 @@ -

    Implement the following controls to protect the system memory from unauthorized code execution: .

    Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Controls employed to protect memory include data execution prevention and address space layout randomization. Data execution prevention controls can either be hardware-enforced or software-enforced with hardware enforcement providing the greater strength of mechanism.

     - - -

    are implemented to protect the system memory from unauthorized code execution.

    @@ -55760,6 +42030,7 @@

    events that require the supply chain risk management procedures to be reviewed and updated are defined;

    + @@ -55784,13 +42055,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -55812,20 +42076,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the supply chain risk management policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current supply chain risk management:

    @@ -55846,57 +42100,21 @@ - - -

    a supply chain risk management policy is developed and documented;

     - - -

    the supply chain risk management policy is disseminated to ;

     - -

    supply chain risk management procedures to facilitate the implementation of the supply chain risk management policy and the associated supply chain risk management controls are developed and documented;

     - -

    the supply chain risk management procedures are disseminated to .

    @@ -55904,13 +42122,6 @@ - - @@ -55951,13 +42162,6 @@ - -

    the supply chain risk management policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

    @@ -55967,17 +42171,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the supply chain risk management policy and procedures;

    @@ -55985,17 +42178,6 @@ - - - @@ -56010,17 +42192,6 @@ - - - @@ -56079,6 +42250,7 @@

    the frequency at which to review and update the supply chain risk management plan is defined;

    + @@ -56114,23 +42286,14 @@ -

    Develop a plan for managing supply chain risks associated with the research and development, design, manufacturing, acquisition, delivery, integration, operations and maintenance, and disposal of the following systems, system components or system services: ;

     -

    Review and update the supply chain risk management plan or as required, to address threat, organizational or environmental changes; and

     -

    Protect the supply chain risk management plan from unauthorized disclosure and modification.

     @@ -56144,113 +42307,46 @@ - - -

    a plan for managing supply chain risks is developed;

     - -

    the supply chain risk management plan addresses risks associated with the research and development of ;

     - -

    the supply chain risk management plan addresses risks associated with the design of ;

     - -

    the supply chain risk management plan addresses risks associated with the manufacturing of ;

     - -

    the supply chain risk management plan addresses risks associated with the acquisition of ;

     - -

    the supply chain risk management plan addresses risks associated with the delivery of ;

     - -

    the supply chain risk management plan addresses risks associated with the integration of ;

     - -

    the supply chain risk management plan addresses risks associated with the operation and maintenance of ;

     - -

    the supply chain risk management plan addresses risks associated with the disposal of ;

    @@ -56258,33 +42354,11 @@     - - -

    the supply chain risk management plan is reviewed and updated or as required to address threat, organizational, or environmental changes;

     - - - @@ -56359,6 +42433,7 @@

    supply chain risk management activities are defined;

    + @@ -56370,26 +42445,12 @@ value="true"/> -

    Establish a supply chain risk management team consisting of to lead and support the following SCRM activities: .

    To implement supply chain risk management plans, organizations establish a coordinated, team-based approach to identify and assess supply chain risks and manage these risks by using programmatic and technical mitigation techniques. The team approach enables organizations to conduct an analysis of their supply chain, communicate with internal and external partners or stakeholders, and gain broad consensus regarding the appropriate resources for SCRM. The SCRM team consists of organizational personnel with diverse roles and responsibilities for leading and supporting SCRM activities, including risk executive, information technology, contracting, information security, privacy, mission or business, legal, supply chain and logistics, acquisition, business continuity, and other relevant functions. Members of the SCRM team are involved in various aspects of the SDLC and, collectively, have an awareness of and provide expertise in acquisition processes, legal practices, vulnerabilities, threats, and attack vectors, as well as an understanding of the technical aspects and dependencies of systems. The SCRM team can be an extension of the security and privacy risk management processes or be included as part of an organizational risk management team.

     - - -

    a supply chain risk management team consisting of is established to lead and support .

    @@ -56458,6 +42519,7 @@

    the document identifying the selected and implemented supply chain processes and controls is defined (if selected);

    + @@ -56502,23 +42564,14 @@ -

    Establish a process or processes to identify and address weaknesses or deficiencies in the supply chain elements and processes of in coordination with ;

     -

    Employ the following controls to protect against supply chain risks to the system, system component, or system service and to limit the harm or consequences from supply chain-related events: ; and

     -

    Document the selected and implemented supply chain processes and controls in .

     @@ -56538,33 +42591,11 @@ - - -

    a process or processes is/are established to identify and address weaknesses or deficiencies in the supply chain elements and processes of ;

     - - -

    the process or processes to identify and address weaknesses or deficiencies in the supply chain elements and processes of is/are coordinated with ;

    @@ -56572,34 +42603,12 @@     - - -

    are employed to protect against supply chain risks to the system, system component, or system service and to limit the harm or consequences from supply chain-related events;

     - - -

    the selected and implemented supply chain processes and controls are documented in .

    @@ -56653,6 +42662,7 @@

    acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks are defined;

    + @@ -56685,30 +42695,12 @@ -

    Employ the following acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks: .

    The use of the acquisition process provides an important vehicle to protect the supply chain. There are many useful tools and techniques available, including obscuring the end use of a system or system component, using blind or filtered buys, requiring tamper-evident packaging, or using trusted or controlled distribution. The results from a supply chain risk assessment can guide and inform the strategies, tools, and methods that are most applicable to the situation. Tools and techniques may provide protections against unauthorized production, theft, tampering, insertion of counterfeits, insertion of malicious software or backdoors, and poor development practices throughout the system development life cycle. Organizations also consider providing incentives for suppliers who implement controls, promote transparency into their processes and security and privacy practices, provide contract language that addresses the prohibition of tainted or counterfeit components, and restrict purchases from untrustworthy suppliers. Organizations consider providing training, education, and awareness programs for personnel regarding supply chain risk, available mitigation strategies, and when the programs should be employed. Methods for reviewing and protecting development plans, documentation, and evidence are commensurate with the security and privacy requirements of the organization. Contracts may specify documentation protection requirements.

     - - - - @@ -56782,6 +42774,7 @@

    the frequency at which to assess and review the supply chain-related risks associated with suppliers or contractors and the systems, system components, or system services they provide is defined;

    + @@ -56807,9 +42800,6 @@ -

    Assess and review the supply chain-related risks associated with suppliers or contractors and the system, system component, or system service they provide .

    SR-6 Additional FedRAMP Requirements and Guidance @@ -56823,17 +42813,6 @@

    An assessment and review of supplier risk includes security and supply chain risk management processes, foreign ownership, control or influence (FOCI), and the ability of the supplier to effectively assess subordinate second-tier and third-tier suppliers and contractors. The reviews may be conducted by the organization or by an independent third party. The reviews consider documented processes, documented controls, all-source intelligence, and publicly available information related to the supplier or contractor. Organizations can use open-source information to monitor for indications of stolen information, poor development and quality control practices, information spillage, or counterfeits. In some cases, it may be appropriate or required to share assessment and review results with other organizations in accordance with any applicable rules, policies, or inter-organizational agreements or contracts.

     - - -

    the supply chain-related risks associated with suppliers or contractors and the systems, system components, or system services they provide are assessed and reviewed .

    @@ -56892,6 +42871,7 @@

    information for which agreements and procedures are to be established are defined (if selected);

    + @@ -56912,9 +42892,6 @@ -

    Establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the .

    SR-8 Additional FedRAMP Requirements and Guidance @@ -56928,17 +42905,6 @@

    The establishment of agreements and procedures facilitates communications among supply chain entities. Early notification of compromises and potential compromises in the supply chain that can potentially adversely affect or have adversely affected organizational systems or system components is essential for organizations to effectively respond to such incidents. The results of assessments or audits may include open-source information that contributed to a decision or result and could be used to help the supply chain entity resolve a concern or improve its processes.

     - - -

    agreements and procedures are established with entities involved in the supply chain for the system, system components, or system service for .

    @@ -56978,6 +42944,7 @@     Tamper Resistance and Detection + @@ -56999,9 +42966,6 @@ -

    Implement a tamper protection program for the system, system component, or system service.

    SR-9 Additional FedRAMP Requirements and Guidance @@ -57015,17 +42979,6 @@

    Anti-tamper technologies, tools, and techniques provide a level of protection for systems, system components, and services against many threats, including reverse engineering, modification, and substitution. Strong identification combined with tamper resistance and/or tamper detection is essential to protecting systems and components during distribution and when in use.

     - - -

    a tamper protection program is implemented for the system, system component, or system service.

    @@ -57068,6 +43021,7 @@     Multiple Stages of System Development Life Cycle + @@ -57080,26 +43034,12 @@ -

    Employ anti-tamper technologies, tools, and techniques throughout the system development life cycle.

    The system development life cycle includes research and development, design, manufacturing, acquisition, delivery, integration, operations and maintenance, and disposal. Organizations use a combination of hardware and software techniques for tamper resistance and detection. Organizations use obfuscation and self-checking to make reverse engineering and modifications more difficult, time-consuming, and expensive for adversaries. The customization of systems and system components can make substitutions easier to detect and therefore limit damage.

     - - -

    anti-tamper technologies, tools, and techniques are employed throughout the system development life cycle.

    @@ -57175,6 +43115,7 @@

    indications of the need for an inspection of systems or system components are defined (if selected);

    + @@ -57195,26 +43136,12 @@ -

    Inspect the following systems or system components to detect tampering: .

    The inspection of systems or systems components for tamper resistance and detection addresses physical and logical tampering and is applied to systems and system components removed from organization-controlled areas. Indications of a need for inspection include changes in packaging, specifications, factory location, or entity in which the part is purchased, and when individuals return from travel to high-risk locations.

     - - -

    are inspected to detect tampering.

    @@ -57281,6 +43208,7 @@

    personnel or roles to whom counterfeit system components are to be reported is/are defined (if selected);

    + @@ -57298,16 +43226,10 @@ -

    Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and

     -

    Report counterfeit system components to .

     @@ -57327,65 +43249,21 @@ - - -

    an anti-counterfeit policy is developed and implemented;

     - - -

    anti-counterfeit procedures are developed and implemented;

     - - -

    the anti-counterfeit procedures include the means to detect counterfeit components entering the system;

     - - -

    the anti-counterfeit procedures include the means to prevent counterfeit components from entering the system;

    @@ -57393,17 +43271,6 @@     - - -

    counterfeit system components are reported to .

    @@ -57458,6 +43325,7 @@

    personnel or roles requiring training to detect counterfeit system components (including hardware, software, and firmware) is/are defined;

    + @@ -57470,26 +43338,12 @@ -

    Train to detect counterfeit system components (including hardware, software, and firmware).

    None.

     - - -

    are trained to detect counterfeit system components (including hardware, software, and firmware).

    @@ -57543,6 +43397,7 @@

    system components requiring configuration control are defined;

    + @@ -57558,26 +43413,12 @@ -

    Maintain configuration control over the following system components awaiting service or repair and serviced or repaired components awaiting return to service: .

    None.

     - - - @@ -57639,6 +43480,7 @@

    techniques and methods for disposing of data, documentation, tools, or system components are defined;

    + @@ -57650,26 +43492,12 @@ value="true"/> -

    Dispose of using the following techniques and methods: .

    Data, documentation, tools, or system components can be disposed of at any time during the system development life cycle (not only in the disposal or retirement phase of the life cycle). For example, disposal can occur during research and development, design, prototyping, or operations/maintenance and include methods such as disk cleaning, removal of cryptographic keys, partial reuse of components. Opportunities for compromise during disposal affect physical and logical data, including system documentation in paper-based or digital files; shipping and delivery documentation; memory sticks with software code; or complete routers or servers that include permanent media, which contain sensitive or proprietary information. Additionally, proper disposal of system components helps to prevent such components from entering the gray market.

     - - -

    are disposed of using .

    diff --git a/dist/content/rev5/baselines/xml/FedRAMP_rev5_HIGH-baseline_profile.xml b/dist/content/rev5/baselines/xml/FedRAMP_rev5_HIGH-baseline_profile.xml index 0575fd684..abd20bd94 100644 --- a/dist/content/rev5/baselines/xml/FedRAMP_rev5_HIGH-baseline_profile.xml +++ b/dist/content/rev5/baselines/xml/FedRAMP_rev5_HIGH-baseline_profile.xml @@ -1,11 +1,11 @@ - + FedRAMP Rev 5 High Baseline 2023-08-31T00:00:00Z - 2024-01-11T23:40:17Z - 5.1.1+fedramp-20240111-0 + 2023-12-18T15:22:59Z + 5.1.1+20231218-1 1.1.1 Document creator @@ -1787,7 +1787,7 @@ -

    personnel screening criteria - as required by specific information

    +

    personnel screening criteria – as required by specific information

         @@ -2402,475 +2402,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2889,54 +2420,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2948,54 +2431,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3007,17 +2442,6 @@     - - - - - - - - - - - @@ -3033,138 +2457,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3176,14 +2468,6 @@     - - - - - - - - @@ -3195,64 +2479,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3264,88 +2490,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3357,22 +2501,6 @@     - - - - - - - - - - - - - - - - @@ -3396,45 +2524,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3449,321 +2538,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3779,80 +2553,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3864,77 +2564,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3946,85 +2575,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4036,108 +2586,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4149,14 +2597,6 @@     - - - - - - - - @@ -4176,83 +2616,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     @@ -4264,61 +2627,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4330,14 +2638,6 @@     - - - - - - - - @@ -4349,59 +2649,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4417,22 +2664,6 @@     - - - - - - - - - - - - - - - - @@ -4444,50 +2675,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4507,113 +2694,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4625,29 +2705,11 @@     - - - - - - - - - - - - - - - - - - - CA-8(2) Additional FedRAMP Requirements and Guidance + CM-2 Additional FedRAMP Requirements and Guidance

    See the FedRAMP Documents page> Penetration Test Guidance

    @@ -4655,157 +2717,6 @@     - - - - - - - - - - - -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4817,68 +2728,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4894,262 +2743,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5165,70 +2758,11 @@     -

    Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP's Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.

    +

    Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP’s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.

    During monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests.

         - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5240,45 +2774,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5290,44 +2785,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5339,91 +2796,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5432,55 +2804,6 @@

    FedRAMP does not provide a template for the Configuration Management Plan. However, NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems, provides guidelines for the implementation of CM controls as well as a sample CMP outline in Appendix D of the Guide

     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5492,40 +2815,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5537,13 +2826,6 @@     - - - - - - - @@ -5552,103 +2834,6 @@

    If digital signatures/certificates are unavailable, alternative cryptographic integrity checks (hashes, self-signed certs, etc.) can be utilized.

     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5664,163 +2849,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5832,48 +2860,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5889,140 +2875,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -6034,39 +2886,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -6078,50 +2897,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -6133,81 +2908,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -6231,90 +2931,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -6326,102 +2942,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -6441,28 +2961,10 @@     -

    "Phishing-resistant" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system.

    +

    "Phishing-resistant" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system.

         - - - - - - - - - - - - - - - - - - @@ -6482,16 +2984,6 @@     - - - - - - - - - - @@ -6511,28 +3003,6 @@     - - - - - - - - - - - - - - - - - - - - - - @@ -6548,25 +3018,6 @@     - - - - - - - - - - - - - - - - - - - @@ -6578,87 +3029,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -6674,86 +3044,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -6765,7 +3055,7 @@     -

    For cases where technology doesn't allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.

    +

    For cases where technology doesn’t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.

    For emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used.

     @@ -6774,98 +3064,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -6877,13 +3075,6 @@     - - - - - - - @@ -6895,14 +3086,6 @@     - - - - - - - - @@ -6914,14 +3097,6 @@     - - - - - - - - @@ -6940,15 +3115,6 @@     - - - - - - - - - @@ -6960,31 +3126,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - @@ -6996,188 +3137,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -7189,27 +3148,6 @@     - - - - - - - - - - - - - - - - - - - - - @@ -7217,7 +3155,7 @@ IR-4 Additional FedRAMP Requirements and Guidance -

    The FISMA definition of "incident" shall be used: "An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies."

    +

    The FISMA definition of "incident" shall be used: "An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies."

     @@ -7225,139 +3163,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -7369,69 +3174,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -7447,2111 +3189,104 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + MP-3 Additional FedRAMP Requirements and Guidance + + +

    Second parameter not-applicable

    +     +     - - - - - - - + + + + MP-4 Additional FedRAMP Requirements and Guidance + + +

    The service provider defines controlled areas within facilities where the information and information system reside.

    +     +     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     + + + + MP-5 Additional FedRAMP Requirements and Guidance + + +

    The service provider defines security measures to protect digital and non-digital media in transport. The security measures are approved and accepted by the JAB/AO.

    +     +     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + MP-6 (1) Additional FedRAMP Requirements and Guidance + + +

    Must comply with NIST SP 800-88

    +     +     - - - - - - - - - - - - - - - - + + + + MP-6 (2) Additional FedRAMP Requirements and Guidance + + +

    Equipment and procedures may be tested or validated for effectiveness

    +     +     - - - - - - - - - - - - - - - - - - + + + + MP-6 (3) Additional FedRAMP Requirements and Guidance + + +

    Must comply with NIST SP 800-88

    +     +     - - - - - - - - - + + + + PE-14 Additional FedRAMP Requirements and Guidance + + +

    The service provider measures temperature at server inlets and humidity levels by dew point.

    +     +     - - - - - - - - - - - - + + + + PL-8 Additional FedRAMP Requirements and Guidance + + +

    Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F.

    +     +     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - MP-3 Additional FedRAMP Requirements and Guidance - - -

    Second parameter not-applicable

    -     -     -     - - - - - - - - - - - - - - -     - - - - MP-4 Additional FedRAMP Requirements and Guidance - - -

    The service provider defines controlled areas within facilities where the information and information system reside.

    -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -     - - - - MP-5 Additional FedRAMP Requirements and Guidance - - -

    The service provider defines security measures to protect digital and non-digital media in transport. The security measures are approved and accepted by the JAB/AO.

    -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -     - - - - - - - - - - - - - - - - - - - - - - - - MP-6 (1) Additional FedRAMP Requirements and Guidance - - -

    Must comply with NIST SP 800-88

    -     -     -     - - - - - - - -     - - - - MP-6 (2) Additional FedRAMP Requirements and Guidance - - -

    Equipment and procedures may be tested or validated for effectiveness

    -     -     -     - - - - - - - -     - - - - MP-6 (3) Additional FedRAMP Requirements and Guidance - - -

    Must comply with NIST SP 800-88

    -     -     -     - - - - - - - - -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - PE-14 Additional FedRAMP Requirements and Guidance - - -

    The service provider measures temperature at server inlets and humidity levels by dew point.

    -     -     -     - - - - - - - - - - - - - - - - -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - PL-8 Additional FedRAMP Requirements and Guidance - - -

    Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F.

    -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -     - - - - PL-10 Additional FedRAMP Requirements and Guidance - - -

    Select the appropriate FedRAMP Baseline

    -     -     -     - - - - - - - -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - + + + + PL-10 Additional FedRAMP Requirements and Guidance + + +

    Select the appropriate FedRAMP Baseline

    +     +     @@ -9568,81 +3303,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -9668,137 +3328,10 @@

    Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.

    Warning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.

    -

    Warnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a "warning" as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on "Tracking of Compliance Scans" in FAQs.

    +

    Warnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a “warning” as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on “Tracking of Compliance Scans” in FAQs.

         - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -9810,474 +3343,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -10294,93 +3359,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -10392,47 +3370,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -10445,523 +3382,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -10973,212 +3393,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -11190,46 +3404,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -11238,7 +3412,7 @@

    For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.

    -

    +

    For clarity, this control applies to all data in transit. Examples include the following data flows:

    • Crossing the system boundary
      • @@ -11247,9 +3421,9 @@
    • Replication between availability zones
    • Transmission of backups to storage
    • From a load balancer to a compute instance
      • -
    • Flows from management tools required for their work - e.g. log collection, scanning, etc.
      • +
    • Flows from management tools required for their work – e.g. log collection, scanning, etc.
    -

    +

    The following applies only when choosing SC-8 (5) in lieu of SC-8 (1).

    FedRAMP-Defined Assignment / Selection Parameters

    SC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]

    @@ -11258,33 +3432,21 @@

    SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.

    -

    +

    Hardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).

    -

    -

    Controlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS's Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS' recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).

    -

    +

    +

    Controlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS’s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS’ recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).

    +

    Note: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.

    -

    +

    CNSSI No.7003 can be accessed here:

    https://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf

    -

    +

    DHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:

    https://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf

         - - - - - - - - - - - -     @@ -11296,7 +3458,7 @@     -

    See M-22-09, including "Agencies encrypt all DNS requests and HTTP traffic within their environment"

    +

    See M-22-09, including "Agencies encrypt all DNS requests and HTTP traffic within their environment"

    SC-8 (1) applies when encryption has been selected as the method to protect confidentiality and integrity. Otherwise refer to SC-8 (5). SC-8 (1) is strongly encouraged.

     @@ -11309,15 +3471,6 @@     - - - - - - - - - @@ -11337,18 +3490,6 @@     - - - - - - - - - - - - @@ -11364,7 +3505,7 @@
  • Generation of one time passwords (OTPs) for MFA
  • Protocols such as TLS, SSH, and HTTPS
    • -

    +

    The requirement for FIPS 140 validation, as well as timelines for acceptance of FIPS 140-2, and 140-3 can be found at the NIST Cryptographic Module Validation Program (CMVP).

    https://csrc.nist.gov/projects/cryptographic-module-validation-program

     @@ -11394,26 +3535,6 @@     - - - - - - - - - - - - - - - - - - - - @@ -11425,23 +3546,6 @@     - - - - - - - - - - - - - - - - - @@ -11469,30 +3573,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - @@ -11521,20 +3601,8 @@

    SC-21 applies to use of internal recursive DNS to access a domain outside the boundary by a component inside the boundary.

    - DNSSEC resolution to access a component inside the boundary is excluded.

    -     -     - - - - - - - - - - - - +     +     @@ -11555,18 +3623,6 @@     - - - - - - - - - - - - @@ -11582,15 +3638,6 @@     - - - - - - - - - @@ -11610,233 +3657,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -11848,243 +3668,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -12096,15 +3679,6 @@     - - - - - - - - - @@ -12116,17 +3690,6 @@     - - - - - - - - - - - @@ -12136,164 +3699,6 @@

    Service Providers must address the CISA Emergency and Binding Operational Directives applicable to their cloud service offering per FedRAMP guidance. This includes listing the applicable directives and stating compliance status.

     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -12310,22 +3715,6 @@     - - - - - - - - - - - - - - - - @@ -12337,190 +3726,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -12532,46 +3737,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -12583,14 +3748,6 @@     - - - - - - - - @@ -12602,14 +3759,6 @@     - - - - - - - - @@ -12621,24 +3770,6 @@     - - - - - - - - - - - - - - - - - - @@ -12650,38 +3781,14 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + @@ -12696,9 +3803,9 @@ - NIST Special Publication (SP) 800-53 + NIST Special Publication (SP) 800-53 revision 5 - + diff --git a/dist/content/rev5/baselines/xml/FedRAMP_rev5_LI-SaaS-baseline-resolved-profile_catalog.xml b/dist/content/rev5/baselines/xml/FedRAMP_rev5_LI-SaaS-baseline-resolved-profile_catalog.xml index 1947b2753..fe4b6f1e8 100644 --- a/dist/content/rev5/baselines/xml/FedRAMP_rev5_LI-SaaS-baseline-resolved-profile_catalog.xml +++ b/dist/content/rev5/baselines/xml/FedRAMP_rev5_LI-SaaS-baseline-resolved-profile_catalog.xml @@ -1,11 +1,11 @@ + uuid="1f13921f-e208-46d9-9506-2a14e20bbb0a"> FedRAMP Rev 5 Tailored Low Impact Software as a Service (LI-SaaS) Baseline 2023-08-31T00:00:00Z - 2024-01-19T14:50:30.575664-05:00 - 5.1.1+fedramp-20240111-0 + 2024-02-06T11:18:05.811433-05:00 + 5.1.1+20231218-1 1.1.1 @@ -121,6 +121,7 @@

    events that would require procedures to be reviewed and updated are defined;

    + @@ -130,8 +131,8 @@ - @@ -270,14 +271,15 @@

    the frequency of account review is defined;

    + - @@ -356,34 +358,34 @@ - - -

    Determine if the organization defines information system account types to be identified and selected to support organizational missions/business functions.

     - +

    Access control policy; procedures addressing account management; security plan; information system design documentation; information system configuration settings and associated documentation; list of active system accounts along with the name of the individual associated with each account; list of conditions for group and role membership; notifications or records of recently transferred, separated, or terminated employees; list of recently disabled information system accounts along with the name of the individual associated with each account; access authorization records; account management compliance reviews; information system monitoring records; information system audit records; other relevant documents or records.

         - +

    Organizational personnel with account management responsibilities; system/network administrators; organizational personnel with information security responsibilities.

         - +

    Organizational processes for account management on the information system; automated mechanisms for implementing account management.

     @@ -391,14 +393,15 @@     Access Enforcement + - @@ -544,18 +547,19 @@

    other action to be taken when the maximum number of unsuccessful attempts is exceeded is defined (if selected);

    + - - @@ -652,6 +656,7 @@

    conditions for system use to be displayed by the system before granting further access are defined;

    + @@ -661,8 +666,8 @@ - @@ -725,14 +730,15 @@

    user actions that can be performed on the system without identification or authentication are defined;

    + - @@ -758,14 +764,15 @@     Remote Access + - @@ -870,14 +877,15 @@ Wireless Access + - @@ -914,14 +922,15 @@ Access Control for Mobile Devices + - @@ -995,14 +1004,15 @@

    types of external systems prohibited from use are defined;

    + - @@ -1055,14 +1065,15 @@

    the frequency at which to review the content on the publicly accessible system for non-public information is defined;

    + - @@ -1231,6 +1242,7 @@

    events that would require procedures to be reviewed and updated are defined;

    + @@ -1240,8 +1252,8 @@ - @@ -1356,6 +1368,7 @@

    events that would require literacy training and awareness content to be updated are defined;

    + @@ -1365,8 +1378,8 @@ - @@ -1423,6 +1436,7 @@     Insider Threat + @@ -1432,8 +1446,8 @@ - @@ -1491,6 +1505,7 @@

    events that require role-based training content to be updated are defined;

    + @@ -1500,8 +1515,8 @@ - @@ -1569,6 +1584,7 @@

    time period for retaining individual training records is defined;

    + @@ -1578,8 +1594,8 @@ - @@ -1675,6 +1691,7 @@

    events that would require audit and accountability procedures to be reviewed and updated are defined;

    + @@ -1684,8 +1701,8 @@ - @@ -1782,14 +1799,15 @@

    the frequency of event types selected for logging are reviewed and updated;

    + - @@ -1858,14 +1876,15 @@     Content of Audit Records + - @@ -1987,6 +2006,7 @@

    audit log retention requirements are defined;

    + @@ -1996,8 +2016,8 @@ - @@ -2044,14 +2064,15 @@

    additional actions to be taken in the event of an audit logging process failure are defined;

    + - @@ -2153,6 +2174,7 @@

    personnel or roles to receive findings from reviews and analyses of system records is/are defined;

    + @@ -2162,8 +2184,8 @@ - @@ -2272,14 +2294,15 @@

    granularity of time measurement for audit record timestamps is defined;

    + - @@ -2308,14 +2331,15 @@

    personnel or roles to be alerted upon detection of unauthorized access, modification, or deletion of audit information is/are defined;

    + - @@ -2362,14 +2386,15 @@

    a time period to retain audit records that is consistent with the records retention policy is defined;

    + - @@ -2411,14 +2436,15 @@

    personnel or roles allowed to select the event types that are to be logged by specific components of the system is/are defined;

    + - @@ -2530,6 +2556,7 @@

    events that would require assessment, authorization, and monitoring procedures to be reviewed and updated are defined;

    + @@ -2539,8 +2566,8 @@ - @@ -2623,6 +2650,7 @@

    individuals or roles to whom control assessment results are to be provided are defined;

    + @@ -2632,8 +2660,8 @@ - @@ -2809,6 +2837,7 @@     Independent Assessors + @@ -2818,8 +2847,8 @@ - @@ -2865,6 +2894,7 @@

    the frequency at which to review and update agreements is defined;

    + @@ -2874,12 +2904,12 @@ - - @@ -3013,6 +3043,7 @@

    the frequency at which to update an existing plan of action and milestones based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities is defined;

    + @@ -3022,8 +3053,8 @@ - @@ -3065,6 +3096,7 @@

    frequency at which to update the authorizations is defined;

    + @@ -3074,8 +3106,8 @@ - @@ -3246,6 +3278,7 @@

    frequency at which the privacy status of the system is reported is defined;

    + @@ -3255,8 +3288,8 @@ - @@ -3466,6 +3499,7 @@     Risk Monitoring + @@ -3478,8 +3512,8 @@ - @@ -3578,6 +3612,7 @@

    systems or system components on which penetration testing is to be conducted are defined;

    + @@ -3587,8 +3622,8 @@ - @@ -3663,6 +3698,7 @@

    frequency at which to review the continued need for each internal connection is defined;

    + @@ -3672,12 +3708,12 @@ - - @@ -3866,6 +3902,7 @@

    events that would require configuration management procedures to be reviewed and updated are defined;

    + @@ -3875,8 +3912,8 @@ - @@ -3955,6 +3992,7 @@

    the circumstances requiring baseline configuration review and update are defined;

    + @@ -3964,8 +4002,8 @@ - @@ -4018,6 +4056,7 @@     Impact Analyses + @@ -4027,8 +4066,8 @@ - @@ -4110,14 +4149,15 @@ Access Restrictions for Change + - @@ -4233,6 +4273,7 @@

    operational requirements necessitating approval of deviations are defined;

    + @@ -4242,8 +4283,8 @@ - @@ -4447,6 +4488,7 @@

    services to be prohibited or restricted are defined;

    + @@ -4456,8 +4498,8 @@ - @@ -4515,6 +4557,7 @@

    frequency at which to review and update the system component inventory is defined;

    + @@ -4524,8 +4567,8 @@ - @@ -4662,14 +4705,15 @@     Software Usage Restrictions + - @@ -4724,14 +4768,15 @@

    frequency with which to monitor compliance is defined;

    + - @@ -4838,6 +4883,7 @@

    events that would require procedures to be reviewed and updated are defined;

    + @@ -4847,8 +4893,8 @@ - @@ -4961,14 +5007,15 @@

    key contingency organizational elements to communicate changes to are defined;

    + - @@ -5109,6 +5156,7 @@

    events necessitating review and update of contingency training are defined;

    + @@ -5118,8 +5166,8 @@ - @@ -5195,6 +5243,7 @@

    tests for determining readiness to execute the contingency plan are defined;

    + @@ -5204,8 +5253,8 @@ - @@ -5284,14 +5333,15 @@

    frequency at which to conduct backups of system documentation consistent with recovery time and recovery point objectives is defined;

    + - @@ -5420,14 +5470,15 @@

    time period consistent with recovery time and recovery point objectives for the reconstitution of the system is determined;

    + - @@ -5522,6 +5573,7 @@

    events that would require identification and authentication procedures to be reviewed and updated are defined;

    + @@ -5531,8 +5583,8 @@ - @@ -5595,6 +5647,7 @@     Identification and Authentication (Organizational Users) + @@ -5604,12 +5657,12 @@ - - @@ -5660,14 +5713,15 @@     Multi-factor Authentication to Privileged Accounts + - @@ -5728,22 +5782,20 @@ Multi-factor Authentication to Non-privileged Accounts + - -

    Implement multi-factor authentication for access to non-privileged accounts.

     @@ -5758,14 +5810,15 @@ non-privileged accounts + - @@ -5819,18 +5872,19 @@     Acceptance of PIV Credentials + - - @@ -5886,16 +5940,16 @@ - - -

    Determine if the information system:

    @@ -5930,14 +5984,15 @@

    a time period for preventing reuse of identifiers is defined;

    + - @@ -5999,6 +6054,7 @@

    events that trigger the change or refreshment of authenticators are defined;

    + @@ -6008,8 +6064,8 @@ - @@ -6095,6 +6151,7 @@

    authenticator composition and complexity rules are defined;

    + @@ -6104,8 +6161,8 @@ - @@ -6152,14 +6209,15 @@     Authentication Feedback + - @@ -6209,14 +6267,15 @@ Cryptographic Module Authentication + - @@ -6226,9 +6285,6 @@ -

    Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication.

     @@ -6237,14 +6293,15 @@     Identification and Authentication (Non-organizational Users) + - @@ -6278,18 +6335,19 @@     Acceptance of PIV Credentials from Other Agencies + - - @@ -6358,18 +6416,19 @@ Acceptance of External Authenticators + - - @@ -6460,14 +6519,15 @@

    identity management profiles are defined;

    + - @@ -6487,6 +6547,7 @@

    circumstances or situations requiring re-authentication are defined;

    + @@ -6496,8 +6557,8 @@ - @@ -6585,6 +6646,7 @@

    events that would require the incident response procedures to be reviewed and updated are defined;

    + @@ -6594,8 +6656,8 @@ - @@ -6693,6 +6755,7 @@

    events that initiate a review of the incident response training content are defined;

    + @@ -6702,8 +6765,8 @@ - @@ -6745,14 +6808,15 @@     Incident Handling + - @@ -6924,6 +6988,7 @@ Incident Monitoring + @@ -6933,8 +6998,8 @@ - @@ -6976,14 +7041,15 @@

    authorities to whom incident information is to be reported are defined;

    + - @@ -7061,14 +7127,15 @@     Incident Response Assistance + - @@ -7151,14 +7218,15 @@

    organizational elements to which changes to the incident response plan are communicated are defined;

    + - @@ -7317,6 +7385,7 @@

    events that would require the maintenance procedures to be reviewed and updated are defined;

    + @@ -7326,8 +7395,8 @@ - @@ -7401,18 +7470,19 @@

    information to be included in organizational maintenance records is defined;

    + - - @@ -7560,14 +7630,15 @@     Nonlocal Maintenance + - @@ -7618,18 +7689,19 @@ Maintenance Personnel + - - @@ -7799,6 +7871,7 @@

    events that would require media protection procedures to be reviewed and updated are defined;

    + @@ -7808,8 +7881,8 @@ - @@ -7895,18 +7968,19 @@

    personnel or roles authorized to access non-digital media is/are defined;

    + - - @@ -8033,18 +8107,19 @@

    sanitization techniques and procedures to be used for sanitization prior to release for reuse are defined;

    + - - @@ -8182,18 +8257,19 @@

    controls to restrict or prohibit the use of specific types of system media on systems or system components are defined;

    + - - @@ -8343,6 +8419,7 @@

    events that would require the physical and environmental protection procedures to be reviewed and updated are defined;

    + @@ -8352,8 +8429,8 @@ - @@ -8420,18 +8497,19 @@

    frequency at which to review the access list detailing authorized facility access by individuals is defined;

    + - - @@ -8636,18 +8714,19 @@

    frequency at which to change keys is defined;

    + - - @@ -8860,6 +8939,7 @@

    events or potential indication of events requiring physical access logs to be reviewed are defined;

    + @@ -8869,12 +8949,12 @@ - - @@ -9007,6 +9087,7 @@

    personnel to whom visitor access records anomalies are reported to is/are defined;

    + @@ -9016,12 +9097,12 @@ - - @@ -9103,18 +9184,19 @@     Emergency Lighting + - - @@ -9186,18 +9268,19 @@ Fire Protection + - - @@ -9317,18 +9400,19 @@

    frequency at which to monitor environmental control levels is defined;

    + - - @@ -9406,18 +9490,19 @@     Water Damage Protection + - - @@ -9511,18 +9596,19 @@

    types of system components to be authorized and controlled when exiting the facility are defined;

    + - - @@ -9692,6 +9778,7 @@

    events that would require procedures to be reviewed and updated are defined;

    + @@ -9701,8 +9788,8 @@ - @@ -9782,6 +9869,7 @@

    frequency to review system security and privacy plans is defined;

    + @@ -9791,8 +9879,8 @@ - @@ -10266,6 +10354,7 @@

    frequency for individuals to read and re-acknowledge the rules of behavior is defined (if selected);

    + @@ -10275,8 +10364,8 @@ - @@ -10323,6 +10412,7 @@     Social Media and External Site/Application Usage Restrictions + @@ -10332,8 +10422,8 @@ - @@ -10372,6 +10462,7 @@

    frequency for review and update to reflect changes in the enterprise architecture;

    + @@ -10381,8 +10472,8 @@ - @@ -10563,14 +10654,15 @@     Baseline Selection + - @@ -10597,14 +10689,15 @@ Baseline Tailoring + - @@ -10701,6 +10794,7 @@

    events that would require the personnel security procedures to be reviewed and updated are defined;

    + @@ -10710,8 +10804,8 @@ - @@ -10777,14 +10871,15 @@

    the frequency at which to review and update position risk designations is defined;

    + - @@ -10840,14 +10935,15 @@

    the frequency of rescreening individuals where it is so indicated is defined;

    + - @@ -10953,14 +11049,15 @@

    information security topics to be discussed when conducting exit interviews are defined;

    + - @@ -11032,14 +11129,15 @@

    time period within which to notify organization-defined personnel or roles when individuals are reassigned or transferred to other positions within the organization is defined;

    + - @@ -11094,6 +11192,7 @@

    the frequency at which to re-sign access agreements to maintain access to organizational information is defined;

    + @@ -11103,8 +11202,8 @@ - @@ -11167,6 +11266,7 @@

    time period within which third-party providers are required to notify organization-defined personnel or roles of any personnel transfers or terminations of external personnel who possess organizational credentials and/or badges or who have system privileges is defined;

    + @@ -11176,8 +11276,8 @@ - @@ -11242,14 +11342,15 @@

    the time period within which organization-defined personnel or roles must be notified when a formal employee sanctions process is initiated is defined;

    + - @@ -11272,14 +11373,15 @@     Position Descriptions + - @@ -11362,6 +11464,7 @@

    events that would require risk assessment procedures to be reviewed and updated are defined;

    + @@ -11371,8 +11474,8 @@ - @@ -11428,14 +11531,15 @@     Security Categorization + - @@ -11535,6 +11639,7 @@

    the frequency to update the risk assessment is defined;

    + @@ -11544,8 +11649,8 @@ - @@ -11722,6 +11827,7 @@

    the frequency at which to update the supply chain risk assessment is defined;

    + @@ -11731,8 +11837,8 @@ - @@ -11795,6 +11901,7 @@

    personnel or roles with whom information obtained from the vulnerability scanning process and control assessments is to be shared;

    + @@ -11804,8 +11911,8 @@ - @@ -11995,6 +12102,7 @@

    the frequency for updating the system vulnerabilities to be scanned is defined (if selected);

    + @@ -12004,8 +12112,8 @@ - @@ -12058,6 +12166,7 @@     Public Disclosure Program + @@ -12067,8 +12176,8 @@ - @@ -12124,6 +12233,7 @@ Risk Response + @@ -12133,8 +12243,8 @@ - @@ -12285,6 +12395,7 @@

    events that would require the system and services acquisition procedures to be reviewed and updated are defined;

    + @@ -12294,8 +12405,8 @@ - @@ -12353,6 +12464,7 @@     Allocation of Resources + @@ -12362,8 +12474,8 @@ - @@ -12401,6 +12513,7 @@

    system development life cycle is defined;

    + @@ -12410,8 +12523,8 @@ - @@ -12473,6 +12586,7 @@

    contract language is defined (if selected);

    + @@ -12482,8 +12596,8 @@ - @@ -12567,6 +12681,7 @@     Use of Approved PIV Products + @@ -12576,8 +12691,8 @@ - @@ -12611,6 +12726,7 @@

    personnel or roles to distribute system documentation to is/are defined;

    + @@ -12620,8 +12736,8 @@ - @@ -12707,6 +12823,7 @@

    privacy engineering principles are defined;

    + @@ -12716,8 +12833,8 @@ - @@ -12781,6 +12898,7 @@

    processes, methods, and techniques employed to monitor control compliance by external service providers are defined;

    + @@ -12790,8 +12908,8 @@ - @@ -12929,6 +13047,7 @@

    support from external providers is defined (if selected);

    + @@ -12938,8 +13057,8 @@ - @@ -13080,6 +13199,7 @@

    events that would require the system and communications protection procedures to be reviewed and updated are defined;

    + @@ -13089,8 +13209,8 @@ - @@ -13173,18 +13293,19 @@

    controls to achieve the denial-of-service objective by type of denial-of-service event are defined;

    + - - @@ -13269,14 +13390,15 @@ logically + - @@ -13410,14 +13532,15 @@ integrity + - @@ -13495,14 +13618,15 @@ detect changes to information + - @@ -13568,6 +13692,7 @@

    requirements for key generation, distribution, storage, access, and destruction are defined;

    + @@ -13577,8 +13702,8 @@ - @@ -13603,7 +13728,6 @@ - @@ -13684,18 +13808,19 @@

    types of cryptography for each specified cryptographic use are defined;

    + - - @@ -13809,14 +13934,15 @@

    exceptions where remote activation is to be allowed are defined;

    + - @@ -13840,14 +13966,15 @@     Secure Name/Address Resolution Service (Authoritative Source) + - @@ -13875,14 +14002,15 @@ Secure Name/Address Resolution Service (Recursive or Caching Resolver) + - @@ -13897,14 +14025,15 @@ Architecture and Provisioning for Name/Address Resolution Service + - @@ -13933,14 +14062,15 @@

    information at rest requiring protection is defined;

    + - @@ -14034,14 +14164,15 @@

    system components or media requiring cryptographic protection is/are defined;

    + - @@ -14105,6 +14236,7 @@     Process Isolation + @@ -14114,8 +14246,8 @@ - @@ -14206,6 +14338,7 @@

    events that would require the system and information integrity procedures to be reviewed and updated are defined;

    + @@ -14215,8 +14348,8 @@ - @@ -14282,14 +14415,15 @@

    time period within which to install security-relevant software updates after the release of the updates is defined;

    + - @@ -14509,6 +14643,7 @@

    personnel or roles to be alerted when malicious code is detected is/are defined;

    + @@ -14518,8 +14653,8 @@ - @@ -14722,6 +14857,7 @@

    a frequency for providing system monitoring to personnel or roles is defined (if selected);

    + @@ -14734,8 +14870,8 @@ - @@ -15005,6 +15141,7 @@

    external organizations to whom security alerts, advisories, and directives are to be disseminated are defined (if selected);

    + @@ -15014,8 +15151,8 @@ - @@ -15046,14 +15183,15 @@     Information Management and Retention + - @@ -15176,6 +15314,7 @@

    events that require the supply chain risk management procedures to be reviewed and updated are defined;

    + @@ -15185,8 +15324,8 @@ - @@ -15264,6 +15403,7 @@

    the frequency at which to review and update the supply chain risk management plan is defined;

    + @@ -15273,8 +15413,8 @@ - @@ -15333,6 +15473,7 @@

    supply chain risk management activities are defined;

    + @@ -15342,8 +15483,8 @@ - @@ -15390,6 +15531,7 @@

    the document identifying the selected and implemented supply chain processes and controls is defined (if selected);

    + @@ -15402,8 +15544,8 @@ - @@ -15462,6 +15604,7 @@

    acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks are defined;

    + @@ -15471,8 +15614,8 @@ - @@ -15525,6 +15668,7 @@

    information for which agreements and procedures are to be established are defined (if selected);

    + @@ -15534,8 +15678,8 @@ - @@ -15584,6 +15728,7 @@

    indications of the need for an inspection of systems or system components are defined (if selected);

    + @@ -15593,8 +15738,8 @@ - @@ -15639,6 +15784,7 @@

    personnel or roles to whom counterfeit system components are to be reported is/are defined (if selected);

    + @@ -15648,8 +15794,8 @@ - @@ -15679,6 +15825,7 @@

    personnel or roles requiring training to detect counterfeit system components (including hardware, software, and firmware) is/are defined;

    + @@ -15688,8 +15835,8 @@ - @@ -15714,6 +15861,7 @@

    system components requiring configuration control are defined;

    + @@ -15723,8 +15871,8 @@ - @@ -15754,6 +15902,7 @@

    techniques and methods for disposing of data, documentation, tools, or system components are defined;

    + @@ -15763,8 +15912,8 @@ - diff --git a/dist/content/rev5/baselines/xml/FedRAMP_rev5_LI-SaaS-baseline_profile.xml b/dist/content/rev5/baselines/xml/FedRAMP_rev5_LI-SaaS-baseline_profile.xml index 2a9e79210..dda3aafce 100644 --- a/dist/content/rev5/baselines/xml/FedRAMP_rev5_LI-SaaS-baseline_profile.xml +++ b/dist/content/rev5/baselines/xml/FedRAMP_rev5_LI-SaaS-baseline_profile.xml @@ -1,11 +1,11 @@ - + FedRAMP Rev 5 Tailored Low Impact Software as a Service (LI-SaaS) Baseline 2023-08-31T00:00:00Z - 2024-01-11T23:40:17Z - 5.1.1+fedramp-20240111-0 + 2023-12-18T15:22:59Z + 5.1.1+20231218-1 1.1.1 Document creator @@ -1316,7 +1316,7 @@ - + @@ -1336,28 +1336,28 @@ - + - - - + + +

    Determine if the organization defines information system account types to be identified and selected to support organizational missions/business functions.

     - +

    Access control policy; procedures addressing account management; security plan; information system design documentation; information system configuration settings and associated documentation; list of active system accounts along with the name of the individual associated with each account; list of conditions for group and role membership; notifications or records of recently transferred, separated, or terminated employees; list of recently disabled information system accounts along with the name of the individual associated with each account; access authorization records; account management compliance reviews; information system monitoring records; information system audit records; other relevant documents or records.

         - +

    Organizational personnel with account management responsibilities; system/network administrators; organizational personnel with information security responsibilities.

         - +

    Organizational processes for account management on the information system; automated mechanisms for implementing account management.

     @@ -1370,7 +1370,7 @@     - + @@ -1380,8 +1380,8 @@ - - + +

    NSO for non-privileged users. Attestation for privileged users related to multi-factor identification and authentication.

     @@ -1392,7 +1392,7 @@ - +

    FED - This is related to agency data and agency policy solution.

     @@ -1403,7 +1403,7 @@ - +

    FED - This is related to agency data and agency policy solution.

     @@ -1415,7 +1415,7 @@     - + @@ -1424,7 +1424,7 @@ - +

    NSO - All access to Cloud SaaS are via web services and/or API. The device accessed from or whether via wired or wireless connection is out of scope. Regardless of device accessed from, must utilize approved remote access methods (AC-17), secure communication with strong encryption (SC-13), key management (SC-12), and multi-factor authentication for privileged access (IA-2[1]).

     @@ -1436,7 +1436,7 @@ - +

    NSO - All access to Cloud SaaS are via web service and/or API. The device accessed from is out of the scope. Regardless of device accessed from, must utilize approved remote access methods (AC-17), secure communication with strong encryption (SC-13), key management (SC-12), and multi-factor authentication for privileged access (IA-2 [1]).

     @@ -1447,7 +1447,7 @@ - + @@ -1457,7 +1457,7 @@     - + @@ -1466,7 +1466,7 @@ - + @@ -1475,7 +1475,7 @@ - + @@ -1484,7 +1484,7 @@ - + @@ -1493,7 +1493,7 @@ - + @@ -1502,7 +1502,7 @@ - + @@ -1511,7 +1511,7 @@ - + @@ -1520,7 +1520,7 @@ - + @@ -1529,7 +1529,7 @@     - + @@ -1537,7 +1537,7 @@ - +

    NSO - Loss of availability of the audit data has been determined to have little or no impact to government business/mission needs.

     @@ -1549,7 +1549,7 @@     - + @@ -1559,7 +1559,7 @@     - + @@ -1567,7 +1567,7 @@ - + @@ -1575,7 +1575,7 @@ - + @@ -1584,7 +1584,7 @@ - +

    NSO - Loss of availability of the audit data has been determined as little or no impact to government business/mission needs.

     @@ -1595,7 +1595,7 @@ - + @@ -1604,7 +1604,7 @@ - + @@ -1614,7 +1614,7 @@     - + @@ -1622,7 +1622,7 @@ - + @@ -1632,8 +1632,8 @@     - - + +

    Condition: There are connection(s) to external systems. Connections (if any) shall be authorized and must: 1) Identify the interface/connection. 2) Detail what data is involved and its sensitivity. 3) Determine whether the connection is one-way or bi-directional. 4) Identify how the connection is secured.

     @@ -1645,7 +1645,7 @@ - +

    Attestation - for compliance with FedRAMP Tailored LI-SaaS Continuous Monitoring Requirements.

     @@ -1657,7 +1657,7 @@     - + @@ -1667,7 +1667,7 @@     - + @@ -1677,7 +1677,7 @@ - + @@ -1687,7 +1687,7 @@ - + @@ -1697,8 +1697,8 @@ - - + +

    Condition: There are connection(s) to external systems. Connections (if any) shall be authorized and must: 1) Identify the interface/connection. 2) Detail what data is involved and its sensitivity. 3) Determine whether the connection is one-way or bi-directional. 4) Identify how the connection is secured.

     @@ -1710,7 +1710,7 @@ - + @@ -1718,7 +1718,7 @@ - + @@ -1727,7 +1727,7 @@     - + @@ -1737,7 +1737,7 @@ - + @@ -1747,7 +1747,7 @@ - +

    Required - Specifically include details of least functionality.

     @@ -1773,7 +1773,7 @@ - + @@ -1783,7 +1783,7 @@     - + @@ -1791,7 +1791,7 @@ - +

    NSO- Not directly related to protection of the data.

     @@ -1802,7 +1802,7 @@ - +

    NSO - Boundary is specific to SaaS environment; all access is via web services; users' machine or internal network are not contemplated. External services (SA-9), internal connection (CA-9), remote access (AC-17), and secure access (SC-12 and SC-13), and privileged authentication (IA-2[1]) are considerations.

     @@ -1814,7 +1814,7 @@ - + @@ -1823,7 +1823,7 @@ - +

    NSO - Loss of availability of the SaaS has been determined as little or no impact to government business/mission needs.

     @@ -1835,7 +1835,7 @@ - +

    NSO - Loss of availability of the SaaS has been determined as little or no impact to government business/mission needs.

     @@ -1847,7 +1847,7 @@ - +

    NSO - Loss of availability of the SaaS has been determined as little or no impact to government business/mission needs.

     @@ -1859,7 +1859,7 @@     - + @@ -1867,7 +1867,7 @@ - +

    NSO - Loss of availability of the SaaS has been determined as little or no impact to government business/mission needs.

     @@ -1879,7 +1879,7 @@ - + @@ -1887,8 +1887,8 @@ - - + +

    NSO for non-privileged users. Attestation for privileged users related to multi-factor identification and authentication - specifically include description of management of service accounts.

     @@ -1900,7 +1900,7 @@     - + IA-2(1) Additional FedRAMP Requirements and Guidance @@ -1913,12 +1913,9 @@ - - - - + - + @@ -1928,7 +1925,7 @@ - + @@ -1937,13 +1934,13 @@     - - + + - - - + + +

    Determine if the information system:

    • Accepts PIV credentials.
      • @@ -1958,7 +1955,7 @@ - + @@ -1967,7 +1964,7 @@ - + @@ -1976,7 +1973,7 @@ - + @@ -1985,18 +1982,15 @@ - + - - - - + @@ -2004,7 +1998,7 @@ - + @@ -2013,8 +2007,8 @@ - - + +

      Condition: Must document and assess for privileged users. May attest to this control for non-privileged users. FedRAMP requires a minimum of multi-factor authentication for all Federal privileged users, if acceptance of PIV credentials is not supported. The implementation status and details of how this control is implemented must be clearly defined by the CSP.

       @@ -2026,8 +2020,8 @@       - - + +

      Condition: Must document and assess for privileged users. May attest to this control for non-privileged users. FedRAMP requires a minimum of multi-factor authentication for all Federal privileged users, if acceptance of PIV credentials is not supported. The implementation status and details of how this control is implemented must be clearly defined by the CSP.

       @@ -2038,7 +2032,7 @@ - + @@ -2047,7 +2041,7 @@ - + @@ -2056,7 +2050,7 @@ - + @@ -2065,7 +2059,7 @@ - + @@ -2074,7 +2068,7 @@       - + @@ -2082,7 +2076,7 @@ - + @@ -2092,7 +2086,7 @@ - + @@ -2100,7 +2094,7 @@ - + @@ -2109,7 +2103,7 @@ - +

      Attestation - Specifically attest to US-CERT compliance.

       @@ -2121,7 +2115,7 @@ - + @@ -2130,8 +2124,8 @@       - - + +

      Condition: Control is not inherited from a FedRAMP-authorized PaaS or IaaS.

       @@ -2143,7 +2137,7 @@ - + @@ -2152,8 +2146,8 @@       - - + +

      Condition: Control is not inherited from a FedRAMP-authorized PaaS or IaaS.

       @@ -2165,7 +2159,7 @@ - + @@ -2174,8 +2168,8 @@       - - + +

      Condition: Control is not inherited from a FedRAMP-authorized PaaS or IaaS.

       @@ -2187,8 +2181,8 @@       - - + +

      Condition: Control is not inherited from a FedRAMP-authorized PaaS or IaaS.

       @@ -2200,8 +2194,8 @@       - - + +

      Condition: Control is not inherited from a FedRAMP-authorized PaaS or IaaS.

       @@ -2213,7 +2207,7 @@ - + @@ -2223,8 +2217,8 @@       - - + +

      Condition: Control is not inherited from a FedRAMP-authorized PaaS or IaaS.

       @@ -2237,8 +2231,8 @@       - - + +

      Condition: Control is not inherited from a FedRAMP-authorized PaaS or IaaS.

       @@ -2251,8 +2245,8 @@       - - + +

      Condition: Control is not inherited from a FedRAMP-authorized PaaS or IaaS.

       @@ -2265,8 +2259,8 @@       - - + +

      Condition: Control is not inherited from a FedRAMP-authorized PaaS or IaaS.

       @@ -2278,8 +2272,8 @@       - - + +

      Condition: Control is not inherited from a FedRAMP-authorized PaaS or IaaS.

       @@ -2291,8 +2285,8 @@       - - + +

      Condition: Control is not inherited from a FedRAMP-authorized PaaS or IaaS.

       @@ -2304,8 +2298,8 @@       - - + +

      Condition: Control is not inherited from a FedRAMP-authorized PaaS or IaaS.

       @@ -2326,8 +2320,8 @@       - - + +

      Condition: Control is not inherited from a FedRAMP-authorized PaaS or IaaS.

       @@ -2339,8 +2333,8 @@       - - + +

      Condition: Control is not inherited from a FedRAMP-authorized PaaS or IaaS.

       @@ -2352,7 +2346,7 @@ - + @@ -2362,7 +2356,7 @@       - + @@ -2370,7 +2364,7 @@ - + @@ -2379,7 +2373,7 @@ - + @@ -2389,7 +2383,7 @@ - + @@ -2398,7 +2392,7 @@ - + @@ -2407,7 +2401,7 @@ - + @@ -2416,7 +2410,7 @@ - + @@ -2424,7 +2418,7 @@ - + @@ -2433,7 +2427,7 @@ - + @@ -2442,7 +2436,7 @@ - + @@ -2451,7 +2445,7 @@ - + @@ -2460,7 +2454,7 @@ - + @@ -2469,7 +2463,7 @@ - +

      Attestation - Specifically stating that any third-party security personnel are treated as CSP employees.

       @@ -2480,7 +2474,7 @@ - + @@ -2489,7 +2483,7 @@ - + @@ -2498,7 +2492,7 @@ - + @@ -2509,7 +2503,7 @@       - + @@ -2518,7 +2512,7 @@ - + @@ -2527,7 +2521,7 @@ - + @@ -2537,7 +2531,7 @@ - + @@ -2547,7 +2541,7 @@ - + @@ -2557,7 +2551,7 @@ - + @@ -2567,7 +2561,7 @@ - + @@ -2576,7 +2570,7 @@ - + @@ -2584,7 +2578,7 @@ - + @@ -2592,7 +2586,7 @@ - + @@ -2600,7 +2594,7 @@ - + @@ -2609,7 +2603,7 @@ - + @@ -2617,7 +2611,7 @@ - + @@ -2626,7 +2620,7 @@ - + @@ -2635,7 +2629,7 @@ - + @@ -2645,7 +2639,7 @@ - + @@ -2654,7 +2648,7 @@ - + @@ -2663,8 +2657,8 @@ - - + +

      Condition: If availability is a requirement, define protections in place as per control requirement.

       @@ -2676,7 +2670,7 @@       - + @@ -2686,7 +2680,7 @@ - + @@ -2696,7 +2690,7 @@ - + @@ -2705,7 +2699,7 @@ - + @@ -2715,8 +2709,8 @@ - - + +

      Condition: If implementing need to detail how they meet it or don't meet it.

       @@ -2727,7 +2721,7 @@ - +

      NSO - Not directly related to the security of the SaaS.

       @@ -2738,7 +2732,7 @@ - + @@ -2746,7 +2740,7 @@ - + @@ -2754,7 +2748,7 @@ - + @@ -2764,7 +2758,7 @@       - + @@ -2774,7 +2768,7 @@       - + @@ -2782,7 +2776,7 @@ - + @@ -2791,7 +2785,7 @@ - + @@ -2801,7 +2795,7 @@ - + @@ -2811,7 +2805,7 @@ - + @@ -2821,7 +2815,7 @@ - + @@ -2829,7 +2823,7 @@ - + @@ -2837,7 +2831,7 @@ - +

      Attestation - Specifically related to US-CERT and FedRAMP communications procedures.

       @@ -2849,7 +2843,7 @@ - + @@ -2858,7 +2852,7 @@ - + @@ -2867,7 +2861,7 @@ - + @@ -2876,7 +2870,7 @@ - + @@ -2885,7 +2879,7 @@ - + @@ -2894,7 +2888,7 @@ - + @@ -2903,7 +2897,7 @@ - + @@ -2912,7 +2906,7 @@ - + @@ -2921,7 +2915,7 @@ - + @@ -2930,7 +2924,7 @@ - + @@ -2939,7 +2933,7 @@ - + @@ -2956,9 +2950,9 @@ - NIST Special Publication (SP) 800-53 + NIST Special Publication (SP) 800-53 revision 5 - + diff --git a/dist/content/rev5/baselines/xml/FedRAMP_rev5_LOW-baseline-resolved-profile_catalog.xml b/dist/content/rev5/baselines/xml/FedRAMP_rev5_LOW-baseline-resolved-profile_catalog.xml index 74602a349..f06b17a1c 100644 --- a/dist/content/rev5/baselines/xml/FedRAMP_rev5_LOW-baseline-resolved-profile_catalog.xml +++ b/dist/content/rev5/baselines/xml/FedRAMP_rev5_LOW-baseline-resolved-profile_catalog.xml @@ -1,11 +1,11 @@ + uuid="f297751f-5150-42ad-bbb9-670c1bf8aa85"> FedRAMP Rev 5 Low Baseline 2023-08-31T00:00:00Z - 2024-01-19T14:50:48.695772-05:00 - 5.1.1+fedramp-20240111-0 + 2024-02-06T11:18:37.934997-05:00 + 5.1.1+20231218-1 1.1.1 @@ -120,6 +120,7 @@

      events that would require procedures to be reviewed and updated are defined;

      + @@ -142,13 +143,6 @@ - - -

      This response must address all control sub-statement requirements.

      -       -

      Develop, document, and disseminate to :

      @@ -170,20 +164,10 @@       -

      Designate an to manage the development, documentation, and dissemination of the access control policy and procedures; and

       - - -

      This response must address all control sub-statement requirements.

      -       -

      Review and update the current access control:

      @@ -204,57 +188,21 @@ - - -

      an access control policy is developed and documented;

       - - -

      the access control policy is disseminated to ;

       - -

      access control procedures to facilitate the implementation of the access control policy and associated controls are developed and documented;

       - -

      the access control procedures are disseminated to ;

      @@ -262,13 +210,6 @@ - - @@ -308,13 +249,6 @@ - -

      the access control policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

      @@ -324,17 +258,6 @@       - - -

      the is designated to manage the development, documentation, and dissemination of the access control policy and procedures;

      @@ -342,17 +265,6 @@ - - - @@ -367,17 +279,6 @@ - - - @@ -496,7 +397,7 @@

      the frequency of account review is defined;

      - + @@ -536,30 +437,18 @@ -

      Define and document the types of accounts allowed and specifically prohibited for use within the system;

       -

      Assign account managers;

       -

      Require for group and role membership;

       -

      Specify:

      @@ -576,30 +465,18 @@       -

      Require approvals by for requests to create accounts;

       -

      Create, enable, modify, disable, and remove accounts in accordance with ;

       -

      Monitor the use of accounts;

       -

      Notify account managers and within:

      @@ -619,9 +496,6 @@       -

      Authorize access to the system based on:

      @@ -639,23 +513,14 @@       -

      Review accounts for compliance with account management requirements ;

       -

      Establish and implement a process for changing shared or group account authenticators (if deployed) when individuals are removed from the group; and

       -

      Align account management processes with personnel termination and transfer processes.

       @@ -670,25 +535,11 @@ - -

      account types allowed for use within the system are defined and documented;

       - -

      account types specifically prohibited for use within the system are defined and documented;

      @@ -696,46 +547,17 @@       - - -

      account managers are assigned;

       - - -

      for group and role membership are required;

       - - @@ -765,33 +587,11 @@ - - -

      approvals are required by for requests to create accounts;

       - - - @@ -821,33 +621,11 @@ - - -

      the use of accounts is monitored;

      - - - @@ -869,49 +647,16 @@ - - -

      access to the system is authorized based on a valid access authorization;

       - - -

      access to the system is authorized based on intended system usage;

       - - -

      access to the system is authorized based on ;

      @@ -919,17 +664,6 @@       - - -

      accounts are reviewed for compliance with account management requirements ;

      @@ -937,33 +671,11 @@ - - -

      a process is established for changing shared or group account authenticators (if deployed) when individuals are removed from the group;

       - - -

      a process is implemented for changing shared or group account authenticators (if deployed) when individuals are removed from the group;

      @@ -971,17 +683,6 @@       - - - @@ -1040,7 +741,7 @@ Access Enforcement - + @@ -1100,26 +801,12 @@ -

      Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

      Access control policies control access between active entities or subjects (i.e., users or processes acting on behalf of users) and passive entities or objects (i.e., devices, files, records, domains) in organizational systems. In addition to enforcing authorized access at the system level and recognizing that systems can host many applications and services in support of mission and business functions, access enforcement mechanisms can also be employed at the application and service level to provide increased information security and privacy. In contrast to logical access controls that are implemented within the system, physical access controls are addressed by the controls in the Physical and Environmental Protection ( PE ) family.

       - - -

      approved authorizations for logical access to information and system resources are enforced in accordance with applicable access control policies.

      @@ -1201,6 +888,7 @@

      other action to be taken when the maximum number of unsuccessful attempts is exceeded is defined (if selected);

      + @@ -1216,16 +904,10 @@ -

      Enforce a limit of consecutive invalid logon attempts by a user during a ; and

       -

      Automatically when the maximum number of unsuccessful attempts is exceeded.

       @@ -1243,33 +925,11 @@ - - -

      a limit of consecutive invalid logon attempts by a user during is enforced;

       - - -

      automatically when the maximum number of unsuccessful attempts is exceeded.

      @@ -1330,6 +990,7 @@

      conditions for system use to be displayed by the system before granting further access are defined;

      + @@ -1344,9 +1005,6 @@ -

      Display to users before granting access to the system that provides privacy and security notices consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines and state that:

      @@ -1367,16 +1025,10 @@       -

      Retain the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the system; and

       -

      For publicly accessible systems:

      @@ -1418,64 +1070,25 @@ - - -

      is displayed to users before granting access to the system that provides privacy and security notices consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

      - -

      the system use notification states that users are accessing a U.S. Government system;

       - -

      the system use notification states that system usage may be monitored, recorded, and subject to audit;

       - -

      the system use notification states that unauthorized use of the system is prohibited and subject to criminal and civil penalties; and

       - -

      the system use notification states that use of the system indicates consent to monitoring and recording;

      @@ -1483,29 +1096,11 @@       - - -

      the notification message or banner is retained on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the system;

       - - @@ -1571,6 +1166,7 @@

      user actions that can be performed on the system without identification or authentication are defined;

      + @@ -1582,16 +1178,10 @@ -

      Identify that can be performed on the system without identification or authentication consistent with organizational mission and business functions; and

       -

      Document and provide supporting rationale in the security plan for the system, user actions not requiring identification or authentication.

       @@ -1603,30 +1193,12 @@ - - -

      that can be performed on the system without identification or authentication consistent with organizational mission and business functions are identified;

       - - @@ -1667,6 +1239,7 @@       Remote Access + @@ -1700,16 +1273,10 @@ -

      Establish and document usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; and

       -

      Authorize each type of remote access to the system prior to allowing such connections.

       @@ -1720,17 +1287,6 @@ - - - @@ -1750,17 +1306,6 @@ - - -

      each type of remote access to the system is authorized prior to allowing such connections.

      @@ -1800,6 +1345,7 @@       Wireless Access + @@ -1823,16 +1369,10 @@ -

      Establish configuration requirements, connection requirements, and implementation guidance for each type of wireless access; and

       -

      Authorize each type of wireless access to the system prior to allowing such connections.

       @@ -1843,17 +1383,6 @@ - - - @@ -1873,17 +1402,6 @@ - - -

      each type of wireless access to the system is authorized prior to allowing such connections.

      @@ -1923,6 +1441,7 @@       Access Control for Mobile Devices + @@ -1955,16 +1474,10 @@ -

      Establish configuration requirements, connection requirements, and implementation guidance for organization-controlled mobile devices, to include when such devices are outside of controlled areas; and

       -

      Authorize the connection of mobile devices to organizational systems.

       @@ -1977,17 +1490,6 @@ - - - @@ -2007,17 +1509,6 @@ - - -

      the connection of mobile devices to organizational systems is authorized.

      @@ -2085,6 +1576,7 @@

      types of external systems prohibited from use are defined;

      + @@ -2105,9 +1597,6 @@ -

      , consistent with the trust relationships established with other organizations owning, operating, and/or maintaining external systems, allowing authorized individuals to:

      @@ -2121,9 +1610,6 @@       -

      Prohibit the use of .

       @@ -2146,17 +1632,6 @@ - - - @@ -2173,17 +1648,6 @@ - - -

      the use of is prohibited (if applicable).

      @@ -2234,6 +1698,7 @@

      the frequency at which to review the content on the publicly accessible system for non-public information is defined;

      + @@ -2247,30 +1712,18 @@ -

      Designate individuals authorized to make information publicly accessible;

       -

      Train authorized individuals to ensure that publicly accessible information does not contain nonpublic information;

       -

      Review the proposed content of information prior to posting onto the publicly accessible system to ensure that nonpublic information is not included; and

       -

      Review the content on the publicly accessible system for nonpublic information and remove such information, if discovered.

       @@ -2281,65 +1734,21 @@ - - -

      designated individuals are authorized to make information publicly accessible;

       - - -

      authorized individuals are trained to ensure that publicly accessible information does not contain non-public information;

       - - -

      the proposed content of information is reviewed prior to posting onto the publicly accessible system to ensure that non-public information is not included;

       - - - @@ -2459,6 +1868,7 @@

      events that would require procedures to be reviewed and updated are defined;

      + @@ -2479,13 +1889,6 @@ - - -

      This response must address all control sub-statement requirements.

      -       -

      Develop, document, and disseminate to :

      @@ -2507,20 +1910,10 @@       -

      Designate an to manage the development, documentation, and dissemination of the awareness and training policy and procedures; and

       - - -

      This response must address all control sub-statement requirements.

      -       -

      Review and update the current awareness and training:

      @@ -2541,57 +1934,21 @@ - - -

      an awareness and training policy is developed and documented;

      - - -

      the awareness and training policy is disseminated to ;

       - -

      awareness and training procedures to facilitate the implementation of the awareness and training policy and associated access controls are developed and documented;

       - -

      the awareness and training procedures are disseminated to .

      @@ -2599,13 +1956,6 @@ - - @@ -2645,13 +1995,6 @@ - -

      the awareness and training policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines; and

      @@ -2661,17 +2004,6 @@       - - -

      the is designated to manage the development, documentation, and dissemination of the awareness and training policy and procedures;

      @@ -2679,17 +2011,6 @@ - - - @@ -2704,17 +2025,6 @@ - - - @@ -2811,6 +2121,7 @@

      events that would require literacy training and awareness content to be updated are defined;

      + @@ -2844,9 +2155,6 @@ -

      Provide security and privacy literacy training to system users (including managers, senior executives, and contractors):

      @@ -2859,23 +2167,14 @@       -

      Employ the following techniques to increase the security and privacy awareness of system users ;

       -

      Update literacy training and awareness content and following ; and

       -

      Incorporate lessons learned from internal or external security incidents or breaches into literacy training and awareness techniques.

       @@ -2891,65 +2190,21 @@ - - -

      security literacy training is provided to system users (including managers, senior executives, and contractors) as part of initial training for new users;

       - - -

      privacy literacy training is provided to system users (including managers, senior executives, and contractors) as part of initial training for new users;

       - - -

      security literacy training is provided to system users (including managers, senior executives, and contractors) thereafter;

       - - -

      privacy literacy training is provided to system users (including managers, senior executives, and contractors) thereafter;

      @@ -2957,17 +2212,6 @@       - - - @@ -2984,30 +2228,12 @@ - -

      are employed to increase the security and privacy awareness of system users;

       - - - @@ -3022,17 +2248,6 @@ - - -

      lessons learned from internal or external security incidents or breaches are incorporated into literacy training and awareness techniques.

      @@ -3072,6 +2287,7 @@       Insider Threat + @@ -3084,26 +2300,12 @@ -

      Provide literacy training on recognizing and reporting potential indicators of insider threat.

      Potential indicators and possible precursors of insider threat can include behaviors such as inordinate, long-term job dissatisfaction; attempts to gain access to information not required for job performance; unexplained access to financial resources; bullying or harassment of fellow employees; workplace violence; and other serious violations of policies, procedures, directives, regulations, rules, or practices. Literacy training includes how to communicate the concerns of employees and management regarding potential indicators of insider threat through channels established by the organization and in accordance with established policies and procedures. Organizations may consider tailoring insider threat awareness topics to the role. For example, training for managers may be focused on changes in the behavior of team members, while training for employees may be focused on more general observations.

       - - - @@ -3186,6 +2388,7 @@

      events that require role-based training content to be updated are defined;

      + @@ -3222,9 +2425,6 @@ -

      Provide role-based security and privacy training to personnel with the following roles and responsibilities: :

      @@ -3237,16 +2437,10 @@       -

      Update role-based training content and following ; and

       -

      Incorporate lessons learned from internal or external security incidents or breaches into role-based training.

       @@ -3260,17 +2454,6 @@ - - - @@ -3297,17 +2480,6 @@ - - - @@ -3324,13 +2496,6 @@ - - @@ -3345,17 +2510,6 @@ - - -

      lessons learned from internal or external security incidents or breaches are incorporated into role-based training.

      @@ -3406,6 +2560,7 @@

      time period for retaining individual training records is defined;

      + @@ -3424,16 +2579,10 @@ -

      Document and monitor information security and privacy training activities, including security and privacy awareness training and specific role-based security and privacy training; and

       -

      Retain individual training records for .

       @@ -3444,17 +2593,6 @@ - - - @@ -3469,13 +2607,6 @@ - -

      individual training records are retained for .

      @@ -3581,6 +2712,7 @@

      events that would require audit and accountability procedures to be reviewed and updated are defined;

      + @@ -3599,13 +2731,6 @@ - - -

      This response must address all control sub-statement requirements.

      -       -

      Develop, document, and disseminate to :

      @@ -3627,20 +2752,10 @@       -

      Designate an to manage the development, documentation, and dissemination of the audit and accountability policy and procedures; and

       - - -

      This response must address all control sub-statement requirements.

      -       -

      Review and update the current audit and accountability:

      @@ -3661,57 +2776,21 @@ - - -

      an audit and accountability policy is developed and documented;

       - - -

      the audit and accountability policy is disseminated to ;

       - -

      audit and accountability procedures to facilitate the implementation of the audit and accountability policy and associated audit and accountability controls are developed and documented;

       - -

      the audit and accountability procedures are disseminated to ;

      @@ -3719,13 +2798,6 @@ - - @@ -3765,13 +2837,6 @@ - -

      the of the audit and accountability policy is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines;

      @@ -3781,17 +2846,6 @@       - - -

      the is designated to manage the development, documentation, and dissemination of the audit and accountability policy and procedures;

      @@ -3799,17 +2853,6 @@ - - - @@ -3824,17 +2867,6 @@ - - - @@ -3915,7 +2947,7 @@

      the frequency of event types selected for logging are reviewed and updated;

      - + @@ -3960,37 +2992,22 @@ -

      Identify the types of events that the system is capable of logging in support of the audit function: ;

       -

      Coordinate the event logging function with other organizational entities requiring audit-related information to guide and inform the selection criteria for events to be logged;

       -

      Specify the following event types for logging within the system: ;

       -

      Provide a rationale for why the event types selected for logging are deemed to be adequate to support after-the-fact investigations of incidents; and

       -

      Review and update the event types selected for logging .

       @@ -4014,34 +3031,12 @@ - - -

      that the system is capable of logging are identified in support of the audit logging function;

       - - -

      the event logging function is coordinated with other organizational entities requiring audit-related information to guide and inform the selection criteria for events to be logged;

      @@ -4049,30 +3044,12 @@ - - -

      are specified for logging within the system;

       - -

      the specified event types are logged within the system ;

      @@ -4080,29 +3057,11 @@       - - -

      a rationale is provided for why the event types selected for logging are deemed to be adequate to support after-the-fact investigations of incidents;

       - -

      the event types selected for logging are reviewed and updated .

      @@ -4143,7 +3102,7 @@       Content of Audit Records - + @@ -4164,44 +3123,26 @@

      Ensure that audit records contain information that establishes the following:

      -

      What type of event occurred;

       -

      When the event occurred;

       -

      Where the event occurred;

       -

      Source of the event;

       -

      Outcome of the event; and

       -

      Identity of any individuals, subjects, or objects/entities associated with the event.

       @@ -4210,17 +3151,6 @@

      Audit record content that may be necessary to support the auditing function includes event descriptions (item a), time stamps (item b), source and destination addresses (item c), user or process identifiers (items d and f), success or fail indications (item e), and filenames involved (items a, c, e, and f) . Event outcomes include indicators of event success or failure and event-specific results, such as the system security and privacy posture after the event occurred. Organizations consider how audit records can reveal information about individuals that may give rise to privacy risks and how best to mitigate such risks. For example, there is the potential to reveal personally identifiable information in the audit trail, especially if the trail records inputs or is based on patterns or time of usage.

       - - - @@ -4295,7 +3225,7 @@

      audit log retention requirements are defined;

      - + @@ -4315,26 +3245,12 @@ -

      Allocate audit log storage capacity to accommodate .

      Organizations consider the types of audit logging to be performed and the audit log processing requirements when allocating audit log storage capacity. Allocating sufficient audit log storage capacity reduces the likelihood of such capacity being exceeded and resulting in the potential loss or reduction of audit logging capability.

       - - -

      audit log storage capacity is allocated to accommodate .

      @@ -4398,7 +3314,7 @@

      additional actions to be taken in the event of an audit logging process failure are defined;

      - + @@ -4416,16 +3332,10 @@ -

      Alert within in the event of an audit logging process failure; and

       -

      Take the following additional actions: .

       @@ -4436,34 +3346,12 @@ - - -

      are alerted in the event of an audit logging process failure within ;

       - - -

      are taken in the event of an audit logging process failure.

      @@ -4529,7 +3417,7 @@

      personnel or roles to receive findings from reviews and analyses of system records is/are defined;

      - + @@ -4573,23 +3461,14 @@ -

      Review and analyze system audit records for indications of and the potential impact of the inappropriate or unusual activity;

       -

      Report findings to ; and

       -

      Adjust the level of audit record review, analysis, and reporting within the system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.

       @@ -4607,49 +3486,16 @@ - - -

      system audit records are reviewed and analyzed for indications of and the potential impact of the inappropriate or unusual activity;

       - - -

      findings are reported to ;

       - - -

      the level of audit record review, analysis, and reporting within the system is adjusted when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.

      @@ -4691,7 +3537,7 @@

      granularity of time measurement for audit record timestamps is defined;

      - + @@ -4704,16 +3550,10 @@ -

      Use internal system clocks to generate time stamps for audit records; and

       -

      Record time stamps for audit records that meet and that use Coordinated Universal Time, have a fixed local time offset from Coordinated Universal Time, or that include the local time offset as part of the time stamp.

       @@ -4724,33 +3564,11 @@ - - -

      internal system clocks are used to generate timestamps for audit records;

       - - -

      timestamps are recorded for audit records that meet and that use Coordinated Universal Time, have a fixed local time offset from Coordinated Universal Time, or include the local time offset as part of the timestamp.

      @@ -4796,6 +3614,7 @@

      personnel or roles to be alerted upon detection of unauthorized access, modification, or deletion of audit information is/are defined;

      + @@ -4821,16 +3640,10 @@ -

      Protect audit information and audit logging tools from unauthorized access, modification, and deletion; and

       -

      Alert upon detection of unauthorized access, modification, or deletion of audit information.

       @@ -4841,33 +3654,11 @@ - - -

      audit information and audit logging tools are protected from unauthorized access, modification, and deletion;

       - - -

      are alerted upon detection of unauthorized access, modification, or deletion of audit information.

      @@ -4922,7 +3713,7 @@

      a time period to retain audit records that is consistent with the records retention policy is defined;

      - + @@ -4940,9 +3731,6 @@ -

      Retain audit records for to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.

      AU-11 Additional FedRAMP Requirements and Guidance @@ -4964,17 +3752,6 @@

      Organizations retain audit records until it is determined that the records are no longer needed for administrative, legal, audit, or other operational purposes. This includes the retention and availability of audit records relative to Freedom of Information Act (FOIA) requests, subpoenas, and law enforcement actions. Organizations develop standard categories of audit records relative to such types of actions and standard response processes for each type of action. The National Archives and Records Administration (NARA) General Records Schedules provide federal policy on records retention.

       - - -

      audit records are retained for to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.

      @@ -5024,7 +3801,7 @@

      personnel or roles allowed to select the event types that are to be logged by specific components of the system is/are defined;

      - + @@ -5052,23 +3829,14 @@ -

      Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2a on ;

       -

      Allow to select the event types that are to be logged by specific components of the system; and

       -

      Generate audit records for the event types defined in AU-2c that include the audit record content defined in AU-3.

       @@ -5079,46 +3847,17 @@ - - -

      audit record generation capability for the event types the system is capable of auditing (defined in AU-02_ODP[01]) is provided by ;

       - - -

      is/are allowed to select the event types that are to be logged by specific components of the system;

       - -

      audit records for the event types defined in AU-02_ODP[02] that include the audit record content defined in AU-03 are generated.

      @@ -5230,6 +3969,7 @@

      events that would require assessment, authorization, and monitoring procedures to be reviewed and updated are defined;

      + @@ -5254,13 +3994,6 @@ - - -

      This response must address all control sub-statement requirements.

      -       -

      Develop, document, and disseminate to :

      @@ -5282,20 +4015,10 @@       -

      Designate an to manage the development, documentation, and dissemination of the assessment, authorization, and monitoring policy and procedures; and

       - - -

      This response must address all control sub-statement requirements.

      -       -

      Review and update the current assessment, authorization, and monitoring:

      @@ -5316,57 +4039,21 @@ - - -

      an assessment, authorization, and monitoring policy is developed and documented;

       - - -

      the assessment, authorization, and monitoring policy is disseminated to ;

       - -

      assessment, authorization, and monitoring procedures to facilitate the implementation of the assessment, authorization, and monitoring policy and associated assessment, authorization, and monitoring controls are developed and documented;

       - -

      the assessment, authorization, and monitoring procedures are disseminated to ;

      @@ -5374,13 +4061,6 @@ - - @@ -5420,13 +4100,6 @@ - -

      the assessment, authorization, and monitoring policy is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines;

      @@ -5436,17 +4109,6 @@       - - -

      the is designated to manage the development, documentation, and dissemination of the assessment, authorization, and monitoring policy and procedures;

      @@ -5454,17 +4116,6 @@ - - - @@ -5479,17 +4130,6 @@ - - - @@ -5550,6 +4190,7 @@

      individuals or roles to whom control assessment results are to be provided are defined;

      + @@ -5584,16 +4225,10 @@ -

      Select the appropriate assessor or assessment team for the type of assessment to be conducted;

       -

      Develop a control assessment plan that describes the scope of the assessment including:

      @@ -5610,30 +4245,18 @@       -

      Ensure the control assessment plan is reviewed and approved by the authorizing official or designated representative prior to conducting the assessment;

       -

      Assess the controls in the system and its environment of operation to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security and privacy requirements;

       -

      Produce a control assessment report that document the results of the assessment; and

       -

      Provide the results of the control assessment to .

       @@ -5655,13 +4278,6 @@ - -

      an appropriate assessor or assessment team is selected for the type of assessment to be conducted;

      @@ -5669,49 +4285,16 @@ - - -

      a control assessment plan is developed that describes the scope of the assessment, including controls and control enhancements under assessment;

       - - -

      a control assessment plan is developed that describes the scope of the assessment, including assessment procedures to be used to determine control effectiveness;

       - - - @@ -5733,33 +4316,11 @@ - - -

      the control assessment plan is reviewed and approved by the authorizing official or designated representative prior to conducting the assessment;

       - - - @@ -5774,25 +4335,11 @@ - -

      a control assessment report is produced that documents the results of the assessment;

       - -

      the results of the control assessment are provided to .

      @@ -5830,6 +4377,7 @@       Independent Assessors + @@ -5841,9 +4389,6 @@ value="true"/> -

      Employ independent assessors or assessment teams to conduct control assessments.

       @@ -5852,17 +4397,6 @@

      When organizations that own the systems are small or the structures of the organizations require that assessments be conducted by individuals that are in the developmental, operational, or management chain of the system owners, independence in assessment processes can be achieved by ensuring that assessment results are carefully reviewed and analyzed by independent teams of experts to validate the completeness, accuracy, integrity, and reliability of the results. Assessments performed for purposes other than to support authorization decisions are more likely to be useable for such decisions when performed by assessors with sufficient independence, thereby reducing the need to repeat assessments.

       - - -

      independent assessors or assessment teams are employed to conduct control assessments.

      @@ -5924,6 +4458,7 @@

      the frequency at which to review and update agreements is defined;

      + @@ -5950,23 +4485,14 @@ -

      Approve and manage the exchange of information between the system and other systems using ;

       -

      Document, as part of each exchange agreement, the interface characteristics, security and privacy requirements, controls, and responsibilities for each system, and the impact level of the information communicated; and

       -

      Review and update the agreements .

       @@ -5978,29 +4504,11 @@ - - -

      the exchange of information between the system and other systems is approved and managed using ;

       - - @@ -6035,17 +4543,6 @@ - - -

      agreements are reviewed and updated .

      @@ -6096,6 +4593,7 @@

      the frequency at which to update an existing plan of action and milestones based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities is defined;

      + @@ -6116,16 +4614,10 @@ -

      Develop a plan of action and milestones for the system to document the planned remediation actions of the organization to correct weaknesses or deficiencies noted during the assessment of the controls and to reduce or eliminate known vulnerabilities in the system; and

       -

      Update existing plan of action and milestones based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities.

       @@ -6147,33 +4639,11 @@ - - -

      a plan of action and milestones for the system is developed to document the planned remediation actions of the organization to correct weaknesses or deficiencies noted during the assessment of the controls and to reduce or eliminate known vulnerabilities in the system;

       - - -

      existing plan of action and milestones are updated based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities.

      @@ -6224,6 +4694,7 @@

      frequency at which to update the authorizations is defined;

      + @@ -6246,23 +4717,14 @@ -

      Assign a senior official as the authorizing official for the system;

       -

      Assign a senior official as the authorizing official for common controls available for inheritance by organizational systems;

       -

      Ensure that the authorizing official for the system, before commencing operations:

      @@ -6275,16 +4737,10 @@       -

      Ensure that the authorizing official for common controls authorizes the use of those controls for inheritance by organizational systems;

       -

      Update the authorizations .

       @@ -6303,33 +4759,11 @@ - - -

      a senior official is assigned as the authorizing official for the system;

       - - -

      a senior official is assigned as the authorizing official for common controls available for inheritance by organizational systems;

      @@ -6337,33 +4771,11 @@ - - -

      before commencing operations, the authorizing official for the system accepts the use of common controls inherited by the system;

       - - -

      before commencing operations, the authorizing official for the system authorizes the system to operate;

      @@ -6371,29 +4783,11 @@       - - -

      the authorizing official for common controls authorizes the use of those controls for inheritance by organizational systems;

       - -

      the authorizations are updated .

      @@ -6482,6 +4876,7 @@

      frequency at which the privacy status of the system is reported is defined;

      + @@ -6553,51 +4948,30 @@

      Develop a system-level continuous monitoring strategy and implement continuous monitoring in accordance with the organization-level continuous monitoring strategy that includes:

      -

      Establishing the following system-level metrics to be monitored: ;

       -

      Establishing for monitoring and for assessment of control effectiveness;

       -

      Ongoing control assessments in accordance with the continuous monitoring strategy;

       -

      Ongoing monitoring of system and organization-defined metrics in accordance with the continuous monitoring strategy;

       -

      Correlation and analysis of information generated by control assessments and monitoring;

       -

      Response actions to address results of the analysis of control assessment and monitoring information; and

       -

      Reporting the security and privacy status of the system to .

      @@ -6625,65 +4999,21 @@ - - -

      a system-level continuous monitoring strategy is developed;

       - - -

      system-level continuous monitoring is implemented in accordance with the organization-level continuous monitoring strategy;

       - - -

      system-level continuous monitoring includes establishment of the following system-level metrics to be monitored: ;

       - - - @@ -6698,81 +5028,26 @@ - - -

      system-level continuous monitoring includes ongoing control assessments in accordance with the continuous monitoring strategy;

       - - -

      system-level continuous monitoring includes ongoing monitoring of system and organization-defined metrics in accordance with the continuous monitoring strategy;

       - - -

      system-level continuous monitoring includes correlation and analysis of information generated by control assessments and monitoring;

       - - -

      system-level continuous monitoring includes response actions to address the results of the analysis of control assessment and monitoring information;

       - - - @@ -6830,6 +5105,7 @@ Risk Monitoring + @@ -6846,23 +5122,14 @@

      Ensure risk monitoring is an integral part of the continuous monitoring strategy that includes the following:

      -

      Effectiveness monitoring;

       -

      Compliance monitoring; and

       -

      Change monitoring.

       @@ -6871,63 +5138,19 @@

      Risk monitoring is informed by the established organizational risk tolerance. Effectiveness monitoring determines the ongoing effectiveness of the implemented risk response measures. Compliance monitoring verifies that required risk response measures are implemented. It also verifies that security and privacy requirements are satisfied. Change monitoring identifies changes to organizational systems and environments of operation that may affect security and privacy risk.

       - - -

      risk monitoring is an integral part of the continuous monitoring strategy;

      - - -

      effectiveness monitoring is included in risk monitoring;

       - - -

      compliance monitoring is included in risk monitoring;

       - - -

      change monitoring is included in risk monitoring.

      @@ -6988,6 +5211,7 @@

      systems or system components on which penetration testing is to be conducted are defined;

      + @@ -7003,9 +5227,6 @@ -

      Conduct penetration testing on .

      CA-8 Additional FedRAMP Requirements and Guidance @@ -7020,17 +5241,6 @@

      Organizations can use the results of vulnerability analyses to support penetration testing activities. Penetration testing can be conducted internally or externally on the hardware, software, or firmware components of a system and can exercise both physical and technical controls. A standard method for penetration testing includes a pretest analysis based on full knowledge of the system, pretest identification of potential vulnerabilities based on the pretest analysis, and testing designed to determine the exploitability of vulnerabilities. All parties agree to the rules of engagement before commencing penetration testing scenarios. Organizations correlate the rules of engagement for the penetration tests with the tools, techniques, and procedures that are anticipated to be employed by adversaries. Penetration testing may result in the exposure of information that is protected by laws or regulations, to individuals conducting the testing. Rules of engagement, contracts, or other appropriate mechanisms can be used to communicate expectations for how to protect this information. Risk assessments guide the decisions on the level of independence required for the personnel conducting penetration testing.

       - - -

      penetration testing is conducted on .

      @@ -7087,6 +5297,7 @@

      frequency at which to review the continued need for each internal connection is defined;

      + @@ -7108,30 +5319,18 @@ -

      Authorize internal connections of to the system;

       -

      Document, for each internal connection, the interface characteristics, security and privacy requirements, and the nature of the information communicated;

       -

      Terminate internal system connections after ; and

       -

      Review the continued need for each internal connection.

       @@ -7142,29 +5341,11 @@ - - -

      internal connections of to the system are authorized;

       - - @@ -7189,33 +5370,11 @@ - - -

      internal system connections are terminated after ;

       - - -

      the continued need for each internal connection is reviewed .

      @@ -7328,6 +5487,7 @@

      events that would require configuration management procedures to be reviewed and updated are defined;

      + @@ -7348,13 +5508,6 @@ - - -

      This response must address all control sub-statement requirements.

      -       -

      Develop, document, and disseminate to :

      @@ -7376,20 +5529,10 @@       -

      Designate an to manage the development, documentation, and dissemination of the configuration management policy and procedures; and

       - - -

      This response must address all control sub-statement requirements.

      -       -

      Review and update the current configuration management:

      @@ -7410,57 +5553,21 @@ - - -

      a configuration management policy is developed and documented;

       - - -

      the configuration management policy is disseminated to ;

       - -

      configuration management procedures to facilitate the implementation of the configuration management policy and associated configuration management controls are developed and documented;

       - -

      the configuration management procedures are disseminated to ;

      @@ -7468,13 +5575,6 @@ - - @@ -7514,13 +5614,6 @@ - -

      the configuration management policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

      @@ -7530,17 +5623,6 @@       - - -

      the is designated to manage the development, documentation, and dissemination of the configuration management policy and procedures;

      @@ -7548,17 +5630,6 @@ - - - @@ -7573,17 +5644,6 @@ - - - @@ -7648,6 +5708,7 @@

      the circumstances requiring baseline configuration review and update are defined;

      + @@ -7680,16 +5741,10 @@ -

      Develop, document, and maintain under configuration control, a current baseline configuration of the system; and

       -

      Review and update the baseline configuration of the system:

      @@ -7720,13 +5775,6 @@ - - @@ -7743,49 +5791,16 @@ - - -

      the baseline configuration of the system is reviewed and updated ;

       - - -

      the baseline configuration of the system is reviewed and updated when required due to ;

       - - -

      the baseline configuration of the system is reviewed and updated when system components are installed or upgraded.

      @@ -7832,6 +5847,7 @@       Impact Analyses + @@ -7855,26 +5871,12 @@ -

      Analyze changes to the system to determine potential security and privacy impacts prior to change implementation.

      Organizational personnel with security or privacy responsibilities conduct impact analyses. Individuals conducting impact analyses possess the necessary skills and technical expertise to analyze the changes to systems as well as the security or privacy ramifications. Impact analyses include reviewing security and privacy plans, policies, and procedures to understand control requirements; reviewing system design documentation and operational procedures to understand control implementation and how specific system changes might affect the controls; reviewing the impact of changes on organizational supply chain partners with stakeholders; and determining how potential changes to a system create new risks to the privacy of individuals and the ability of implemented controls to mitigate those risks. Impact analyses also include risk assessments to understand the impact of the changes and determine if additional controls are required.

       - - - @@ -7931,7 +5933,7 @@       Access Restrictions for Change - + @@ -7951,26 +5953,12 @@ -

      Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system.

      Changes to the hardware, software, or firmware components of systems or the operational procedures related to the system can potentially have significant effects on the security of the systems or individuals’ privacy. Therefore, organizations permit only qualified and authorized individuals to access systems for purposes of initiating changes. Access restrictions include physical and logical access controls (see AC-3 and PE-3 ), software libraries, workflow automation, media libraries, abstract layers (i.e., changes implemented into external interfaces rather than directly into systems), and change windows (i.e., changes occur only during specified times).

       - - - @@ -8062,7 +6050,7 @@

      operational requirements necessitating approval of deviations are defined;

      - + @@ -8108,30 +6096,18 @@ -

      Establish and document configuration settings for components employed within the system that reflect the most restrictive mode consistent with operational requirements using ;

       -

      Implement the configuration settings;

       -

      Identify, document, and approve any deviations from established configuration settings for based on ; and

       -

      Monitor and control changes to the configuration settings in accordance with organizational policies and procedures.

       @@ -8147,7 +6123,7 @@       -

      Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP's Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.

      +

      Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP’s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.

      During monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests.

             @@ -8160,45 +6136,16 @@ - -

      configuration settings that reflect the most restrictive mode consistent with operational requirements are established and documented for components employed within the system using ;

       - - -

      the configuration settings documented in CM-06a are implemented;

       - - - @@ -8213,17 +6160,6 @@ - - - @@ -8320,7 +6256,7 @@

      services to be prohibited or restricted are defined;

      - + @@ -8354,16 +6290,10 @@ -

      Configure the system to provide only ; and

       -

      Prohibit or restrict the use of the following functions, ports, protocols, software, and/or services: .

       @@ -8381,29 +6311,11 @@ - - -

      the system is configured to provide only ;

       - - @@ -8487,7 +6399,7 @@

      frequency at which to review and update the system component inventory is defined;

      - + @@ -8523,9 +6435,6 @@ -

      Develop and document an inventory of system components that:

      @@ -8550,9 +6459,6 @@       -

      Review and update the system component inventory .

       @@ -8573,81 +6479,26 @@ - - -

      an inventory of system components that accurately reflects the system is developed and documented;

       - - -

      an inventory of system components that includes all components within the system is developed and documented;

       - - -

      an inventory of system components that does not include duplicate accounting of components or components assigned to any other system is developed and documented;

       - - -

      an inventory of system components that is at the level of granularity deemed necessary for tracking and reporting is developed and documented;

       - - -

      an inventory of system components that includes is developed and documented;

      @@ -8655,17 +6506,6 @@       - - -

      the system component inventory is reviewed and updated .

      @@ -8707,6 +6547,7 @@       Software Usage Restrictions + @@ -8721,23 +6562,14 @@ -

      Use software and associated documentation in accordance with contract agreements and copyright laws;

       -

      Track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and

       -

      Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.

       @@ -8748,49 +6580,16 @@ - - -

      software and associated documentation are used in accordance with contract agreements and copyright laws;

       - - -

      the use of software and associated documentation protected by quantity licenses is tracked to control copying and distribution;

       - - -

      the use of peer-to-peer file sharing technology is controlled and documented to ensure that peer-to-peer file sharing is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.

      @@ -8859,6 +6658,7 @@

      frequency with which to monitor compliance is defined;

      + @@ -8878,23 +6678,14 @@ -

      Establish governing the installation of software by users;

       -

      Enforce software installation policies through the following methods: ; and

       -

      Monitor policy compliance .

       @@ -8905,46 +6696,17 @@ - - -

      governing the installation of software by users are established;

       - - -

      software installation policies are enforced through ;

       - -

      compliance with is monitored .

      @@ -9062,6 +6824,7 @@

      events that would require procedures to be reviewed and updated are defined;

      + @@ -9082,13 +6845,6 @@ - - -

      This response must address all control sub-statement requirements.

      -       -

      Develop, document, and disseminate to :

      @@ -9110,20 +6866,10 @@       -

      Designate an to manage the development, documentation, and dissemination of the contingency planning policy and procedures; and

       - - -

      This response must address all control sub-statement requirements.

      -       -

      Review and update the current contingency planning:

      @@ -9144,57 +6890,21 @@ - - -

      a contingency planning policy is developed and documented;

       - - -

      the contingency planning policy is disseminated to ;

       - -

      contingency planning procedures to facilitate the implementation of the contingency planning policy and associated contingency planning controls are developed and documented;

       - -

      the contingency planning procedures are disseminated to ;

      @@ -9202,13 +6912,6 @@ - - @@ -9248,13 +6951,6 @@ - -

      the contingency planning policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

      @@ -9264,17 +6960,6 @@       - - -

      the is designated to manage the development, documentation, and dissemination of the contingency planning policy and procedures;

      @@ -9282,17 +6967,6 @@ - - - @@ -9307,17 +6981,6 @@ - - - @@ -9412,6 +7075,7 @@

      key contingency organizational elements to communicate changes to are defined;

      + @@ -9447,9 +7111,6 @@ -

      Develop a contingency plan for the system that:

      @@ -9482,51 +7143,30 @@       -

      Distribute copies of the contingency plan to ;

       -

      Coordinate contingency planning activities with incident handling activities;

       -

      Review the contingency plan for the system ;

       -

      Update the contingency plan to address changes to the organization, system, or environment of operation and problems encountered during contingency plan implementation, execution, or testing;

       -

      Communicate contingency plan changes to ;

       -

      Incorporate lessons learned from contingency plan testing, training, or actual contingency activities into contingency testing and training; and

       -

      Protect the contingency plan from unauthorized disclosure and modification.

       @@ -9551,25 +7191,11 @@ - -

      a contingency plan for the system is developed that identifies essential mission and business functions and associated contingency requirements;

       - - @@ -9589,13 +7215,6 @@ - - @@ -9615,49 +7234,21 @@ - -

      a contingency plan for the system is developed that addresses maintaining essential mission and business functions despite a system disruption, compromise, or failure;

       - -

      a contingency plan for the system is developed that addresses eventual, full-system restoration without deterioration of the controls originally planned and implemented;

       - -

      a contingency plan for the system is developed that addresses the sharing of contingency information;

       - - @@ -9676,33 +7267,11 @@ - - -

      copies of the contingency plan are distributed to ;

       - - -

      copies of the contingency plan are distributed to ;

      @@ -9710,33 +7279,11 @@       - - -

      contingency planning activities are coordinated with incident handling activities;

       - - -

      the contingency plan for the system is reviewed ;

      @@ -9744,33 +7291,11 @@ - - -

      the contingency plan is updated to address changes to the organization, system, or environment of operation;

       - - -

      the contingency plan is updated to address problems encountered during contingency plan implementation, execution, or testing;

      @@ -9778,17 +7303,6 @@       - - - @@ -9803,17 +7317,6 @@ - - - @@ -9828,21 +7331,6 @@ - - - - @@ -9930,6 +7418,7 @@

      events necessitating review and update of contingency training are defined;

      + @@ -9951,9 +7440,6 @@ -

      Provide contingency training to system users consistent with assigned roles and responsibilities:

      @@ -9971,9 +7457,6 @@       -

      Review and update contingency training content and following .

       @@ -9993,49 +7476,16 @@ - - -

      contingency training is provided to system users consistent with assigned roles and responsibilities within of assuming a contingency role or responsibility;

       - - -

      contingency training is provided to system users consistent with assigned roles and responsibilities when required by system changes;

       - - -

      contingency training is provided to system users consistent with assigned roles and responsibilities thereafter;

      @@ -10045,33 +7495,11 @@ - - -

      the contingency plan training content is reviewed and updated ;

       - - -

      the contingency plan training content is reviewed and updated following .

      @@ -10143,7 +7571,7 @@

      tests for determining readiness to execute the contingency plan are defined;

      - + @@ -10169,23 +7597,14 @@ -

      Test the contingency plan for the system using the following tests to determine the effectiveness of the plan and the readiness to execute the plan: .

       -

      Review the contingency plan test results; and

       -

      Initiate corrective actions, if needed.

       @@ -10209,62 +7628,17 @@ - - - -

      the contingency plan for the system is tested ;

       - - - -

      are used to determine the effectiveness of the plan;

       - - - -

      are used to determine the readiness to execute the plan;

      @@ -10273,33 +7647,11 @@       - - -

      the contingency plan test results are reviewed;

       - - -

      corrective actions are initiated, if needed.

      @@ -10377,6 +7729,7 @@

      frequency at which to conduct backups of system documentation consistent with recovery time and recovery point objectives is defined;

      + @@ -10400,31 +7753,19 @@ -

      Conduct backups of user-level information contained in ;

       -

      Conduct backups of system-level information contained in the system ;

       -

      Conduct backups of system documentation, including security- and privacy-related documentation ; and

       -

      Protect the confidentiality, integrity, and availability of backup information.

       @@ -10454,77 +7795,21 @@ - - - -

      backups of user-level information contained in are conducted ;

       - - - -

      backups of system-level information contained in the system are conducted ;

       - - - -

      backups of system documentation, including security- and privacy-related documentation are conducted ;

       - - - @@ -10593,6 +7878,7 @@

      time period consistent with recovery time and recovery point objectives for the reconstitution of the system is determined;

      + @@ -10610,30 +7896,12 @@ -

      Provide for the recovery and reconstitution of the system to a known state within after a disruption, compromise, or failure.

      Recovery is executing contingency plan activities to restore organizational mission and business functions. Reconstitution takes place following recovery and includes activities for returning systems to fully operational states. Recovery and reconstitution operations reflect mission and business priorities; recovery point, recovery time, and reconstitution objectives; and organizational metrics consistent with contingency plan requirements. Reconstitution includes the deactivation of interim system capabilities that may have been needed during recovery operations. Reconstitution also includes assessments of fully restored system capabilities, reestablishment of continuous monitoring activities, system reauthorization (if required), and activities to prepare the system and organization for future disruptions, breaches, compromises, or failures. Recovery and reconstitution capabilities can include automated mechanisms and manual procedures. Organizations establish recovery time and recovery point objectives as part of contingency planning.

       - - - - @@ -10752,6 +8020,7 @@

      events that would require identification and authentication procedures to be reviewed and updated are defined;

      + @@ -10778,13 +8047,6 @@ - - -

      This response must address all control sub-statement requirements.

      -       -

      Develop, document, and disseminate to :

      @@ -10806,20 +8068,10 @@       -

      Designate an to manage the development, documentation, and dissemination of the identification and authentication policy and procedures; and

       - - -

      This response must address all control sub-statement requirements.

      -       -

      Review and update the current identification and authentication:

      @@ -10840,57 +8092,21 @@ - - -

      an identification and authentication policy is developed and documented;

       - - -

      the identification and authentication policy is disseminated to ;

       - -

      identification and authentication procedures to facilitate the implementation of the identification and authentication policy and associated identification and authentication controls are developed and documented;

       - -

      the identification and authentication procedures are disseminated to ;

      @@ -10898,13 +8114,6 @@ - - @@ -10944,13 +8153,6 @@ - -

      the identification and authentication policy is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines;

      @@ -10960,17 +8162,6 @@       - - -

      the is designated to manage the development, documentation, and dissemination of the identification and authentication policy and procedures;

      @@ -10978,17 +8169,6 @@ - - - @@ -11003,17 +8183,6 @@ - - - @@ -11054,7 +8223,7 @@       Identification and Authentication (Organizational Users) - + @@ -11100,9 +8269,6 @@ -

      Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.

      IA-2 Additional FedRAMP Requirements and Guidance @@ -11132,41 +8298,11 @@ - - - -

      organizational users are uniquely identified and authenticated;

       - - - -

      the unique identification of authenticated organizational users is associated with processes acting on behalf of those users.

      @@ -11207,7 +8343,7 @@       Multi-factor Authentication to Privileged Accounts - + @@ -11218,9 +8354,6 @@ -

      Implement multi-factor authentication for access to privileged accounts.

      IA-2 (1) Additional FedRAMP Requirements and Guidance @@ -11242,13 +8375,6 @@

      Multi-factor authentication requires the use of two or more different factors to achieve authentication. The authentication factors are defined as follows: something you know (e.g., a personal identification number [PIN]), something you have (e.g., a physical authenticator such as a cryptographic private key), or something you are (e.g., a biometric). Multi-factor authentication solutions that feature physical authenticators include hardware authenticators that provide time-based or challenge-response outputs and smart cards such as the U.S. Government Personal Identity Verification (PIV) card or the Department of Defense (DoD) Common Access Card (CAC). In addition to authenticating users at the system level (i.e., at logon), organizations may employ authentication mechanisms at the application level, at their discretion, to provide increased security. Regardless of the type of access (i.e., local, network, remote), privileged accounts are authenticated using multi-factor options appropriate for the level of risk. Organizations can add additional security measures, such as additional or more rigorous authentication mechanisms, for specific types of access.

       - -

      multi-factor authentication is implemented for access to privileged accounts.

      @@ -11288,7 +8414,7 @@       Multi-factor Authentication to Non-privileged Accounts - + @@ -11298,9 +8424,6 @@ -

      Implement multi-factor authentication for access to non-privileged accounts.

      IA-2 (2) Additional FedRAMP Requirements and Guidance @@ -11322,13 +8445,6 @@

      Multi-factor authentication requires the use of two or more different factors to achieve authentication. The authentication factors are defined as follows: something you know (e.g., a personal identification number [PIN]), something you have (e.g., a physical authenticator such as a cryptographic private key), or something you are (e.g., a biometric). Multi-factor authentication solutions that feature physical authenticators include hardware authenticators that provide time-based or challenge-response outputs and smart cards such as the U.S. Government Personal Identity Verification card or the DoD Common Access Card. In addition to authenticating users at the system level, organizations may also employ authentication mechanisms at the application level, at their discretion, to provide increased information security. Regardless of the type of access (i.e., local, network, remote), non-privileged accounts are authenticated using multi-factor options appropriate for the level of risk. Organizations can provide additional security measures, such as additional or more rigorous authentication mechanisms, for specific types of access.

       - -

      multi-factor authentication for access to non-privileged accounts is implemented.

      @@ -11374,7 +8490,7 @@ non-privileged accounts - + @@ -11383,26 +8499,12 @@ value="system"/> -

      Implement replay-resistant authentication mechanisms for access to .

      Authentication processes resist replay attacks if it is impractical to achieve successful authentications by replaying previous authentication messages. Replay-resistant techniques include protocols that use nonces or challenges such as time synchronous or cryptographic authenticators.

       - - -

      replay-resistant authentication mechanisms for access to are implemented.

      @@ -11443,7 +8545,7 @@       Acceptance of PIV Credentials - + @@ -11452,9 +8554,6 @@ value="system"/> -

      Accept and electronically verify Personal Identity Verification-compliant credentials.

      IA-2 (12) Additional FedRAMP Requirements and Guidance @@ -11468,17 +8567,6 @@

      Acceptance of Personal Identity Verification (PIV)-compliant credentials applies to organizations implementing logical access control and physical access control systems. PIV-compliant credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. The adequacy and reliability of PIV card issuers are authorized using SP 800-79-2 . Acceptance of PIV-compliant credentials includes derived PIV credentials, the use of which is addressed in SP 800-166 . The DOD Common Access Card (CAC) is an example of a PIV credential.

       - - -

      Personal Identity Verification-compliant credentials are accepted and electronically verified.

      @@ -11543,7 +8631,7 @@

      a time period for preventing reuse of identifiers is defined;

      - + @@ -11575,30 +8663,18 @@

      Manage system identifiers by:

      -

      Receiving authorization from to assign an individual, group, role, service, or device identifier;

       -

      Selecting an identifier that identifies an individual, group, role, service, or device;

       -

      Assigning the identifier to the intended individual, group, role, service, or device; and

       -

      Preventing reuse of identifiers for .

       @@ -11609,65 +8685,21 @@ - - -

      system identifiers are managed by receiving authorization from to assign to an individual, group, role, or device identifier;

       - - -

      system identifiers are managed by selecting an identifier that identifies an individual, group, role, service, or device;

       - - -

      system identifiers are managed by assigning the identifier to the intended individual, group, role, service, or device;

       - - -

      system identifiers are managed by preventing reuse of identifiers for .

      @@ -11721,7 +8753,7 @@

      events that trigger the change or refreshment of authenticators are defined;

      - + @@ -11760,65 +8792,38 @@

      Manage system authenticators by:

      -

      Verifying, as part of the initial authenticator distribution, the identity of the individual, group, role, service, or device receiving the authenticator;

       -

      Establishing initial authenticator content for any authenticators issued by the organization;

       -

      Ensuring that authenticators have sufficient strength of mechanism for their intended use;

       -

      Establishing and implementing administrative procedures for initial authenticator distribution, for lost or compromised or damaged authenticators, and for revoking authenticators;

       -

      Changing default authenticators prior to first use;

       -

      Changing or refreshing authenticators or when occur;

       -

      Protecting authenticator content from unauthorized disclosure and modification;

       -

      Requiring individuals to take, and having devices implement, specific controls to protect authenticators; and

       -

      Changing authenticators for group or role accounts when membership to those accounts changes.

       @@ -11841,113 +8846,36 @@ - - -

      system authenticators are managed through the verification of the identity of the individual, group, role, service, or device receiving the authenticator as part of the initial authenticator distribution;

       - - -

      system authenticators are managed through the establishment of initial authenticator content for any authenticators issued by the organization;

       - - -

      system authenticators are managed to ensure that authenticators have sufficient strength of mechanism for their intended use;

       - - -

      system authenticators are managed through the establishment and implementation of administrative procedures for initial authenticator distribution; lost, compromised, or damaged authenticators; and the revocation of authenticators;

       - - -

      system authenticators are managed through the change of default authenticators prior to first use;

       - - -

      system authenticators are managed through the change or refreshment of authenticators or when occur;

       - - -

      system authenticators are managed through the protection of authenticator content from unauthorized disclosure and modification;

      @@ -11955,33 +8883,11 @@ - - -

      system authenticators are managed through the requirement for individuals to take specific controls to protect authenticators;

       - - -

      system authenticators are managed through the requirement for devices to implement specific controls to protect authenticators;

      @@ -11989,17 +8895,6 @@       - - -

      system authenticators are managed through the change of authenticators for group or role accounts when membership to those accounts changes.

      @@ -12051,6 +8946,7 @@

      authenticator composition and complexity rules are defined;

      + @@ -12065,58 +8961,34 @@

      For password-based authentication:

      -

      Maintain a list of commonly-used, expected, or compromised passwords and update the list and when organizational passwords are suspected to have been compromised directly or indirectly;

       -

      Verify, when users create or update passwords, that the passwords are not found on the list of commonly-used, expected, or compromised passwords in IA-5(1)(a);

       -

      Transmit passwords only over cryptographically-protected channels;

       -

      Store passwords using an approved salted key derivation function, preferably using a keyed hash;

       -

      Require immediate selection of a new password upon account recovery;

       -

      Allow user selection of long passwords and passphrases, including spaces and all printable characters;

       -

      Employ automated tools to assist the user in selecting strong password authenticators; and

       -

      Enforce the following composition and complexity rules: .

       @@ -12128,7 +9000,7 @@       -

      For cases where technology doesn't allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.

      +

      For cases where technology doesn’t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.

      For emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used.

       @@ -12143,109 +9015,41 @@ - - -

      for password-based authentication, a list of commonly used, expected, or compromised passwords is maintained and updated and when organizational passwords are suspected to have been compromised directly or indirectly;

       - - -

      for password-based authentication when passwords are created or updated by users, the passwords are verified not to be found on the list of commonly used, expected, or compromised passwords in IA-05(01)(a);

       - -

      for password-based authentication, passwords are only transmitted over cryptographically protected channels;

       - -

      for password-based authentication, passwords are stored using an approved salted key derivation function, preferably using a keyed hash;

       - -

      for password-based authentication, immediate selection of a new password is required upon account recovery;

       - -

      for password-based authentication, user selection of long passwords and passphrases is allowed, including spaces and all printable characters;

       - -

      for password-based authentication, automated tools are employed to assist the user in selecting strong password authenticators;

       - - -

      for password-based authentication, are enforced.

      @@ -12287,6 +9091,7 @@       Authentication Feedback + @@ -12295,22 +9100,12 @@ value="system"/> -

      Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals.

      Authentication feedback from systems does not provide information that would allow unauthorized individuals to compromise authentication mechanisms. For some types of systems, such as desktops or notebooks with relatively large monitors, the threat (referred to as shoulder surfing) may be significant. For other types of systems, such as mobile devices with small displays, the threat may be less significant and is balanced against the increased likelihood of typographic input errors due to small keyboards. Thus, the means for obscuring authentication feedback is selected accordingly. Obscuring authentication feedback includes displaying asterisks when users type passwords into input devices or displaying feedback for a very limited time before obscuring it.

       - -

      the feedback of authentication information is obscured during the authentication process to protect the information from possible exploitation and use by unauthorized individuals.

      @@ -12347,6 +9142,7 @@       Cryptographic Module Authentication + @@ -12360,30 +9156,12 @@ -

      Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication.

      Authentication mechanisms may be required within a cryptographic module to authenticate an operator accessing the module and to verify that the operator is authorized to assume the requested role and perform services within that role.

       - - - -

      mechanisms for authentication to a cryptographic module are implemented that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication.

      @@ -12421,6 +9199,7 @@       Identification and Authentication (Non-organizational Users) + @@ -12451,22 +9230,12 @@ -

      Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users.

      Non-organizational users include system users other than organizational users explicitly covered by IA-2 . Non-organizational users are uniquely identified and authenticated for accesses other than those explicitly identified and documented in AC-14 . Identification and authentication of non-organizational users accessing federal systems may be required to protect federal, proprietary, or privacy-related information (with exceptions noted for national security systems). Organizations consider many factors—including security, privacy, scalability, and practicality—when balancing the need to ensure ease of use for access to federal information and systems with the need to protect and adequately mitigate risk.

       - -

      non-organizational users or processes acting on behalf of non-organizational users are uniquely identified and authenticated.

      @@ -12505,6 +9274,7 @@       Acceptance of PIV Credentials from Other Agencies + @@ -12514,22 +9284,12 @@ -

      Accept and electronically verify Personal Identity Verification-compliant credentials from other federal agencies.

      Acceptance of Personal Identity Verification (PIV) credentials from other federal agencies applies to both logical and physical access control systems. PIV credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidelines. The adequacy and reliability of PIV card issuers are addressed and authorized using SP 800-79-2.

       - - @@ -12581,6 +9341,7 @@       Acceptance of External Authenticators + @@ -12590,16 +9351,10 @@ -

      Accept only external authenticators that are NIST-compliant; and

       -

      Document and maintain a list of accepted external authenticators.

       @@ -12610,29 +9365,11 @@ - -

      only external authenticators that are NIST-compliant are accepted;

       - - - @@ -12693,6 +9430,7 @@

      identity management profiles are defined;

      + @@ -12701,30 +9439,12 @@ value="system"/> -

      Conform to the following profiles for identity management .

      Organizations define profiles for identity management based on open identity management standards. To ensure that open identity management standards are viable, robust, reliable, sustainable, and interoperable as documented, the Federal Government assesses and scopes the standards and technology implementations against applicable laws, executive orders, directives, policies, regulations, standards, and guidelines.

       - - - -

      there is conformance with for identity management.

      @@ -12770,6 +9490,7 @@

      circumstances or situations requiring re-authentication are defined;

      + @@ -12786,9 +9507,6 @@ -

      Require users to re-authenticate when .

      IA-11 Additional FedRAMP Requirements and Guidance @@ -12809,21 +9527,6 @@

      In addition to the re-authentication requirements associated with device locks, organizations may require re-authentication of individuals in certain situations, including when roles, authenticators or credentials change, when security categories of systems change, when the execution of privileged functions occurs, after a fixed time period, or periodically.

       - - - -

      users are required to re-authenticate when .

      @@ -12933,6 +9636,7 @@

      events that would require the incident response procedures to be reviewed and updated are defined;

      + @@ -12955,13 +9659,6 @@ - - -

      This response must address all control sub-statement requirements.

      -       -

      Develop, document, and disseminate to :

      @@ -12983,20 +9680,10 @@       -

      Designate an to manage the development, documentation, and dissemination of the incident response policy and procedures; and

       - - -

      This response must address all control sub-statement requirements.

      -       -

      Review and update the current incident response:

      @@ -13017,57 +9704,21 @@ - - -

      an incident response policy is developed and documented;

       - - -

      the incident response policy is disseminated to ;

       - -

      incident response procedures to facilitate the implementation of the incident response policy and associated incident response controls are developed and documented;

       - -

      the incident response procedures are disseminated to ;

      @@ -13075,13 +9726,6 @@ - - @@ -13121,13 +9765,6 @@ - -

      the incident response policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

      @@ -13137,17 +9774,6 @@       - - -

      the is designated to manage the development, documentation, and dissemination of the incident response policy and procedures;

      @@ -13155,17 +9781,6 @@ - - - @@ -13180,17 +9795,6 @@ - - - @@ -13268,6 +9872,7 @@

      events that initiate a review of the incident response training content are defined;

      + @@ -13289,9 +9894,6 @@ -

      Provide incident response training to system users consistent with assigned roles and responsibilities:

      @@ -13309,9 +9911,6 @@       -

      Review and update incident response training content and following .

       @@ -13324,49 +9923,16 @@ - - -

      incident response training is provided to system users consistent with assigned roles and responsibilities within of assuming an incident response role or responsibility or acquiring system access;

       - - -

      incident response training is provided to system users consistent with assigned roles and responsibilities when required by system changes;

       - - -

      incident response training is provided to system users consistent with assigned roles and responsibilities thereafter;

      @@ -13376,33 +9942,11 @@ - - -

      incident response training content is reviewed and updated ;

       - - -

      incident response training content is reviewed and updated following .

      @@ -13438,7 +9982,7 @@       Incident Handling - + @@ -13478,30 +10022,18 @@ -

      Implement an incident handling capability for incidents that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery;

       -

      Coordinate incident handling activities with contingency planning activities;

       -

      Incorporate lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implement the resulting changes accordingly; and

       -

      Ensure the rigor, intensity, scope, and results of incident handling activities are comparable and predictable across the organization.

       @@ -13525,33 +10057,11 @@ - - -

      an incident handling capability for incidents is implemented that is consistent with the incident response plan;

       - - -

      the incident handling capability for incidents includes preparation;

      @@ -13579,17 +10089,6 @@       - - -

      incident handling activities are coordinated with contingency planning activities;

      @@ -13597,33 +10096,11 @@ - - -

      lessons learned from ongoing incident handling activities are incorporated into incident response procedures, training, and testing;

       - - -

      the changes resulting from the incorporated lessons learned are implemented accordingly;

      @@ -13631,17 +10108,6 @@       - - - @@ -13700,6 +10166,7 @@       Incident Monitoring + @@ -13723,26 +10190,12 @@ -

      Track and document incidents.

      Documenting incidents includes maintaining records about each incident, the status of the incident, and other pertinent information necessary for forensics as well as evaluating incident details, trends, and handling. Incident information can be obtained from a variety of sources, including network monitoring, incident reports, incident response teams, user complaints, supply chain partners, audit monitoring, physical access monitoring, and user and administrator reports. IR-4 provides information on the types of incidents that are appropriate for monitoring.

       - - - @@ -13805,6 +10258,7 @@

      authorities to whom incident information is to be reported are defined;

      + @@ -13823,16 +10277,10 @@ -

      Require personnel to report suspected incidents to the organizational incident response capability within ; and

       -

      Report incident information to .

       @@ -13850,33 +10298,11 @@ - - -

      personnel is/are required to report suspected incidents to the organizational incident response capability within ;

       - - -

      incident information is reported to .

      @@ -13918,6 +10344,7 @@       Incident Response Assistance + @@ -13936,9 +10363,6 @@ -

      Provide an incident response support resource, integral to the organizational incident response capability, that offers advice and assistance to users of the system for the handling and reporting of incidents.

       @@ -13947,33 +10371,11 @@ - - -

      an incident response support resource, integral to the organizational incident response capability, is provided;

       - - -

      the incident response support resource offers advice and assistance to users of the system for the response and reporting of incidents.

      @@ -14072,6 +10474,7 @@

      organizational elements to which changes to the incident response plan are communicated are defined;

      + @@ -14094,9 +10497,6 @@ -

      Develop an incident response plan that:

      @@ -14142,30 +10542,18 @@       -

      Distribute copies of the incident response plan to ;

       -

      Update the incident response plan to address system and organizational changes or problems encountered during plan implementation, execution, or testing;

       -

      Communicate incident response plan changes to ; and

       -

      Protect the incident response plan from unauthorized disclosure and modification.

       @@ -14189,122 +10577,52 @@ - -

      an incident response plan is developed that provides the organization with a roadmap for implementing its incident response capability;

       - -

      an incident response plan is developed that describes the structure and organization of the incident response capability;

       - -

      an incident response plan is developed that provides a high-level approach for how the incident response capability fits into the overall organization;

       - -

      an incident response plan is developed that meets the unique requirements of the organization with regard to mission, size, structure, and functions;

       - -

      an incident response plan is developed that defines reportable incidents;

       - -

      an incident response plan is developed that provides metrics for measuring the incident response capability within the organization;

       - -

      an incident response plan is developed that defines the resources and management support needed to effectively maintain and mature an incident response capability;

       - -

      an incident response plan is developed that addresses the sharing of incident information;

       - -

      an incident response plan is developed that is reviewed and approved by ;

       - -

      an incident response plan is developed that explicitly designates responsibility for incident response to .

      @@ -14312,13 +10630,6 @@       - - @@ -14333,33 +10644,11 @@ - - -

      the incident response plan is updated to address system and organizational changes or problems encountered during plan implementation, execution, or testing;

       - - - @@ -14374,13 +10663,6 @@ - - @@ -14497,6 +10779,7 @@

      events that would require the maintenance procedures to be reviewed and updated are defined;

      + @@ -14516,13 +10799,6 @@ - - -

      This response must address all control sub-statement requirements.

      -       -

      Develop, document, and disseminate to :

      @@ -14544,20 +10820,10 @@       -

      Designate an to manage the development, documentation, and dissemination of the maintenance policy and procedures; and

       - - -

      This response must address all control sub-statement requirements.

      -       -

      Review and update the current maintenance:

      @@ -14578,57 +10844,21 @@ - - -

      a maintenance policy is developed and documented;

       - - -

      the maintenance policy is disseminated to ;

       - -

      maintenance procedures to facilitate the implementation of the maintenance policy and associated maintenance controls are developed and documented;

       - -

      the maintenance procedures are disseminated to ;

      @@ -14636,13 +10866,6 @@ - - @@ -14682,13 +10905,6 @@ - -

      the maintenance policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

      @@ -14698,17 +10914,6 @@       - - -

      the is designated to manage the development, documentation, and dissemination of the maintenance policy and procedures;

      @@ -14716,17 +10921,6 @@ - - - @@ -14741,17 +10935,6 @@ - - - @@ -14809,6 +10992,7 @@

      information to be included in organizational maintenance records is defined;

      + @@ -14831,44 +11015,26 @@ -

      Schedule, document, and review records of maintenance, repair, and replacement on system components in accordance with manufacturer or vendor specifications and/or organizational requirements;

       -

      Approve and monitor all maintenance activities, whether performed on site or remotely and whether the system or system components are serviced on site or removed to another location;

       -

      Require that explicitly approve the removal of the system or system components from organizational facilities for off-site maintenance, repair, or replacement;

       -

      Sanitize equipment to remove the following information from associated media prior to removal from organizational facilities for off-site maintenance, repair, or replacement: ;

       -

      Check all potentially impacted controls to verify that the controls are still functioning properly following maintenance, repair, or replacement actions; and

       -

      Include the following information in organizational maintenance records: .

       @@ -14879,21 +11045,6 @@ - - - - @@ -14913,17 +11064,6 @@ - - - @@ -14938,58 +11078,22 @@ - - -

      is/are required to explicitly approve the removal of the system or system components from organizational facilities for off-site maintenance, repair, or replacement;

       - - -

      equipment is sanitized to remove from associated media prior to removal from organizational facilities for off-site maintenance, repair, or replacement;

       - -

      all potentially impacted controls are checked to verify that the controls are still functioning properly following maintenance, repair, or replacement actions;

       - -

      is included in organizational maintenance records.

      @@ -15034,6 +11138,7 @@       Nonlocal Maintenance + @@ -15062,37 +11167,22 @@ -

      Approve and monitor nonlocal maintenance and diagnostic activities;

       -

      Allow the use of nonlocal maintenance and diagnostic tools only as consistent with organizational policy and documented in the security plan for the system;

       -

      Employ strong authentication in the establishment of nonlocal maintenance and diagnostic sessions;

       -

      Maintain records for nonlocal maintenance and diagnostic activities; and

       -

      Terminate session and network connections when nonlocal maintenance is completed.

       @@ -15103,17 +11193,6 @@ - - - @@ -15130,29 +11209,11 @@ - - -

      the use of nonlocal maintenance and diagnostic tools are allowed only as consistent with organizational policy;

       - -

      the use of nonlocal maintenance and diagnostic tools are documented in the security plan for the system;

      @@ -15160,45 +11221,16 @@       - - - -

      strong authentication is employed in the establishment of nonlocal maintenance and diagnostic sessions;

       - -

      records for nonlocal maintenance and diagnostic activities are maintained;

       - - @@ -15253,6 +11285,7 @@       Maintenance Personnel + @@ -15273,23 +11306,14 @@ -

      Establish a process for maintenance personnel authorization and maintain a list of authorized maintenance organizations or personnel;

       -

      Verify that non-escorted personnel performing maintenance on the system possess the required access authorizations; and

       -

      Designate organizational personnel with required access authorizations and technical competence to supervise the maintenance activities of personnel who do not possess the required access authorizations.

       @@ -15300,13 +11324,6 @@ - - @@ -15321,41 +11338,11 @@ - - - -

      non-escorted personnel performing maintenance on the system possess the required access authorizations;

       - - - -

      organizational personnel with required access authorizations and technical competence is/are designated to supervise the maintenance activities of personnel who do not possess the required access authorizations.

      @@ -15466,6 +11453,7 @@

      events that would require media protection procedures to be reviewed and updated are defined;

      + @@ -15485,13 +11473,6 @@ - - -

      This response must address all control sub-statement requirements.

      -       -

      Develop, document, and disseminate to :

      @@ -15513,20 +11494,10 @@       -

      Designate an to manage the development, documentation, and dissemination of the media protection policy and procedures; and

       - - -

      This response must address all control sub-statement requirements.

      -       -

      Review and update the current media protection:

      @@ -15547,57 +11518,21 @@ - - -

      a media protection policy is developed and documented;

       - - -

      the media protection policy is disseminated to ;

       - -

      media protection procedures to facilitate the implementation of the media protection policy and associated media protection controls are developed and documented;

       - -

      the media protection procedures are disseminated to ;

      @@ -15605,13 +11540,6 @@ - - @@ -15651,13 +11579,6 @@ - -

      the media protection policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

      @@ -15667,17 +11588,6 @@       - - -

      the is designated to manage the development, documentation, and dissemination of the media protection policy and procedures.

      @@ -15685,17 +11595,6 @@ - - - @@ -15710,17 +11609,6 @@ - - - @@ -15790,6 +11678,7 @@

      personnel or roles authorized to access non-digital media is/are defined;

      + @@ -15814,9 +11703,6 @@ -

      Restrict access to to .

       @@ -15825,41 +11711,11 @@ - - - -

      access to is restricted to ;

       - - - -

      access to is restricted to .

      @@ -15947,6 +11803,7 @@

      sanitization techniques and procedures to be used for sanitization prior to release for reuse are defined;

      + @@ -15977,16 +11834,10 @@ -

      Sanitize prior to disposal, release out of organizational control, or release for reuse using ; and

       -

      Employ sanitization mechanisms with the strength and integrity commensurate with the security category or classification of the information.

       @@ -15997,21 +11848,6 @@ - - - - @@ -16034,21 +11870,6 @@ - - - -

      sanitization mechanisms with strength and integrity commensurate with the security category or classification of the information are employed.

      @@ -16118,6 +11939,7 @@

      controls to restrict or prohibit the use of specific types of system media on systems or system components are defined;

      + @@ -16134,17 +11956,11 @@ -

      the use of on using ; and

       -

      Prohibit the use of portable storage devices in organizational systems when such devices have no identifiable owner.

       @@ -16155,41 +11971,11 @@ - - - -

      the use of is on using ;

       - - - -

      the use of portable storage devices in organizational systems is prohibited when such devices have no identifiable owner.

      @@ -16301,6 +12087,7 @@

      events that would require the physical and environmental protection procedures to be reviewed and updated are defined;

      + @@ -16320,13 +12107,6 @@ - - -

      This response must address all control sub-statement requirements.

      -       -

      Develop, document, and disseminate to :

      @@ -16348,20 +12128,10 @@       -

      Designate an to manage the development, documentation, and dissemination of the physical and environmental protection policy and procedures; and

       - - -

      This response must address all control sub-statement requirements.

      -       -

      Review and update the current physical and environmental protection:

      @@ -16382,57 +12152,21 @@ - - -

      a physical and environmental protection policy is developed and documented;

       - - -

      the physical and environmental protection policy is disseminated to ;

       - -

      physical and environmental protection procedures to facilitate the implementation of the physical and environmental protection policy and associated physical and environmental protection controls are developed and documented;

       - -

      the physical and environmental protection procedures are disseminated to ;

      @@ -16440,13 +12174,6 @@ - - @@ -16486,13 +12213,6 @@ - -

      the physical and environmental protection policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

      @@ -16502,17 +12222,6 @@       - - -

      the is designated to manage the development, documentation, and dissemination of the physical and environmental protection policy and procedures;

      @@ -16520,17 +12229,6 @@ - - - @@ -16545,17 +12243,6 @@ - - - @@ -16606,6 +12293,7 @@

      frequency at which to review the access list detailing authorized facility access by individuals is defined;

      + @@ -16632,30 +12320,18 @@ -

      Develop, approve, and maintain a list of individuals with authorized access to the facility where the system resides;

       -

      Issue authorization credentials for facility access;

       -

      Review the access list detailing authorized facility access by individuals ; and

       -

      Remove individuals from the facility access list when access is no longer required.

       @@ -16666,17 +12342,6 @@ - - - @@ -16696,37 +12361,16 @@ - -

      authorization credentials are issued for facility access;

       - -

      the access list detailing authorized facility access by individuals is reviewed ;

       - -

      individuals are removed from the facility access list when access is no longer required.

      @@ -16852,7 +12496,7 @@

      frequency at which to change keys is defined;

      - + @@ -16889,9 +12533,6 @@ -

      Enforce physical access authorizations at by:

      @@ -16904,44 +12545,26 @@       -

      Maintain physical access audit logs for ;

       -

      Control access to areas within the facility designated as publicly accessible by implementing the following controls: ;

       -

      Escort visitors and control visitor activity ;

       -

      Secure keys, combinations, and other physical access devices;

       -

      Inventory every ; and

       -

      Change combinations and keys and/or when keys are lost, combinations are compromised, or when individuals possessing the keys or combinations are transferred or terminated.

       @@ -16954,29 +12577,11 @@ - -

      physical access authorizations are enforced at by verifying individual access authorizations before granting access to the facility;

       - - -

      physical access authorizations are enforced at by controlling ingress and egress to the facility using ;

      @@ -16984,29 +12589,11 @@       - - -

      physical access audit logs are maintained for ;

       - -

      access to areas within the facility designated as publicly accessible are maintained by implementing ;

      @@ -17014,29 +12601,11 @@ - -

      visitors are escorted;

       - - -

      visitor activity is controlled ;

      @@ -17046,37 +12615,16 @@ - -

      keys are secured;

       - -

      combinations are secured;

       - -

      other physical access devices are secured;

      @@ -17084,17 +12632,6 @@       - - -

      are inventoried ;

      @@ -17103,25 +12640,11 @@ - -

      combinations are changed , when combinations are compromised, or when individuals possessing the combinations are transferred or terminated;

       - -

      keys are changed , when keys are lost, or when individuals possessing the keys are transferred or terminated.

      @@ -17184,6 +12707,7 @@

      events or potential indication of events requiring physical access logs to be reviewed are defined;

      + @@ -17203,23 +12727,14 @@ -

      Monitor physical access to the facility where the system resides to detect and respond to physical security incidents;

       -

      Review physical access logs and upon occurrence of ; and

       -

      Coordinate results of reviews and investigations with the organizational incident response capability.

       @@ -17230,17 +12745,6 @@ - - -

      physical access to the facility where the system resides is monitored to detect and respond to physical security incidents;

      @@ -17248,25 +12752,11 @@ - -

      physical access logs are reviewed ;

       - -

      physical access logs are reviewed upon occurrence of ;

      @@ -17276,33 +12766,11 @@ - - -

      results of reviews are coordinated with organizational incident response capabilities;

       - - -

      results of investigations are coordinated with organizational incident response capabilities.

      @@ -17373,6 +12841,7 @@

      personnel to whom visitor access records anomalies are reported to is/are defined;

      + @@ -17387,23 +12856,14 @@ -

      Maintain visitor access records to the facility where the system resides for ;

       -

      Review visitor access records ; and

       -

      Report anomalies in visitor access records to .

       @@ -17414,45 +12874,16 @@ - - -

      visitor access records for the facility where the system resides are maintained for ;

       - -

      visitor access records are reviewed ;

       - - -

      visitor access records anomalies are reported to .

      @@ -17493,6 +12924,7 @@       Emergency Lighting + @@ -17502,9 +12934,6 @@ -

      Employ and maintain automatic emergency lighting for the system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility.

       @@ -17513,49 +12942,21 @@ - -

      automatic emergency lighting that activates in the event of a power outage or disruption is employed for the system;

       - -

      automatic emergency lighting that activates in the event of a power outage or disruption is maintained for the system;

       - -

      automatic emergency lighting for the system covers emergency exits within the facility;

       - -

      automatic emergency lighting for the system covers evacuation routes within the facility.

      @@ -17593,6 +12994,7 @@       Fire Protection + @@ -17601,9 +13003,6 @@ value="organization"/> -

      Employ and maintain fire detection and suppression systems that are supported by an independent energy source.

       @@ -17612,97 +13011,31 @@ - - -

      fire detection systems are employed;

       - - -

      employed fire detection systems are supported by an independent energy source;

       - - -

      employed fire detection systems are maintained;

       - - -

      fire suppression systems are employed;

       - - -

      employed fire suppression systems are supported by an independent energy source;

       - - -

      employed fire suppression systems are maintained.

      @@ -17779,6 +13112,7 @@

      frequency at which to monitor environmental control levels is defined;

      + @@ -17789,16 +13123,10 @@ -

      Maintain levels within the facility where the system resides at ; and

       -

      Monitor environmental control levels .

       @@ -17816,34 +13144,12 @@ - - -

      levels are maintained at within the facility where the system resides;

       - - -

      environmental control levels are monitored .

      @@ -17882,6 +13188,7 @@       Water Damage Protection + @@ -17891,9 +13198,6 @@ -

      Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel.

       @@ -17902,65 +13206,21 @@ - - -

      the system is protected from damage resulting from water leakage by providing master shutoff or isolation valves;

       - - -

      the master shutoff or isolation valves are accessible;

       - - -

      the master shutoff or isolation valves are working properly;

       - - -

      the master shutoff or isolation valves are known to key personnel.

      @@ -18020,6 +13280,7 @@

      types of system components to be authorized and controlled when exiting the facility are defined;

      + @@ -18038,16 +13299,10 @@ -

      Authorize and control entering and exiting the facility; and

       -

      Maintain records of the system components.

       @@ -18060,68 +13315,24 @@ - - -

      are authorized when entering the facility;

       - - -

      are controlled when entering the facility;

       - - -

      are authorized when exiting the facility;

       - - -

      are controlled when exiting the facility;

      @@ -18130,17 +13341,6 @@       - - -

      records of the system components are maintained.

      @@ -18248,6 +13448,7 @@

      events that would require procedures to be reviewed and updated are defined;

      + @@ -18268,13 +13469,6 @@ - - -

      This response must address all control sub-statement requirements.

      -       -

      Develop, document, and disseminate to :

      @@ -18296,20 +13490,10 @@       -

      Designate an to manage the development, documentation, and dissemination of the planning policy and procedures; and

       - - -

      This response must address all control sub-statement requirements.

      -       -

      Review and update the current planning:

      @@ -18330,57 +13514,21 @@ - - -

      a planning policy is developed and documented.

       - - -

      the planning policy is disseminated to ;

       - -

      planning procedures to facilitate the implementation of the planning policy and associated planning controls are developed and documented;

       - -

      the planning procedures are disseminated to ;

      @@ -18388,13 +13536,6 @@ - - @@ -18434,13 +13575,6 @@ - -

      the planning policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

      @@ -18450,17 +13584,6 @@       - - -

      the is designated to manage the development, documentation, and dissemination of the planning policy and procedures;

      @@ -18468,17 +13591,6 @@ - - - @@ -18493,17 +13605,6 @@ - - - @@ -18565,6 +13666,7 @@

      frequency to review system security and privacy plans is defined;

      + @@ -18618,9 +13720,6 @@ -

      Develop security and privacy plans for the system that:

      @@ -18685,30 +13784,18 @@       -

      Distribute copies of the plans and communicate subsequent changes to the plans to ;

       -

      Review the plans ;

       -

      Update the plans to address changes to the system and environment of operation or problems identified during plan implementation or control assessments; and

       -

      Protect the plans from unauthorized disclosure and modification.

       @@ -18726,77 +13813,11 @@ - - - - - - - - -

      a security plan for the system is developed that is consistent with the organization’s enterprise architecture;

       - - - - - - - - -

      a privacy plan for the system is developed that is consistent with the organization’s enterprise architecture;

      @@ -18834,25 +13855,11 @@ - -

      a security plan for the system is developed that identifies the individuals that fulfill system roles and responsibilities;

       - -

      a privacy plan for the system is developed that identifies the individuals that fulfill system roles and responsibilities;

      @@ -18860,13 +13867,6 @@       - - @@ -18881,13 +13881,6 @@ - - @@ -18902,13 +13895,6 @@ - - @@ -18923,13 +13909,6 @@ - - @@ -18944,17 +13923,6 @@ - - - @@ -18971,25 +13939,11 @@ - -

      a security plan for the system is developed that provides an overview of the security requirements for the system;

       - -

      a privacy plan for the system is developed that provides an overview of the privacy requirements for the system;

      @@ -18997,13 +13951,6 @@       - - @@ -19020,25 +13967,11 @@ - -

      a security plan for the system is developed that describes the controls in place or planned for meeting the security requirements, including rationale for any tailoring decisions;

       - -

      a privacy plan for the system is developed that describes the controls in place or planned for meeting the privacy requirements, including rationale for any tailoring decisions;

      @@ -19048,33 +13981,11 @@ - - -

      a security plan for the system is developed that includes risk determinations for security architecture and design decisions;

       - - -

      a privacy plan for the system is developed that includes risk determinations for privacy architecture and design decisions;

      @@ -19084,33 +13995,11 @@ - - -

      a security plan for the system is developed that includes security-related activities affecting the system that require planning and coordination with ;

       - - -

      a privacy plan for the system is developed that includes privacy-related activities affecting the system that require planning and coordination with ;

      @@ -19120,33 +14009,11 @@ - - -

      a security plan for the system is developed that is reviewed and approved by the authorizing official or designated representative prior to plan implementation;

       - - -

      a privacy plan for the system is developed that is reviewed and approved by the authorizing official or designated representative prior to plan implementation.

      @@ -19156,17 +14023,6 @@       - - - @@ -19181,33 +14037,11 @@ - - -

      plans are reviewed ;

       - - - @@ -19227,17 +14061,6 @@ - - - @@ -19321,6 +14144,7 @@

      frequency for individuals to read and re-acknowledge the rules of behavior is defined (if selected);

      + @@ -19353,30 +14177,18 @@ -

      Establish and provide to individuals requiring access to the system, the rules that describe their responsibilities and expected behavior for information and system usage, security, and privacy;

       -

      Receive a documented acknowledgment from such individuals, indicating that they have read, understand, and agree to abide by the rules of behavior, before authorizing access to information and the system;

       -

      Review and update the rules of behavior ; and

       -

      Require individuals who have acknowledged a previous version of the rules of behavior to read and re-acknowledge .

       @@ -19387,17 +14199,6 @@ - - - @@ -19412,49 +14213,16 @@ - - -

      before authorizing access to information and the system, a documented acknowledgement from such individuals indicating that they have read, understand, and agree to abide by the rules of behavior is received;

       - - -

      rules of behavior are reviewed and updated ;

       - - -

      individuals who have acknowledged a previous version of the rules of behavior are required to read and reacknowledge .

      @@ -19493,6 +14261,7 @@       Social Media and External Site/Application Usage Restrictions + @@ -19508,23 +14277,14 @@

      Include in the rules of behavior, restrictions on:

      -

      Use of social media, social networking sites, and external sites/applications;

       -

      Posting organizational information on public websites; and

       -

      Use of organization-provided identifiers (e.g., email addresses) and authentication secrets (e.g., passwords) for creating accounts on external sites/applications.

       @@ -19535,49 +14295,16 @@ - - -

      the rules of behavior include restrictions on the use of social media, social networking sites, and external sites/applications;

       - - -

      the rules of behavior include restrictions on posting organizational information on public websites;

       - - -

      the rules of behavior include restrictions on the use of organization-provided identifiers (e.g., email addresses) and authentication secrets (e.g., passwords) for creating accounts on external sites/applications.

      @@ -19628,6 +14355,7 @@

      frequency for review and update to reflect changes in the enterprise architecture;

      + @@ -19655,9 +14383,6 @@ -

      Develop security and privacy architectures for the system that:

      @@ -19678,16 +14403,10 @@       -

      Review and update the architectures to reflect changes in the enterprise architecture; and

       -

      Reflect planned architecture changes in security and privacy plans, Concept of Operations (CONOPS), criticality analysis, organizational procedures, and procurements and acquisitions.

       @@ -19712,45 +14431,16 @@ - - -

      a security architecture for the system describes the requirements and approach to be taken for protecting the confidentiality, integrity, and availability of organizational information;

       - - -

      a privacy architecture describes the requirements and approach to be taken for processing personally identifiable information to minimize privacy risk to individuals;

       - - @@ -19765,13 +14455,6 @@ - - @@ -19788,17 +14471,6 @@ - - -

      changes in the enterprise architecture are reviewed and updated to reflect changes in the enterprise architecture;

      @@ -19806,97 +14478,31 @@ - - -

      planned architecture changes are reflected in the security plan;

       - - -

      planned architecture changes are reflected in the privacy plan;

       - - -

      planned architecture changes are reflected in the Concept of Operations (CONOPS);

       - - -

      planned architecture changes are reflected in criticality analysis;

       - - -

      planned architecture changes are reflected in organizational procedures;

       - - -

      planned architecture changes are reflected in procurements and acquisitions.

      @@ -19941,6 +14547,7 @@       Baseline Selection + @@ -19963,9 +14570,6 @@ -

      Select a control baseline for the system.

      PL-10 Additional FedRAMP Requirements and Guidance @@ -19979,13 +14583,6 @@

      Control baselines are predefined sets of controls specifically assembled to address the protection needs of a group, organization, or community of interest. Controls are chosen for baselines to either satisfy mandates imposed by laws, executive orders, directives, regulations, policies, standards, and guidelines or address threats common to all users of the baseline under the assumptions specific to the baseline. Baselines represent a starting point for the protection of individuals’ privacy, information, and information systems with subsequent tailoring actions to manage risk in accordance with mission, business, or other constraints (see PL-11 ). Federal control baselines are provided in SP 800-53B . The selection of a control baseline is determined by the needs of stakeholders. Stakeholder needs consider mission and business requirements as well as mandates imposed by applicable laws, executive orders, directives, policies, regulations, standards, and guidelines. For example, the control baselines in SP 800-53B are based on the requirements from FISMA and PRIVACT . The requirements, along with the NIST standards and guidelines implementing the legislation, direct organizations to select one of the control baselines after the reviewing the information types and the information that is processed, stored, and transmitted on the system; analyzing the potential adverse impact of the loss or compromise of the information or system on the organization’s operations and assets, individuals, other organizations, or the Nation; and considering the results from system and organizational risk assessments. CNSSI 1253 provides guidance on control baselines for national security systems.

       - -

      a control baseline for the system is selected.

      @@ -20027,6 +14624,7 @@       Baseline Tailoring + @@ -20049,26 +14647,12 @@ -

      Tailor the selected control baseline by applying specified tailoring actions.

      The concept of tailoring allows organizations to specialize or customize a set of baseline controls by applying a defined set of tailoring actions. Tailoring actions facilitate such specialization and customization by allowing organizations to develop security and privacy plans that reflect their specific mission and business functions, the environments where their systems operate, the threats and vulnerabilities that can affect their systems, and any other conditions or situations that can impact their mission or business success. Tailoring guidance is provided in SP 800-53B . Tailoring a control baseline is accomplished by identifying and designating common controls, applying scoping considerations, selecting compensating controls, assigning values to control parameters, supplementing the control baseline with additional controls as needed, and providing information for control implementation. The general tailoring actions in SP 800-53B can be supplemented with additional actions based on the needs of organizations. Tailoring actions can be applied to the baselines in SP 800-53B in accordance with the security and privacy requirements from FISMA, PRIVACT , and OMB A-130 . Alternatively, other communities of interest adopting different control baselines can apply the tailoring actions in SP 800-53B to specialize or customize the controls that represent the specific needs and concerns of those entities.

       - - -

      the selected control baseline is tailored by applying specified tailoring actions.

      @@ -20179,6 +14763,7 @@

      events that would require the personnel security procedures to be reviewed and updated are defined;

      + @@ -20197,13 +14782,6 @@ - - -

      This response must address all control sub-statement requirements.

      -       -

      Develop, document, and disseminate to :

      @@ -20225,20 +14803,10 @@       -

      Designate an to manage the development, documentation, and dissemination of the personnel security policy and procedures; and

       - - -

      This response must address all control sub-statement requirements.

      -       -

      Review and update the current personnel security:

      @@ -20259,57 +14827,21 @@ - - -

      a personnel security policy is developed and documented;

       - - -

      the personnel security policy is disseminated to ;

       - -

      personnel security procedures to facilitate the implementation of the personnel security policy and associated personnel security controls are developed and documented;

       - -

      the personnel security procedures are disseminated to ;

      @@ -20317,13 +14849,6 @@ - - @@ -20363,13 +14888,6 @@ - -

      the personnel security policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

      @@ -20379,17 +14897,6 @@       - - -

      the is designated to manage the development, documentation, and dissemination of the personnel security policy and procedures;

      @@ -20397,17 +14904,6 @@ - - - @@ -20422,17 +14918,6 @@ - - - @@ -20485,6 +14970,7 @@

      the frequency at which to review and update position risk designations is defined;

      + @@ -20505,23 +14991,14 @@ -

      Assign a risk designation to all organizational positions;

       -

      Establish screening criteria for individuals filling those positions; and

       -

      Review and update position risk designations .

       @@ -20532,49 +15009,16 @@ - - -

      a risk designation is assigned to all organizational positions;

       - - -

      screening criteria are established for individuals filling organizational positions;

       - - -

      position risk designations are reviewed and updated .

      @@ -20634,6 +15078,7 @@

      the frequency of rescreening individuals where it is so indicated is defined;

      + @@ -20660,16 +15105,10 @@ -

      Screen individuals prior to authorizing access to the system; and

       -

      Rescreen individuals in accordance with .

       @@ -20680,17 +15119,6 @@ - - -

      individuals are screened prior to authorizing access to the system;

      @@ -20698,33 +15126,11 @@ - - -

      individuals are rescreened in accordance with ;

       - - -

      where rescreening is so indicated, individuals are rescreened .

      @@ -20779,6 +15185,7 @@

      information security topics to be discussed when conducting exit interviews are defined;

      + @@ -20794,37 +15201,22 @@

      Upon termination of individual employment:

      -

      Disable system access within ;

       -

      Terminate or revoke any authenticators and credentials associated with the individual;

       -

      Conduct exit interviews that include a discussion of ;

       -

      Retrieve all security-related organizational system-related property; and

       -

      Retain access to organizational information and systems formerly controlled by terminated individual.

       @@ -20835,73 +15227,26 @@ - -

      upon termination of individual employment, system access is disabled within ;

       - -

      upon termination of individual employment, any authenticators and credentials are terminated or revoked;

       - - -

      upon termination of individual employment, exit interviews that include a discussion of are conducted;

       - - -

      upon termination of individual employment, all security-related organizational system-related property is retrieved;

       - - -

      upon termination of individual employment, access to organizational information and systems formerly controlled by the terminated individual are retained.

      @@ -20978,6 +15323,7 @@

      time period within which to notify organization-defined personnel or roles when individuals are reassigned or transferred to other positions within the organization is defined;

      + @@ -20992,30 +15338,18 @@ -

      Review and confirm ongoing operational need for current logical and physical access authorizations to systems and facilities when individuals are reassigned or transferred to other positions within the organization;

       -

      Initiate within ;

       -

      Modify access authorization as needed to correspond with any changes in operational need due to reassignment or transfer; and

       -

      Notify within .

       @@ -21026,62 +15360,22 @@ - - -

      the ongoing operational need for current logical and physical access authorizations to systems and facilities are reviewed and confirmed when individuals are reassigned or transferred to other positions within the organization;

       - - -

      are initiated within ;

       - -

      access authorization is modified as needed to correspond with any changes in operational need due to reassignment or transfer;

       - - -

      are notified within .

      @@ -21145,6 +15439,7 @@

      the frequency at which to re-sign access agreements to maintain access to organizational information is defined;

      + @@ -21166,23 +15461,14 @@ -

      Develop and document access agreements for organizational systems;

       -

      Review and update the access agreements ; and

       -

      Verify that individuals requiring access to organizational information and systems:

      @@ -21201,29 +15487,11 @@ - -

      access agreements are developed and documented for organizational systems;

       - - -

      the access agreements are reviewed and updated ;

      @@ -21231,33 +15499,11 @@ - - -

      individuals requiring access to organizational information and systems sign appropriate access agreements prior to being granted access;

       - - -

      individuals requiring access to organizational information and systems re-sign access agreements to maintain access to organizational systems when access agreements have been updated or .

      @@ -21324,6 +15570,7 @@

      time period within which third-party providers are required to notify organization-defined personnel or roles of any personnel transfers or terminations of external personnel who possess organizational credentials and/or badges or who have system privileges is defined;

      + @@ -21349,37 +15596,22 @@ -

      Establish personnel security requirements, including security roles and responsibilities for external providers;

       -

      Require external providers to comply with personnel security policies and procedures established by the organization;

       -

      Document personnel security requirements;

       -

      Require external providers to notify of any personnel transfers or terminations of external personnel who possess organizational credentials and/or badges, or who have system privileges within ; and

       -

      Monitor provider compliance with personnel security requirements.

       @@ -21390,77 +15622,26 @@ - - -

      personnel security requirements are established, including security roles and responsibilities for external providers;

       - - -

      external providers are required to comply with personnel security policies and procedures established by the organization;

       - -

      personnel security requirements are documented;

       - - -

      external providers are required to notify of any personnel transfers or terminations of external personnel who possess organizational credentials and/or badges or who have system privileges within ;

       - - -

      provider compliance with personnel security requirements is monitored.

      @@ -21520,6 +15701,7 @@

      the time period within which organization-defined personnel or roles must be notified when a formal employee sanctions process is initiated is defined;

      + @@ -21532,16 +15714,10 @@ -

      Employ a formal sanctions process for individuals failing to comply with established information security and privacy policies and procedures; and

       -

      Notify within when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction.

       @@ -21552,33 +15728,11 @@ - - -

      a formal sanctions process is employed for individuals failing to comply with established information security and privacy policies and procedures;

       - - -

      is/are notified within when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction.

      @@ -21622,6 +15776,7 @@       Position Descriptions + @@ -21630,22 +15785,12 @@ value="organization"/> -

      Incorporate security and privacy roles and responsibilities into organizational position descriptions.

      Specification of security and privacy roles in individual organizational position descriptions facilitates clarity in understanding the security or privacy responsibilities associated with the roles and the role-based security and privacy training requirements for the roles.

       - - @@ -21762,6 +15907,7 @@

      events that would require risk assessment procedures to be reviewed and updated are defined;

      + @@ -21781,13 +15927,6 @@ - - -

      This response must address all control sub-statement requirements.

      -       -

      Develop, document, and disseminate to :

      @@ -21809,20 +15948,10 @@       -

      Designate an to manage the development, documentation, and dissemination of the risk assessment policy and procedures; and

       - - -

      This response must address all control sub-statement requirements.

      -       -

      Review and update the current risk assessment:

      @@ -21843,57 +15972,21 @@ - - -

      a risk assessment policy is developed and documented;

       - - -

      the risk assessment policy is disseminated to ;

       - -

      risk assessment procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls are developed and documented;

       - -

      the risk assessment procedures are disseminated to ;

      @@ -21901,13 +15994,6 @@ - - @@ -21947,13 +16033,6 @@ - -

      the risk assessment policy is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines;

      @@ -21963,17 +16042,6 @@       - - -

      the is designated to manage the development, documentation, and dissemination of the risk assessment policy and procedures;

      @@ -21981,17 +16049,6 @@ - - - @@ -22006,17 +16063,6 @@ - - - @@ -22055,6 +16101,7 @@       Security Categorization + @@ -22087,23 +16134,14 @@ -

      Categorize the system and information it processes, stores, and transmits;

       -

      Document the security categorization results, including supporting rationale, in the security plan for the system; and

       -

      Verify that the authorizing official or authorizing official designated representative reviews and approves the security categorization decision.

       @@ -22116,41 +16154,16 @@ - -

      the system and the information it processes, stores, and transmits are categorized;

       - -

      the security categorization results, including supporting rationale, are documented in the security plan for the system;

       - - -

      the authorizing official or authorizing official designated representative reviews and approves the security categorization decision.

      @@ -22236,6 +16249,7 @@

      the frequency to update the risk assessment is defined;

      + @@ -22280,9 +16294,6 @@ -

      Conduct a risk assessment, including:

      @@ -22299,37 +16310,22 @@       -

      Integrate risk assessment results and risk management decisions from the organization and mission or business process perspectives with system-level risk assessments;

       -

      Document risk assessment results in ;

       -

      Review risk assessment results ;

       -

      Disseminate risk assessment results to ; and

       -

      Update the risk assessment or when there are significant changes to the system, its environment of operation, or other conditions that may impact the security or privacy state of the system.

       @@ -22355,49 +16351,16 @@ - - -

      a risk assessment is conducted to identify threats to and vulnerabilities in the system;

       - - -

      a risk assessment is conducted to determine the likelihood and magnitude of harm from unauthorized access, use, disclosure, disruption, modification, or destruction of the system; the information it processes, stores, or transmits; and any related information;

       - - -

      a risk assessment is conducted to determine the likelihood and impact of adverse effects on individuals arising from the processing of personally identifiable information;

      @@ -22405,77 +16368,26 @@       - - -

      risk assessment results and risk management decisions from the organization and mission or business process perspectives are integrated with system-level risk assessments;

       - -

      risk assessment results are documented in ;

       - - -

      risk assessment results are reviewed ;

       - - -

      risk assessment results are disseminated to ;

       - - -

      the risk assessment is updated or when there are significant changes to the system, its environment of operation, or other conditions that may impact the security or privacy state of the system.

      @@ -22529,6 +16441,7 @@

      the frequency at which to update the supply chain risk assessment is defined;

      + @@ -22546,16 +16459,10 @@ -

      Assess supply chain risks associated with ; and

       -

      Update the supply chain risk assessment , when there are significant changes to the relevant supply chain, or when changes to the system, environments of operation, or other conditions may necessitate a change in the supply chain.

       @@ -22566,33 +16473,11 @@ - - -

      supply chain risks associated with are assessed;

       - - -

      the supply chain risk assessment is updated , when there are significant changes to the relevant supply chain, or when changes to the system, environments of operation, or other conditions may necessitate a change in the supply chain.

      @@ -22676,7 +16561,7 @@

      personnel or roles with whom information obtained from the vulnerability scanning process and control assessments is to be shared;

      - + @@ -22714,16 +16599,10 @@ -

      Monitor and scan for vulnerabilities in the system and hosted applications and when new vulnerabilities potentially affecting the system are identified and reported;

       -

      Employ vulnerability monitoring tools and techniques that facilitate interoperability among tools and automate parts of the vulnerability management process by using standards for:

      @@ -22740,30 +16619,18 @@       -

      Analyze vulnerability scan reports and results from vulnerability monitoring;

       -

      Remediate legitimate vulnerabilities in accordance with an organizational assessment of risk;

       -

      Share information obtained from the vulnerability monitoring process and control assessments with to help eliminate similar vulnerabilities in other systems; and

       -

      Employ vulnerability monitoring tools that include the capability to readily update the vulnerabilities to be scanned.

       @@ -22789,7 +16656,7 @@

      Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.

      Warning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.

      -

      Warnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a "warning" as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on "Tracking of Compliance Scans" in FAQs.

      +

      Warnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a “warning” as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on “Tracking of Compliance Scans” in FAQs.

             @@ -22802,17 +16669,6 @@ - - - @@ -22827,63 +16683,19 @@ - - -

      vulnerability monitoring tools and techniques are employed to facilitate interoperability among tools;

      - - -

      vulnerability monitoring tools and techniques are employed to automate parts of the vulnerability management process by using standards for enumerating platforms, software flaws, and improper configurations;

       - - -

      vulnerability monitoring tools and techniques are employed to facilitate interoperability among tools and to automate parts of the vulnerability management process by using standards for formatting checklists and test procedures;

       - - -

      vulnerability monitoring tools and techniques are employed to facilitate interoperability among tools and to automate parts of the vulnerability management process by using standards for measuring vulnerability impact;

      @@ -22891,65 +16703,21 @@       - - -

      vulnerability scan reports and results from vulnerability monitoring are analyzed;

       - - -

      legitimate vulnerabilities are remediated in accordance with an organizational assessment of risk;

       - - -

      information obtained from the vulnerability monitoring process and control assessments is shared with to help eliminate similar vulnerabilities in other systems;

       - - -

      vulnerability monitoring tools that include the capability to readily update the vulnerabilities to be scanned are employed.

      @@ -23012,7 +16780,7 @@

      the frequency for updating the system vulnerabilities to be scanned is defined (if selected);

      - + @@ -23025,26 +16793,12 @@ -

      Update the system vulnerabilities to be scanned .

      Due to the complexity of modern software, systems, and other factors, new vulnerabilities are discovered on a regular basis. It is important that newly discovered vulnerabilities are added to the list of vulnerabilities to be scanned to ensure that the organization can take steps to mitigate those vulnerabilities in a timely manner.

       - - -

      the system vulnerabilities to be scanned are updated .

      @@ -23083,6 +16837,7 @@       Public Disclosure Program + @@ -23094,26 +16849,12 @@ value="true"/> -

      Establish a public reporting channel for receiving reports of vulnerabilities in organizational systems and system components.

      The reporting channel is publicly discoverable and contains clear language authorizing good-faith research and the disclosure of vulnerabilities to the organization. The organization does not condition its authorization on an expectation of indefinite non-disclosure to the public by the reporting entity but may request a specific time period to properly remediate the vulnerability.

       - - -

      a public reporting channel is established for receiving reports of vulnerabilities in organizational systems and system components.

      @@ -23156,6 +16897,7 @@       Risk Response + @@ -23179,26 +16921,12 @@ -

      Respond to findings from security and privacy assessments, monitoring, and audits in accordance with organizational risk tolerance.

      Organizations have many options for responding to risk including mitigating risk by implementing new controls or strengthening existing controls, accepting risk with appropriate justification or rationale, sharing or transferring risk, or avoiding risk. The risk tolerance of the organization influences risk response decisions and actions. Risk response addresses the need to determine an appropriate response to risk before generating a plan of action and milestones entry. For example, the response may be to accept risk or reject risk, or it may be possible to mitigate the risk immediately so that a plan of action and milestones entry is not needed. However, if the risk response is to mitigate the risk, and the mitigation cannot be completed immediately, a plan of action and milestones entry is generated.

       - - - @@ -23324,6 +17052,7 @@

      events that would require the system and services acquisition procedures to be reviewed and updated are defined;

      + @@ -23345,13 +17074,6 @@ - - -

      This response must address all control sub-statement requirements.

      -       -

      Develop, document, and disseminate to :

      @@ -23373,20 +17095,10 @@       -

      Designate an to manage the development, documentation, and dissemination of the system and services acquisition policy and procedures; and

       - - -

      This response must address all control sub-statement requirements.

      -       -

      Review and update the current system and services acquisition:

      @@ -23407,57 +17119,21 @@ - - -

      a system and services acquisition policy is developed and documented;

       - - -

      the system and services acquisition policy is disseminated to ;

       - -

      system and services acquisition procedures to facilitate the implementation of the system and services acquisition policy and associated system and services acquisition controls are developed and documented;

       - -

      the system and services acquisition procedures are disseminated to ;

      @@ -23465,13 +17141,6 @@ - - @@ -23511,13 +17180,6 @@ - -

      the system and services acquisition policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

      @@ -23527,17 +17189,6 @@       - - -

      the is designated to manage the development, documentation, and dissemination of the system and services acquisition policy and procedures;

      @@ -23545,17 +17196,6 @@ - - - @@ -23570,17 +17210,6 @@ - - - @@ -23624,6 +17253,7 @@       Allocation of Resources + @@ -23644,23 +17274,14 @@ -

      Determine the high-level information security and privacy requirements for the system or system service in mission and business process planning;

       -

      Determine, document, and allocate the resources required to protect the system or system service as part of the organizational capital planning and investment control process; and

       -

      Establish a discrete line item for information security and privacy in organizational programming and budgeting documentation.

       @@ -23673,33 +17294,11 @@ - - -

      the high-level information security requirements for the system or system service are determined in mission and business process planning;

       - - -

      the high-level privacy requirements for the system or system service are determined in mission and business process planning;

      @@ -23709,33 +17308,11 @@ - - -

      the resources required to protect the system or system service are determined and documented as part of the organizational capital planning and investment control process;

       - - -

      the resources required to protect the system or system service are allocated as part of the organizational capital planning and investment control process;

      @@ -23745,33 +17322,11 @@ - - -

      a discrete line item for information security is established in organizational programming and budgeting documentation;

       - - -

      a discrete line item for privacy is established in organizational programming and budgeting documentation.

      @@ -23823,6 +17378,7 @@

      system development life cycle is defined;

      + @@ -23854,30 +17410,18 @@ -

      Acquire, develop, and manage the system using that incorporates information security and privacy considerations;

       -

      Define and document information security and privacy roles and responsibilities throughout the system development life cycle;

       -

      Identify individuals having information security and privacy roles and responsibilities; and

       -

      Integrate the organizational information security and privacy risk management process into system development life cycle activities.

       @@ -23891,33 +17435,11 @@ - - -

      the system is acquired, developed, and managed using that incorporates information security considerations;

       - - -

      the system is acquired, developed, and managed using that incorporates privacy considerations;

      @@ -23927,33 +17449,11 @@ - - -

      information security roles and responsibilities are defined and documented throughout the system development life cycle;

       - - -

      privacy roles and responsibilities are defined and documented throughout the system development life cycle;

      @@ -23963,33 +17463,11 @@ - - -

      individuals with information security roles and responsibilities are identified;

       - - -

      individuals with privacy roles and responsibilities are identified;

      @@ -23999,33 +17477,11 @@ - - -

      organizational information security risk management processes are integrated into system development life cycle activities;

       - - -

      organizational privacy risk management processes are integrated into system development life cycle activities.

      @@ -24089,6 +17545,7 @@

      contract language is defined (if selected);

      + @@ -24136,65 +17593,38 @@

      Include the following requirements, descriptions, and criteria, explicitly or by reference, using in the acquisition contract for the system, system component, or system service:

      -

      Security and privacy functional requirements;

       -

      Strength of mechanism requirements;

       -

      Security and privacy assurance requirements;

       -

      Controls needed to satisfy the security and privacy requirements.

       -

      Security and privacy documentation requirements;

       -

      Requirements for protecting security and privacy documentation;

       -

      Description of the system development environment and environment in which the system is intended to operate;

       -

      Allocation of responsibility or identification of parties responsible for information security, privacy, and supply chain risk management; and

       -

      Acceptance criteria.

       @@ -24221,77 +17651,11 @@ - - - - - - - - -

      security functional requirements, descriptions, and criteria are included explicitly or by reference using in the acquisition contract for the system, system component, or system service;

       - - - - - - - - -

      privacy functional requirements, descriptions, and criteria are included explicitly or by reference using in the acquisition contract for the system, system component, or system service;

      @@ -24299,17 +17663,6 @@       - - -

      strength of mechanism requirements, descriptions, and criteria are included explicitly or by reference using in the acquisition contract for the system, system component, or system service;

      @@ -24343,17 +17696,6 @@       - - - @@ -24368,17 +17710,6 @@ - - - @@ -24393,33 +17724,11 @@ - - -

      the description of the system development environment and environment in which the system is intended to operate, requirements, and criteria are included explicitly or by reference using in the acquisition contract for the system, system component, or system service;

       - - - @@ -24439,17 +17748,6 @@ - - -

      acceptance criteria requirements and descriptions are included explicitly or by reference using in the acquisition contract for the system, system component, or system service.

      @@ -24493,6 +17791,7 @@       Use of Approved PIV Products + @@ -24507,26 +17806,12 @@ -

      Employ only information technology products on the FIPS 201-approved products list for Personal Identity Verification (PIV) capability implemented within organizational systems.

      Products on the FIPS 201-approved products list meet NIST requirements for Personal Identity Verification (PIV) of Federal Employees and Contractors. PIV cards are used for multi-factor authentication in systems and organizations.

       - - -

      only information technology products on the FIPS 201-approved products list for the Personal Identity Verification (PIV) capability implemented within organizational systems are employed.

      @@ -24585,6 +17870,7 @@

      personnel or roles to distribute system documentation to is/are defined;

      + @@ -24616,9 +17902,6 @@ -

      Obtain or develop administrator documentation for the system, system component, or system service that describes:

      @@ -24635,9 +17918,6 @@       -

      Obtain or develop user documentation for the system, system component, or system service that describes:

      @@ -24654,16 +17934,10 @@       -

      Document attempts to obtain system, system component, or system service documentation when such documentation is either unavailable or nonexistent and take in response; and

       -

      Distribute documentation to .

       @@ -24676,17 +17950,6 @@ - - - @@ -24708,65 +17971,21 @@ - - -

      administrator documentation for the system, system component, or system service that describes the effective use of security functions and mechanisms is obtained or developed;

       - - -

      administrator documentation for the system, system component, or system service that describes the effective maintenance of security functions and mechanisms is obtained or developed;

       - - -

      administrator documentation for the system, system component, or system service that describes the effective use of privacy functions and mechanisms is obtained or developed;

       - - -

      administrator documentation for the system, system component, or system service that describes the effective maintenance of privacy functions and mechanisms is obtained or developed;

      @@ -24774,17 +17993,6 @@       - - - @@ -24805,65 +18013,21 @@ - - -

      user documentation for the system, system component, or system service that describes user-accessible security functions and mechanisms is obtained or developed;

       - - -

      user documentation for the system, system component, or system service that describes how to effectively use those (user-accessible security) functions and mechanisms is obtained or developed;

       - - -

      user documentation for the system, system component, or system service that describes user-accessible privacy functions and mechanisms is obtained or developed;

       - - -

      user documentation for the system, system component, or system service that describes how to effectively use those (user-accessible privacy) functions and mechanisms is obtained or developed;

      @@ -24873,33 +18037,11 @@ - - -

      user documentation for the system, system component, or system service that describes methods for user interaction, which enable individuals to use the system, component, or service in a more secure manner is obtained or developed;

       - - -

      user documentation for the system, system component, or system service that describes methods for user interaction, which enable individuals to use the system, component, or service to protect individual privacy is obtained or developed;

      @@ -24909,33 +18051,11 @@ - - -

      user documentation for the system, system component, or system service that describes user responsibilities for maintaining the security of the system, component, or service is obtained or developed;

       - - -

      user documentation for the system, system component, or system service that describes user responsibilities for maintaining the privacy of individuals is obtained or developed;

      @@ -24947,33 +18067,11 @@ - - -

      attempts to obtain system, system component, or system service documentation when such documentation is either unavailable or nonexistent is documented;

       - - -

      after attempts to obtain system, system component, or system service documentation when such documentation is either unavailable or nonexistent, are taken in response;

      @@ -24981,17 +18079,6 @@       - - -

      documentation is distributed to .

      @@ -25053,6 +18140,7 @@

      privacy engineering principles are defined;

      + @@ -25091,9 +18179,6 @@ -

      Apply the following systems security and privacy engineering principles in the specification, design, development, implementation, and modification of the system and system components: .

       @@ -25104,170 +18189,60 @@ - - -

      are applied in the specification of the system and system components;

       - - -

      are applied in the design of the system and system components;

       - - -

      are applied in the development of the system and system components;

       - - -

      are applied in the implementation of the system and system components;

       - - -

      are applied in the modification of the system and system components;

       - - -

      are applied in the specification of the system and system components;

       - - -

      are applied in the design of the system and system components;

       - - -

      are applied in the development of the system and system components;

       - - -

      are applied in the implementation of the system and system components;

       - - -

      are applied in the modification of the system and system components.

      @@ -25335,7 +18310,7 @@

      processes, methods, and techniques employed to monitor control compliance by external service providers are defined;

      - + @@ -25364,23 +18339,14 @@ -

      Require that providers of external system services comply with organizational security and privacy requirements and employ the following controls: ;

       -

      Define and document organizational oversight and user roles and responsibilities with regard to external system services; and

       -

      Employ the following processes, methods, and techniques to monitor control compliance by external service providers on an ongoing basis: .

       @@ -25393,45 +18359,16 @@ - - -

      providers of external system services comply with organizational security requirements;

       - - -

      providers of external system services comply with organizational privacy requirements;

       - -

      providers of external system services employ ;

      @@ -25441,25 +18378,11 @@ - -

      organizational oversight with regard to external system services are defined and documented;

       - -

      user roles and responsibilities with regard to external system services are defined and documented;

      @@ -25467,17 +18390,6 @@       - - -

      are employed to monitor control compliance by external service providers on an ongoing basis.

      @@ -25540,6 +18452,7 @@

      support from external providers is defined (if selected);

      + @@ -25553,16 +18466,10 @@ -

      Replace system components when support for the components is no longer available from the developer, vendor, or manufacturer; or

       -

      Provide the following options for alternative sources for continued support for unsupported components .

       @@ -25574,33 +18481,11 @@ - - -

      system components are replaced when support for the components is no longer available from the developer, vendor, or manufacturer;

       - - -

      provide options for alternative sources for continued support for unsupported components.

      @@ -25712,6 +18597,7 @@

      events that would require the system and communications protection procedures to be reviewed and updated are defined;

      + @@ -25730,13 +18616,6 @@ - - -

      This response must address all control sub-statement requirements.

      -       -

      Develop, document, and disseminate to :

      @@ -25758,20 +18637,10 @@       -

      Designate an to manage the development, documentation, and dissemination of the system and communications protection policy and procedures; and

       - - -

      This response must address all control sub-statement requirements.

      -       -

      Review and update the current system and communications protection:

      @@ -25792,57 +18661,21 @@ - - -

      a system and communications protection policy is developed and documented;

       - - -

      the system and communications protection policy is disseminated to ;

       - -

      system and communications protection procedures to facilitate the implementation of the system and communications protection policy and associated system and communications protection controls are developed and documented;

       - -

      the system and communications protection procedures are disseminated to ;

      @@ -25850,13 +18683,6 @@ - - @@ -25896,13 +18722,6 @@ - -

      the system and communications protection policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

      @@ -25912,17 +18731,6 @@       - - -

      the is designated to manage the development, documentation, and dissemination of the system and communications protection policy and procedures;

      @@ -25930,17 +18738,6 @@ - - - @@ -25955,17 +18752,6 @@ - - - @@ -26035,6 +18821,7 @@

      controls to achieve the denial-of-service objective by type of denial-of-service event are defined;

      + @@ -26049,17 +18836,11 @@ -

      the effects of the following types of denial-of-service events: ; and

       -

      Employ the following controls to achieve the denial-of-service objective: .

       @@ -26070,29 +18851,11 @@ - - -

      the effects of are ;

       - -

      are employed to achieve the denial-of-service protection objective.

      @@ -26141,7 +18904,7 @@ logically - + @@ -26181,23 +18944,14 @@ -

      Monitor and control communications at the external managed interfaces to the system and at key internal managed interfaces within the system;

       -

      Implement subnetworks for publicly accessible system components that are separated from internal organizational networks; and

       -

      Connect to external networks or systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security and privacy architecture.

       @@ -26217,65 +18971,21 @@ - - -

      communications at external managed interfaces to the system are monitored;

       - - -

      communications at external managed interfaces to the system are controlled;

       - - -

      communications at key internal managed interfaces within the system are monitored;

       - - -

      communications at key internal managed interfaces within the system are controlled;

      @@ -26283,41 +18993,11 @@       - - - -

      subnetworks for publicly accessible system components are separated from internal organizational networks;

       - - - -

      external networks or systems are only connected to through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security and privacy architecture.

      @@ -26366,7 +19046,7 @@ integrity - + @@ -26397,9 +19077,6 @@ -

      Protect the of transmitted information.

      SC-8 Additional FedRAMP Requirements and Guidance @@ -26415,7 +19092,7 @@
    • Replication between availability zones
    • Transmission of backups to storage
    • From a load balancer to a compute instance
      • -
    • Flows from management tools required for their work - e.g. log collection, scanning, etc.
      • +
    • Flows from management tools required for their work – e.g. log collection, scanning, etc.

    The following applies only when choosing SC-8 (5) in lieu of SC-8 (1).

    @@ -26429,7 +19106,7 @@

    Hardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).

    -

    Controlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS's Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS' recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).

    +

    Controlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS’s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS’ recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).

    Note: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.

    @@ -26446,21 +19123,6 @@

    Organizations that rely on commercial providers who offer transmission services as commodity services rather than as fully dedicated services may find it difficult to obtain the necessary assurances regarding the implementation of needed controls for transmission confidentiality and integrity. In such situations, organizations determine what types of confidentiality or integrity services are available in standard, commercial telecommunications service packages. If it is not feasible to obtain the necessary controls and assurances of control effectiveness through appropriate contracting vehicles, organizations can implement appropriate compensating controls.

     - - - -

    the of transmitted information is/are protected.

    @@ -26502,6 +19164,7 @@ detect changes to information + @@ -26512,9 +19175,6 @@ -

    Implement cryptographic mechanisms to during transmission.

    SC-8 (1) Additional FedRAMP Requirements and Guidance @@ -26541,21 +19201,6 @@

    Encryption protects information from unauthorized disclosure and modification during transmission. Cryptographic mechanisms that protect the confidentiality and integrity of information during transmission include TLS and IPSec. Cryptographic mechanisms used to protect information integrity include cryptographic hash functions that have applications in digital signatures, checksums, and message authentication codes.

     - - - -

    cryptographic mechanisms are implemented to during transmission.

    @@ -26606,7 +19251,7 @@

    requirements for key generation, distribution, storage, access, and destruction are defined;

    - + @@ -26638,7 +19283,6 @@ - @@ -26647,9 +19291,6 @@ -

    Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: .

    SC-12 Additional FedRAMP Requirements and Guidance @@ -26671,21 +19312,6 @@

    Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Organizations define key management requirements in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines and specify appropriate options, parameters, and levels. Organizations manage trust stores to ensure that only approved trust anchors are part of such trust stores. This includes certificates with visibility external to organizational systems and certificates related to the internal operations of systems. NIST CMVP and NIST CAVP provide additional information on validated cryptographic modules and algorithms that can be used in cryptographic key management and establishment.

     - - - - @@ -26749,7 +19375,7 @@

    types of cryptography for each specified cryptographic use are defined;

    - + @@ -26788,16 +19414,10 @@ -

    Determine the ; and

     -

    Implement the following types of cryptography required for each specified cryptographic use: .

     @@ -26848,38 +19468,12 @@ - - -

    are identified;

     - - - -

    for each specified cryptographic use (defined in SC-13_ODP[01]) are implemented.

    @@ -26933,6 +19527,7 @@

    exceptions where remote activation is to be allowed are defined;

    + @@ -26943,16 +19538,10 @@ -

    Prohibit remote activation of collaborative computing devices and applications with the following exceptions: ; and

     -

    Provide an explicit indication of use to users physically present at the devices.

     @@ -26970,37 +19559,11 @@ - - -

    remote activation of collaborative computing devices and applications is prohibited except ;

     - - - -

    an explicit indication of use is provided to users physically present at the devices.

    @@ -27042,6 +19605,7 @@     Secure Name/Address Resolution Service (Authoritative Source) + @@ -27059,16 +19623,10 @@ -

    Provide additional data origin authentication and integrity verification artifacts along with the authoritative name resolution data the system returns in response to external name/address resolution queries; and

     -

    Provide the means to indicate the security status of child zones and (if the child supports secure resolution services) to enable verification of a chain of trust among parent and child domains, when operating as part of a distributed, hierarchical namespace.

     @@ -27098,21 +19656,6 @@ - - - - @@ -27129,41 +19672,11 @@ - - - -

    the means to indicate the security status of child zones (and if the child supports secure resolution services) is provided when operating as part of a distributed, hierarchical namespace;

     - - - -

    the means to enable verification of a chain of trust among parent and child domains when operating as part of a distributed, hierarchical namespace is provided.

    @@ -27203,7 +19716,7 @@     Secure Name/Address Resolution Service (Recursive or Caching Resolver) - + @@ -27214,9 +19727,6 @@ -

    Request and perform data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources.

    SC-21 Additional FedRAMP Requirements and Guidance @@ -27252,21 +19762,6 @@

    Each client of name resolution services either performs this validation on its own or has authenticated channels to trusted validation providers. Systems that provide name and address resolution services for local clients include recursive resolving or caching domain name system (DNS) servers. DNS client resolvers either perform validation of DNSSEC signatures, or clients use authenticated channels to recursive resolvers that perform such validations. Systems that use technologies other than the DNS to map between host and service names and network addresses provide some other means to enable clients to verify the authenticity and integrity of response data.

     - - - - @@ -27322,6 +19817,7 @@     Architecture and Provisioning for Name/Address Resolution Service + @@ -27334,30 +19830,12 @@ -

    Ensure the systems that collectively provide name/address resolution service for an organization are fault-tolerant and implement internal and external role separation.

    Systems that provide name and address resolution services include domain name system (DNS) servers. To eliminate single points of failure in systems and enhance redundancy, organizations employ at least two authoritative domain name system servers—one configured as the primary server and the other configured as the secondary server. Additionally, organizations typically deploy the servers in two geographically separated network subnetworks (i.e., not located in the same physical facility). For role separation, DNS servers with internal roles only process name and address resolution requests from within organizations (i.e., from internal clients). DNS servers with external roles only process name and address resolution information requests from clients external to organizations (i.e., on external networks, including the Internet). Organizations specify clients that can access authoritative DNS servers in certain roles (e.g., by address ranges and explicit lists).

     - - - - @@ -27422,7 +19900,7 @@

    information at rest requiring protection is defined;

    - + @@ -27458,9 +19936,6 @@ -

    Protect the of the following information at rest: .

    SC-28 Additional FedRAMP Requirements and Guidance @@ -27482,21 +19957,6 @@

    Information at rest refers to the state of information when it is not in process or in transit and is located on system components. Such components include internal or external hard disk drives, storage area network devices, or databases. However, the focus of protecting information at rest is not on the type of storage device or frequency of access but rather on the state of the information. Information at rest addresses the confidentiality and integrity of information and covers user information and system information. System-related information that requires protection includes configurations or rule sets for firewalls, intrusion detection and prevention systems, filtering routers, and authentication information. Organizations may employ different mechanisms to achieve confidentiality and integrity protections, including the use of cryptographic mechanisms and file share scanning. Integrity protection can be achieved, for example, by implementing write-once-read-many (WORM) technologies. When adequate protection of information at rest cannot otherwise be achieved, organizations may employ other controls, including frequent scanning to identify malicious code at rest and secure offline storage in lieu of online storage.

     - - - -

    the of is/are protected.

    @@ -27550,6 +20010,7 @@

    system components or media requiring cryptographic protection is/are defined;

    + @@ -27561,9 +20022,6 @@ -

    Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of the following information at rest on : .

    SC-28 (1) Additional FedRAMP Requirements and Guidance @@ -27581,21 +20039,6 @@

    The selection of cryptographic mechanisms is based on the need to protect the confidentiality and integrity of organizational information. The strength of mechanism is commensurate with the security category or classification of the information. Organizations have the flexibility to encrypt information on system components or media or encrypt data structures, including files, records, or fields.

     - - - - @@ -27643,6 +20086,7 @@     Process Isolation + @@ -27662,30 +20106,12 @@ -

    Maintain a separate execution domain for each executing system process.

    Systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each system process has a distinct address space so that communication between processes is performed in a manner controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces. Process isolation technologies, including sandboxing or virtualization, logically separate software and firmware from other software, firmware, and data. Process isolation helps limit the access of potentially untrusted software to other system resources. The capability to maintain separate execution domains is available in commercial operating systems that employ multi-state processor technologies.

     - - - -

    a separate execution domain is maintained for each executing system process.

    @@ -27789,6 +20215,7 @@

    events that would require the system and information integrity procedures to be reviewed and updated are defined;

    + @@ -27807,13 +20234,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -27835,20 +20255,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the system and information integrity policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current system and information integrity:

    @@ -27869,57 +20279,21 @@ - - -

    a system and information integrity policy is developed and documented;

     - - -

    the system and information integrity policy is disseminated to ;

     - -

    system and information integrity procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls are developed and documented;

     - -

    the system and information integrity procedures are disseminated to ;

    @@ -27927,13 +20301,6 @@ - - @@ -27973,13 +20340,6 @@ - -

    the system and information integrity policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

    @@ -27989,17 +20349,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the system and information integrity policy and procedures;

    @@ -28007,17 +20356,6 @@ - - - @@ -28032,17 +20370,6 @@ - - - @@ -28093,6 +20420,7 @@

    time period within which to install security-relevant software updates after the release of the updates is defined;

    + @@ -28123,30 +20451,18 @@ -

    Identify, report, and correct system flaws;

     -

    Test software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation;

     -

    Install security-relevant software and firmware updates within of the release of the updates; and

     -

    Incorporate flaw remediation into the organizational configuration management process.

     @@ -28158,21 +20474,6 @@ - - - - @@ -28192,17 +20493,6 @@ - - - @@ -28227,17 +20517,6 @@ - - - @@ -28252,17 +20531,6 @@ - - -

    flaw remediation is incorporated into the organizational configuration management process.

    @@ -28373,7 +20641,7 @@

    personnel or roles to be alerted when malicious code is detected is/are defined;

    - + @@ -28407,23 +20675,14 @@ -

    Implement malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code;

     -

    Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management policy and procedures;

     -

    Configure malicious code protection mechanisms to:

    @@ -28437,9 +20696,6 @@     -

    Address the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the system.

     @@ -28452,17 +20708,6 @@ - - - @@ -28479,17 +20724,6 @@ - - -

    malicious code protection mechanisms are updated automatically as new releases are available in accordance with organizational configuration management policy and procedures;

    @@ -28499,33 +20733,11 @@ - - -

    malicious code protection mechanisms are configured to perform periodic scans of the system ;

     - - -

    malicious code protection mechanisms are configured to perform real-time scans of files from external sources at as the files are downloaded, opened, or executed in accordance with organizational policy;

    @@ -28535,33 +20747,11 @@ - - -

    malicious code protection mechanisms are configured to in response to malicious code detection;

     - - -

    malicious code protection mechanisms are configured to send alerts to in response to malicious code detection;

    @@ -28571,17 +20761,6 @@     - - -

    the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the system are addressed.

    @@ -28669,6 +20848,7 @@

    a frequency for providing system monitoring to personnel or roles is defined (if selected);

    + @@ -28729,9 +20909,6 @@ -

    Monitor the system to detect:

    @@ -28744,16 +20921,10 @@     -

    Identify unauthorized use of the system through the following techniques and methods: ;

     -

    Invoke internal monitoring capabilities or deploy monitoring devices:

    @@ -28766,30 +20937,18 @@     -

    Analyze detected events and anomalies;

     -

    Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation;

     -

    Obtain legal opinion regarding system monitoring activities; and

     -

    Provide to .

    @@ -28811,41 +20970,11 @@ - - - -

    the system is monitored to detect attacks and indicators of potential attacks in accordance with ;

     - - - - @@ -28867,17 +20996,6 @@ - - -

    unauthorized use of the system is identified through ;

    @@ -28885,41 +21003,11 @@ - - - -

    internal monitoring capabilities are invoked or monitoring devices are deployed strategically within the system to collect organization-determined essential information;

     - - - -

    internal monitoring capabilities are invoked or monitoring devices are deployed at ad hoc locations within the system to track specific types of transactions of interest to the organization;

    @@ -28927,17 +21015,6 @@     - - - @@ -28952,53 +21029,16 @@ - - -

    the level of system monitoring activity is adjusted when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation;

     - - -

    a legal opinion regarding system monitoring activities is obtained;

     - - - -

    is provided to @@ -29092,6 +21132,7 @@

    external organizations to whom security alerts, advisories, and directives are to be disseminated are defined (if selected);

    + @@ -29107,30 +21148,18 @@ -

    Receive system security alerts, advisories, and directives from on an ongoing basis;

     -

    Generate internal security alerts, advisories, and directives as deemed necessary;

     -

    Disseminate security alerts, advisories, and directives to: ; and

     -

    Implement security directives in accordance with established time frames, or notify the issuing organization of the degree of noncompliance.

     @@ -29146,73 +21175,21 @@ - - - -

    system security alerts, advisories, and directives are received from on an ongoing basis;

     - - -

    internal security alerts, advisories, and directives are generated as deemed necessary;

     - - - -

    security alerts, advisories, and directives are disseminated to ;

     - - -

    security directives are implemented in accordance with established time frames or if the issuing organization is notified of the degree of noncompliance.

    @@ -29254,6 +21231,7 @@     Information Management and Retention + @@ -29294,26 +21272,12 @@ -

    Manage and retain information within the system and information output from the system in accordance with applicable laws, executive orders, directives, regulations, policies, standards, guidelines and operational requirements.

    Information management and retention requirements cover the full life cycle of information, in some cases extending beyond system disposal. Information to be retained may also include policies, procedures, plans, reports, data output from control implementation, and other types of administrative information. The National Archives and Records Administration (NARA) provides federal policy and guidance on records retention and schedules. If organizations have a records management office, consider coordinating with records management personnel. Records produced from the output of implemented controls that may require management and retention include, but are not limited to: All XX-1, AC-6(9), AT-4, AU-12, CA-2, CA-3, CA-5, CA-6, CA-7, CA-8, CA-9, CM-2, CM-3, CM-4, CM-6, CM-8, CM-9, CM-12, CM-13, CP-2, IR-6, IR-8, MA-2, MA-4, PE-2, PE-8, PE-16, PE-17, PL-2, PL-4, PL-7, PL-8, PM-5, PM-8, PM-9, PM-18, PM-21, PM-27, PM-28, PM-30, PM-31, PS-2, PS-6, PS-7, PT-2, PT-3, PT-7, RA-2, RA-3, RA-5, RA-8, SA-4, SA-5, SA-8, SA-10, SI-4, SR-2, SR-4, SR-8.

     - - - @@ -29454,6 +21418,7 @@

    events that require the supply chain risk management procedures to be reviewed and updated are defined;

    + @@ -29478,13 +21443,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -29506,20 +21464,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the supply chain risk management policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current supply chain risk management:

    @@ -29540,57 +21488,21 @@ - - -

    a supply chain risk management policy is developed and documented;

     - - -

    the supply chain risk management policy is disseminated to ;

     - -

    supply chain risk management procedures to facilitate the implementation of the supply chain risk management policy and the associated supply chain risk management controls are developed and documented;

     - -

    the supply chain risk management procedures are disseminated to .

    @@ -29598,13 +21510,6 @@ - - @@ -29645,13 +21550,6 @@ - -

    the supply chain risk management policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

    @@ -29661,17 +21559,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the supply chain risk management policy and procedures;

    @@ -29679,17 +21566,6 @@ - - - @@ -29704,17 +21580,6 @@ - - - @@ -29773,6 +21638,7 @@

    the frequency at which to review and update the supply chain risk management plan is defined;

    + @@ -29808,23 +21674,14 @@ -

    Develop a plan for managing supply chain risks associated with the research and development, design, manufacturing, acquisition, delivery, integration, operations and maintenance, and disposal of the following systems, system components or system services: ;

     -

    Review and update the supply chain risk management plan or as required, to address threat, organizational or environmental changes; and

     -

    Protect the supply chain risk management plan from unauthorized disclosure and modification.

     @@ -29838,113 +21695,46 @@ - - -

    a plan for managing supply chain risks is developed;

     - -

    the supply chain risk management plan addresses risks associated with the research and development of ;

     - -

    the supply chain risk management plan addresses risks associated with the design of ;

     - -

    the supply chain risk management plan addresses risks associated with the manufacturing of ;

     - -

    the supply chain risk management plan addresses risks associated with the acquisition of ;

     - -

    the supply chain risk management plan addresses risks associated with the delivery of ;

     - -

    the supply chain risk management plan addresses risks associated with the integration of ;

     - -

    the supply chain risk management plan addresses risks associated with the operation and maintenance of ;

     - -

    the supply chain risk management plan addresses risks associated with the disposal of ;

    @@ -29952,33 +21742,11 @@     - - -

    the supply chain risk management plan is reviewed and updated or as required to address threat, organizational, or environmental changes;

     - - - @@ -30053,6 +21821,7 @@

    supply chain risk management activities are defined;

    + @@ -30064,26 +21833,12 @@ value="true"/> -

    Establish a supply chain risk management team consisting of to lead and support the following SCRM activities: .

    To implement supply chain risk management plans, organizations establish a coordinated, team-based approach to identify and assess supply chain risks and manage these risks by using programmatic and technical mitigation techniques. The team approach enables organizations to conduct an analysis of their supply chain, communicate with internal and external partners or stakeholders, and gain broad consensus regarding the appropriate resources for SCRM. The SCRM team consists of organizational personnel with diverse roles and responsibilities for leading and supporting SCRM activities, including risk executive, information technology, contracting, information security, privacy, mission or business, legal, supply chain and logistics, acquisition, business continuity, and other relevant functions. Members of the SCRM team are involved in various aspects of the SDLC and, collectively, have an awareness of and provide expertise in acquisition processes, legal practices, vulnerabilities, threats, and attack vectors, as well as an understanding of the technical aspects and dependencies of systems. The SCRM team can be an extension of the security and privacy risk management processes or be included as part of an organizational risk management team.

     - - -

    a supply chain risk management team consisting of is established to lead and support .

    @@ -30152,6 +21907,7 @@

    the document identifying the selected and implemented supply chain processes and controls is defined (if selected);

    + @@ -30196,23 +21952,14 @@ -

    Establish a process or processes to identify and address weaknesses or deficiencies in the supply chain elements and processes of in coordination with ;

     -

    Employ the following controls to protect against supply chain risks to the system, system component, or system service and to limit the harm or consequences from supply chain-related events: ; and

     -

    Document the selected and implemented supply chain processes and controls in .

     @@ -30232,33 +21979,11 @@ - - -

    a process or processes is/are established to identify and address weaknesses or deficiencies in the supply chain elements and processes of ;

     - - -

    the process or processes to identify and address weaknesses or deficiencies in the supply chain elements and processes of is/are coordinated with ;

    @@ -30266,34 +21991,12 @@     - - -

    are employed to protect against supply chain risks to the system, system component, or system service and to limit the harm or consequences from supply chain-related events;

     - - -

    the selected and implemented supply chain processes and controls are documented in .

    @@ -30347,6 +22050,7 @@

    acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks are defined;

    + @@ -30379,30 +22083,12 @@ -

    Employ the following acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks: .

    The use of the acquisition process provides an important vehicle to protect the supply chain. There are many useful tools and techniques available, including obscuring the end use of a system or system component, using blind or filtered buys, requiring tamper-evident packaging, or using trusted or controlled distribution. The results from a supply chain risk assessment can guide and inform the strategies, tools, and methods that are most applicable to the situation. Tools and techniques may provide protections against unauthorized production, theft, tampering, insertion of counterfeits, insertion of malicious software or backdoors, and poor development practices throughout the system development life cycle. Organizations also consider providing incentives for suppliers who implement controls, promote transparency into their processes and security and privacy practices, provide contract language that addresses the prohibition of tainted or counterfeit components, and restrict purchases from untrustworthy suppliers. Organizations consider providing training, education, and awareness programs for personnel regarding supply chain risk, available mitigation strategies, and when the programs should be employed. Methods for reviewing and protecting development plans, documentation, and evidence are commensurate with the security and privacy requirements of the organization. Contracts may specify documentation protection requirements.

     - - - - @@ -30484,6 +22170,7 @@

    information for which agreements and procedures are to be established are defined (if selected);

    + @@ -30504,9 +22191,6 @@ -

    Establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the .

    SR-8 Additional FedRAMP Requirements and Guidance @@ -30520,17 +22204,6 @@

    The establishment of agreements and procedures facilitates communications among supply chain entities. Early notification of compromises and potential compromises in the supply chain that can potentially adversely affect or have adversely affected organizational systems or system components is essential for organizations to effectively respond to such incidents. The results of assessments or audits may include open-source information that contributed to a decision or result and could be used to help the supply chain entity resolve a concern or improve its processes.

     - - -

    agreements and procedures are established with entities involved in the supply chain for the system, system components, or system service for .

    @@ -30597,6 +22270,7 @@

    indications of the need for an inspection of systems or system components are defined (if selected);

    + @@ -30617,26 +22291,12 @@ -

    Inspect the following systems or system components to detect tampering: .

    The inspection of systems or systems components for tamper resistance and detection addresses physical and logical tampering and is applied to systems and system components removed from organization-controlled areas. Indications of a need for inspection include changes in packaging, specifications, factory location, or entity in which the part is purchased, and when individuals return from travel to high-risk locations.

     - - -

    are inspected to detect tampering.

    @@ -30703,6 +22363,7 @@

    personnel or roles to whom counterfeit system components are to be reported is/are defined (if selected);

    + @@ -30720,16 +22381,10 @@ -

    Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and

     -

    Report counterfeit system components to .

     @@ -30749,65 +22404,21 @@ - - -

    an anti-counterfeit policy is developed and implemented;

     - - -

    anti-counterfeit procedures are developed and implemented;

     - - -

    the anti-counterfeit procedures include the means to detect counterfeit components entering the system;

     - - -

    the anti-counterfeit procedures include the means to prevent counterfeit components from entering the system;

    @@ -30815,17 +22426,6 @@     - - -

    counterfeit system components are reported to .

    @@ -30880,6 +22480,7 @@

    personnel or roles requiring training to detect counterfeit system components (including hardware, software, and firmware) is/are defined;

    + @@ -30892,26 +22493,12 @@ -

    Train to detect counterfeit system components (including hardware, software, and firmware).

    None.

     - - -

    are trained to detect counterfeit system components (including hardware, software, and firmware).

    @@ -30965,6 +22552,7 @@

    system components requiring configuration control are defined;

    + @@ -30980,26 +22568,12 @@ -

    Maintain configuration control over the following system components awaiting service or repair and serviced or repaired components awaiting return to service: .

    None.

     - - - @@ -31061,6 +22635,7 @@

    techniques and methods for disposing of data, documentation, tools, or system components are defined;

    + @@ -31072,26 +22647,12 @@ value="true"/> -

    Dispose of using the following techniques and methods: .

    Data, documentation, tools, or system components can be disposed of at any time during the system development life cycle (not only in the disposal or retirement phase of the life cycle). For example, disposal can occur during research and development, design, prototyping, or operations/maintenance and include methods such as disk cleaning, removal of cryptographic keys, partial reuse of components. Opportunities for compromise during disposal affect physical and logical data, including system documentation in paper-based or digital files; shipping and delivery documentation; memory sticks with software code; or complete routers or servers that include permanent media, which contain sensitive or proprietary information. Additionally, proper disposal of system components helps to prevent such components from entering the gray market.

     - - -

    are disposed of using .

    diff --git a/dist/content/rev5/baselines/xml/FedRAMP_rev5_LOW-baseline_profile.xml b/dist/content/rev5/baselines/xml/FedRAMP_rev5_LOW-baseline_profile.xml index dcde518af..4c029f3ea 100644 --- a/dist/content/rev5/baselines/xml/FedRAMP_rev5_LOW-baseline_profile.xml +++ b/dist/content/rev5/baselines/xml/FedRAMP_rev5_LOW-baseline_profile.xml @@ -1,11 +1,11 @@ - + FedRAMP Rev 5 Low Baseline 2023-08-31T00:00:00Z - 2024-01-11T23:40:17Z - 5.1.1+fedramp-20240111-0 + 2023-12-18T15:21:26Z + 5.1.1+20231218-1 1.1.1 Document creator @@ -1310,298 +1310,8 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + @@ -1613,22 +1323,6 @@     - - - - - - - - - - - - - - - - @@ -1652,45 +1346,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -1707,22 +1362,6 @@     - - - - - - - - - - - - - - - - @@ -1731,256 +1370,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -1996,114 +1385,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2116,33 +1397,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2163,114 +1417,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     @@ -2282,99 +1430,9 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2390,22 +1448,6 @@     - - - - - - - - - - - - - - - - @@ -2417,50 +1459,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2481,105 +1479,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2590,157 +1491,9 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2751,56 +1504,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2816,45 +1521,11 @@     -

    Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP's Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.

    +

    Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP’s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.

    During monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests.

         - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2866,24 +1537,6 @@     - - - - - - - - - - - - - - - - - - @@ -2896,114 +1549,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - @@ -3019,104 +1566,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3129,37 +1578,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3176,46 +1594,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3239,99 +1617,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     @@ -3346,7 +1633,7 @@ -

    "Phishing-resistant" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system.

    +

    "Phishing-resistant" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system.

     @@ -3354,24 +1641,6 @@     - - - - - - - - - - - - - - - - - - @@ -3391,16 +1660,6 @@     - - - - - - - - - - @@ -3420,16 +1679,6 @@     - - - - - - - - - - @@ -3442,69 +1691,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3520,86 +1708,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3611,7 +1719,7 @@     -

    For cases where technology doesn't allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.

    +

    For cases where technology doesn’t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.

    For emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used.

     @@ -3620,65 +1728,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3698,180 +1747,16 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IR-4 Additional FedRAMP Requirements and Guidance -

    The FISMA definition of "incident" shall be used: "An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies."

    +

    The FISMA definition of "incident" shall be used: "An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies."

     @@ -3879,61 +1764,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -     - - - - - - - - - @@ -3946,37 +1776,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3993,79 +1792,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4075,408 +1801,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4487,1781 +1811,112 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - PL-8 Additional FedRAMP Requirements and Guidance - -

    Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F.

    -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -     - - - - - PL-10 Additional FedRAMP Requirements and Guidance - - -

    Select the appropriate FedRAMP Baseline

    -     -     -     - - - - - - - -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - RA-3 Additional FedRAMP Requirements and Guidance - - -

    Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F.

    -     - - -

    Include all Authorizing Officials; for JAB authorizations to include FedRAMP.

    -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -     - - - - - - - - - - - - - - - - - - - - - - - - RA-5 Additional FedRAMP Requirements and Guidance - - -

    See the FedRAMP Documents page> Vulnerability Scanning Requirements https://www.FedRAMP.gov/documents/

    -     - - -

    an accredited independent assessor scans operating systems/infrastructure, web applications, and databases once annually.

    -     - - -

    If a vulnerability is listed among the CISA Known Exploited Vulnerability (KEV) Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) the KEV remediation date supersedes the FedRAMP parameter requirement.

    -     - - -

    to include all Authorizing Officials; for JAB authorizations to include FedRAMP

    -     - - -

    Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.

    -

    Warning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.

    -

    Warnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a "warning" as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on "Tracking of Compliance Scans" in FAQs.

    -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SA-4 Additional FedRAMP Requirements and Guidance - - -

    The service provider must comply with Federal Acquisition Regulation (FAR) Subpart 7.103, and Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year 2019 (Pub. L. 115-232), and FAR Subpart 4.21, which implements Section 889 (as well as any added updates related to FISMA to address security concerns in the system acquisitions process).

    -     - - -

    The use of Common Criteria (ISO/IEC 15408) evaluated products is strongly preferred.

    -

    See https://www.niap-ccevs.org/Product/index.cfm or https://www.commoncriteriaportal.org/products/.

    -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     + +

    Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F.

    +     +     - - - - - - - - - + + + + + PL-10 Additional FedRAMP Requirements and Guidance + + +

    Select the appropriate FedRAMP Baseline

    +     +     - - - - - - - - - + + + + + + + + + + + + RA-3 Additional FedRAMP Requirements and Guidance + + +

    Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F.

    +     + + +

    Include all Authorizing Officials; for JAB authorizations to include FedRAMP.

    +     +     - - - - - - - - - - - - + + + + + + RA-5 Additional FedRAMP Requirements and Guidance + + +

    See the FedRAMP Documents page> Vulnerability Scanning Requirements https://www.FedRAMP.gov/documents/

    +     + + +

    an accredited independent assessor scans operating systems/infrastructure, web applications, and databases once annually.

    +     + + +

    If a vulnerability is listed among the CISA Known Exploited Vulnerability (KEV) Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) the KEV remediation date supersedes the FedRAMP parameter requirement.

    +     + + +

    to include all Authorizing Officials; for JAB authorizations to include FedRAMP

    +     + + +

    Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.

    +

    Warning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.

    +

    Warnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a “warning” as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on “Tracking of Compliance Scans” in FAQs.

    +     +     - - +     + + + + + + + + SA-4 Additional FedRAMP Requirements and Guidance + + +

    The service provider must comply with Federal Acquisition Regulation (FAR) Subpart 7.103, and Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year 2019 (Pub. L. 115-232), and FAR Subpart 4.21, which implements Section 889 (as well as any added updates related to FISMA to address security concerns in the system acquisitions process).

    +     + + +

    The use of Common Criteria (ISO/IEC 15408) evaluated products is strongly preferred.

    +

    See https://www.niap-ccevs.org/Product/index.cfm or https://www.commoncriteriaportal.org/products/.

    +     +     + + + + @@ -6272,50 +1927,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -6333,7 +1944,7 @@
  • Replication between availability zones
  • Transmission of backups to storage
  • From a load balancer to a compute instance
    • -
  • Flows from management tools required for their work - e.g. log collection, scanning, etc.
    • +
  • Flows from management tools required for their work – e.g. log collection, scanning, etc.

    • The following applies only when choosing SC-8 (5) in lieu of SC-8 (1).

    @@ -6347,7 +1958,7 @@

    Hardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).

    -

    Controlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS's Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS' recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).

    +

    Controlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS’s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS’ recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).

    Note: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.

    @@ -6359,18 +1970,6 @@     - - - - - - - - - - - - @@ -6382,7 +1981,7 @@     -

    See M-22-09, including "Agencies encrypt all DNS requests and HTTP traffic within their environment"

    +

    See M-22-09, including "Agencies encrypt all DNS requests and HTTP traffic within their environment"

    SC-8 (1) applies when encryption has been selected as the method to protect confidentiality and integrity. Otherwise refer to SC-8 (5). SC-8 (1) is strongly encouraged.

     @@ -6395,15 +1994,6 @@     - - - - - - - - - @@ -6423,18 +2013,6 @@     - - - - - - - - - - - - @@ -6481,26 +2059,6 @@     - - - - - - - - - - - - - - - - - - - - @@ -6512,23 +2070,6 @@     - - - - - - - - - - - - - - - - - @@ -6552,30 +2093,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - @@ -6609,18 +2126,6 @@     - - - - - - - - - - - - @@ -6640,18 +2145,6 @@     - - - - - - - - - - - - @@ -6667,172 +2160,10 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -6844,77 +2175,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -6924,208 +2184,10 @@

    Service Providers must address the CISA Emergency and Binding Operational Directives applicable to their cloud service offering per FedRAMP guidance. This includes listing the applicable directives and stating compliance status.

     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -7137,48 +2199,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -7190,14 +2212,6 @@     - - - - - - - - @@ -7211,38 +2225,17 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + @@ -7257,9 +2250,9 @@ - NIST Special Publication (SP) 800-53 + NIST Special Publication (SP) 800-53 revision 5 - + diff --git a/dist/content/rev5/baselines/xml/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog.xml b/dist/content/rev5/baselines/xml/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog.xml index 4e9e7780d..9450fe88f 100644 --- a/dist/content/rev5/baselines/xml/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog.xml +++ b/dist/content/rev5/baselines/xml/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog.xml @@ -1,11 +1,11 @@ + uuid="1386400e-7824-43de-a156-0c0dceee1c04"> FedRAMP Rev 5 Moderate Baseline 2023-08-31T00:00:00Z - 2024-01-19T14:51:19.392491-05:00 - 5.1.1+fedramp-20240111-0 + 2024-02-06T11:19:16.235649-05:00 + 5.1.1+20231218-1 1.1.1 @@ -121,6 +121,7 @@

    events that would require procedures to be reviewed and updated are defined;

    + @@ -143,13 +144,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -171,20 +165,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the access control policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current access control:

    @@ -205,57 +189,21 @@ - - -

    an access control policy is developed and documented;

     - - -

    the access control policy is disseminated to ;

     - -

    access control procedures to facilitate the implementation of the access control policy and associated controls are developed and documented;

     - -

    the access control procedures are disseminated to ;

    @@ -263,13 +211,6 @@ - - @@ -309,13 +250,6 @@ - -

    the access control policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

    @@ -325,17 +259,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the access control policy and procedures;

    @@ -343,17 +266,6 @@ - - - @@ -368,17 +280,6 @@ - - - @@ -497,7 +398,7 @@

    the frequency of account review is defined;

    - + @@ -537,30 +438,18 @@ -

    Define and document the types of accounts allowed and specifically prohibited for use within the system;

     -

    Assign account managers;

     -

    Require for group and role membership;

     -

    Specify:

    @@ -577,30 +466,18 @@     -

    Require approvals by for requests to create accounts;

     -

    Create, enable, modify, disable, and remove accounts in accordance with ;

     -

    Monitor the use of accounts;

     -

    Notify account managers and within:

    @@ -620,9 +497,6 @@     -

    Authorize access to the system based on:

    @@ -640,23 +514,14 @@     -

    Review accounts for compliance with account management requirements ;

     -

    Establish and implement a process for changing shared or group account authenticators (if deployed) when individuals are removed from the group; and

     -

    Align account management processes with personnel termination and transfer processes.

     @@ -671,25 +536,11 @@ - -

    account types allowed for use within the system are defined and documented;

     - -

    account types specifically prohibited for use within the system are defined and documented;

    @@ -697,46 +548,17 @@     - - -

    account managers are assigned;

     - - -

    for group and role membership are required;

     - - @@ -766,33 +588,11 @@ - - -

    approvals are required by for requests to create accounts;

     - - - @@ -822,33 +622,11 @@ - - -

    the use of accounts is monitored;

    - - - @@ -870,49 +648,16 @@ - - -

    access to the system is authorized based on a valid access authorization;

     - - -

    access to the system is authorized based on intended system usage;

     - - -

    access to the system is authorized based on ;

    @@ -920,17 +665,6 @@     - - -

    accounts are reviewed for compliance with account management requirements ;

    @@ -938,33 +672,11 @@ - - -

    a process is established for changing shared or group account authenticators (if deployed) when individuals are removed from the group;

     - - -

    a process is implemented for changing shared or group account authenticators (if deployed) when individuals are removed from the group;

    @@ -972,17 +684,6 @@     - - - @@ -1046,7 +747,7 @@

    automated mechanisms used to support the management of system accounts are defined;

    - + @@ -1055,26 +756,12 @@ value="organization"/> -

    Support the management of system accounts using .

    Automated system account management includes using automated mechanisms to create, enable, modify, disable, and remove accounts; notify account managers when an account is created, enabled, modified, disabled, or removed, or when users are terminated or transferred; monitor system account usage; and report atypical system account usage. Automated mechanisms can include internal system functions and email, telephonic, and text messaging notifications.

     - - -

    the management of system accounts is supported using .

    @@ -1134,7 +821,7 @@

    the time period after which to automatically remove or disable temporary or emergency accounts is defined;

    - + @@ -1143,22 +830,12 @@ value="system"/> -

    Automatically temporary and emergency accounts after .

    Management of temporary and emergency accounts includes the removal or disabling of such accounts automatically after a predefined time period rather than at the convenience of the system administrator. Automatic removal or disabling of accounts provides a more consistent implementation.

     - -

    temporary and emergency accounts are automatically after .

    @@ -1220,7 +897,7 @@

    time period for account inactivity before disabling is defined;

    - + @@ -1231,30 +908,18 @@

    Disable accounts within when the accounts:

    -

    Have expired;

     -

    Are no longer associated with a user or individual;

     -

    Are in violation of organizational policy; or

     -

    Have been inactive for .

     @@ -1280,65 +945,21 @@ - - -

    accounts are disabled within when the accounts have expired;

     - - -

    accounts are disabled within when the accounts are no longer associated with a user or individual;

     - - -

    accounts are disabled within when the accounts are in violation of organizational policy;

     - - -

    accounts are disabled within when the accounts have been inactive for .

    @@ -1381,7 +1002,7 @@     Automated Audit Actions - + @@ -1392,26 +1013,12 @@ -

    Automatically audit account creation, modification, enabling, disabling, and removal actions.

     -

    Account management audit records are defined in accordance with AU-2 and reviewed, analyzed, and reported in accordance with AU-6.

    +

    Account management audit records are defined in accordance with AU-02 and reviewed, analyzed, and reported in accordance with AU-06.

     - - - @@ -1484,7 +1091,7 @@

    the time period of expected inactivity or description of when to log out is defined;

    - + @@ -1497,9 +1104,6 @@ -

    Require that users log out when .

    AC-2 (5) Additional FedRAMP Requirements and Guidance @@ -1513,17 +1117,6 @@

    Inactivity logout is behavior- or policy-based and requires users to take physical action to log out when they are expecting inactivity longer than the defined period. Automatic enforcement of inactivity logout is addressed by AC-11.

     - - -

    users are required to log out when .

    @@ -1561,7 +1154,7 @@ an attribute-based access scheme - + @@ -1571,30 +1164,18 @@ -

    Establish and administer privileged user accounts in accordance with ;

     -

    Monitor privileged role or attribute assignments;

     -

    Monitor changes to roles or attributes; and

     -

    Revoke access when privileged role or attribute assignments are no longer appropriate.

     @@ -1605,65 +1186,21 @@ - - -

    privileged user accounts are established and administered in accordance with ;

     - - -

    privileged role or attribute assignments are monitored;

     - - -

    changes to roles or attributes are monitored;

     - - -

    access is revoked when privileged role or attribute assignments are no longer appropriate.

    @@ -1718,7 +1255,7 @@

    conditions for establishing shared and group accounts are defined;

    - + @@ -1727,9 +1264,6 @@ value="organization"/> -

    Only permit the use of shared and group accounts that meet .

    AC-2 (9) Additional FedRAMP Requirements and Guidance @@ -1743,17 +1277,6 @@

    Before permitting the use of shared or group accounts, organizations consider the increased risk due to the lack of accountability with such accounts.

     - - -

    the use of shared and group accounts is only permitted if are met.

    @@ -1808,7 +1331,7 @@

    personnel or roles to report atypical usage is/are defined;

    - + @@ -1826,16 +1349,10 @@ -

    Monitor system accounts for ; and

     -

    Report atypical usage of system accounts to .

     @@ -1857,33 +1374,11 @@ - - -

    system accounts are monitored for ;

    - - -

    atypical usage of system accounts is reported to .

    @@ -1943,7 +1438,7 @@

    significant risks leading to disabling accounts are defined;

    - + @@ -1954,26 +1449,12 @@ -

    Disable accounts of individuals within of discovery of .

    Users who pose a significant security and/or privacy risk include individuals for whom reliable evidence indicates either the intention to use authorized access to systems to cause harm or through whom adversaries will cause harm. Such harm includes adverse impacts to organizational operations, organizational assets, individuals, other organizations, or the Nation. Close coordination among system administrators, legal staff, human resource managers, and authorizing officials is essential when disabling system accounts for high-risk individuals.

     - - -

    accounts of individuals are disabled within of discovery of .

    @@ -2013,7 +1494,7 @@     Access Enforcement - + @@ -2073,26 +1554,12 @@ -

    Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

    Access control policies control access between active entities or subjects (i.e., users or processes acting on behalf of users) and passive entities or objects (i.e., devices, files, records, domains) in organizational systems. In addition to enforcing authorized access at the system level and recognizing that systems can host many applications and services in support of mission and business functions, access enforcement mechanisms can also be employed at the application and service level to provide increased information security and privacy. In contrast to logical access controls that are implemented within the system, physical access controls are addressed by the controls in the Physical and Environmental Protection ( PE ) family.

     - - -

    approved authorizations for logical access to information and system resources are enforced in accordance with applicable access control policies.

    @@ -2138,6 +1605,7 @@

    information flow control policies within the system and between connected systems are defined;

    + @@ -2166,9 +1634,6 @@ -

    Enforce approved authorizations for controlling the flow of information within the system and between connected systems based on .

     @@ -2176,17 +1641,6 @@

    Organizations commonly employ information flow control policies and enforcement mechanisms to control the flow of information between designated sources and destinations within systems and between connected systems. Flow control is based on the characteristics of the information and/or the information path. Enforcement occurs, for example, in boundary protection devices that employ rule sets or establish configuration settings that restrict system services, provide a packet-filtering capability based on header information, or provide a message-filtering capability based on message content. Organizations also consider the trustworthiness of filtering and/or inspection mechanisms (i.e., hardware, firmware, and software components) that are critical to information flow enforcement. Control enhancements 3 through 32 primarily address cross-domain solution needs that focus on more advanced filtering techniques, in-depth analysis, and stronger flow enforcement mechanisms implemented in cross-domain products, such as high-assurance guards. Such capabilities are generally not available in commercial off-the-shelf products. Information flow enforcement also applies to control plane traffic (e.g., routing and DNS).

     - - -

    approved authorizations are enforced for controlling the flow of information within the system and between connected systems based on .

    @@ -2250,6 +1704,7 @@

    required separations by types of information are defined;

    + @@ -2262,26 +1717,12 @@ -

    Separate information flows logically or physically using to accomplish .

    Enforcing the separation of information flows associated with defined types of data can enhance protection by ensuring that information is not commingled while in transit and by enabling flow control by transmission paths that are not otherwise achievable. Types of separable information include inbound and outbound communications traffic, service requests and responses, and information of differing security impact or classification levels.

     - - - @@ -2338,6 +1779,7 @@

    duties of individuals requiring separation are defined;

    + @@ -2362,16 +1804,10 @@ -

    Identify and document ; and

     -

    Define system access authorizations to support separation of duties.

     @@ -2389,26 +1825,12 @@ - -

    are identified and documented;

     - -

    system access authorizations to support separation of duties are defined.

    @@ -2448,7 +1870,7 @@     Least Privilege - + @@ -2468,26 +1890,12 @@ -

    Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks.

    Organizations employ least privilege for specific duties and systems. The principle of least privilege is also applied to system processes, ensuring that the processes have access to systems and operate at privilege levels no higher than necessary to accomplish organizational missions or business functions. Organizations consider the creation of additional processes, roles, and accounts as necessary to achieve least privilege. Organizations apply least privilege to the development, implementation, and operation of organizational systems.

     - - -

    the principle of least privilege is employed, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks.

    @@ -2556,6 +1964,7 @@

    security-relevant information for authorized access is defined;

    + @@ -2571,17 +1980,11 @@

    Authorize access for to:

    -

    ; and

     -

    .

    @@ -2593,17 +1996,6 @@ - - - @@ -2623,17 +2015,6 @@ - - -

    access is authorized for to .

    @@ -2683,7 +2064,7 @@

    security functions or security-relevant information, the access to which requires users to use non-privileged accounts to access non-security functions, are defined;

    - + @@ -2696,9 +2077,6 @@ -

    Require that users of system accounts (or roles) with access to use non-privileged accounts or roles, when accessing nonsecurity functions.

    AC-6 (2) Additional FedRAMP Requirements and Guidance @@ -2712,17 +2090,6 @@

    Requiring the use of non-privileged accounts when accessing nonsecurity functions limits exposure when operating from within privileged accounts or roles. The inclusion of roles addresses situations where organizations implement access control policies, such as role-based access control, and where a change of role provides the same degree of assurance in the change of access authorizations for the user and the processes acting on behalf of the user as would be provided by a change between a privileged and non-privileged account.

     - - -

    users of system accounts (or roles) with access to are required to use non-privileged accounts or roles when accessing non-security functions.

    @@ -2765,7 +2132,7 @@

    personnel or roles to which privileged accounts on the system are to be restricted is/are defined;

    - + @@ -2777,26 +2144,12 @@ -

    Restrict privileged accounts on the system to .

    Privileged accounts, including super user accounts, are typically described as system administrator for various types of commercial off-the-shelf operating systems. Restricting privileged accounts to specific personnel or roles prevents day-to-day users from accessing privileged information or privileged functions. Organizations may differentiate in the application of restricting privileged accounts between allowed privileges for local accounts and for domain accounts provided that they retain the ability to control system configurations for key parameters and as otherwise necessary to sufficiently mitigate risk.

     - - -

    privileged accounts on the system are restricted to .

    @@ -2856,6 +2209,7 @@

    roles or classes of users to which privileges are assigned are defined;

    + @@ -2866,16 +2220,10 @@ -

    Review the privileges assigned to to validate the need for such privileges; and

     -

    Reassign or remove privileges, if necessary, to correctly reflect organizational mission and business needs.

     @@ -2886,33 +2234,11 @@ - - -

    privileges assigned to are reviewed to validate the need for such privileges;

     - - -

    privileges are reassigned or removed, if necessary, to correctly reflect organizational mission and business needs.

    @@ -2954,6 +2280,7 @@     Log Use of Privileged Functions + @@ -2965,26 +2292,12 @@ -

    Log the execution of privileged functions.

    The misuse of privileged functions, either intentionally or unintentionally by authorized users or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Logging and analyzing the use of privileged functions is one way to detect such misuse and, in doing so, help mitigate the risk from insider threats and the advanced persistent threat.

     - - -

    the execution of privileged functions is logged.

    @@ -3024,7 +2337,7 @@     Prohibit Non-privileged Users from Executing Privileged Functions - + @@ -3033,26 +2346,12 @@ value="system"/> -

    Prevent non-privileged users from executing privileged functions.

    Privileged functions include disabling, circumventing, or altering implemented security or privacy controls, establishing system accounts, performing system integrity checks, and administering cryptographic key management activities. Non-privileged users are individuals who do not possess appropriate authorizations. Privileged functions that require protection from non-privileged users include circumventing intrusion detection and prevention mechanisms or malicious code protection mechanisms. Preventing non-privileged users from executing privileged functions is enforced by AC-3.

     - - -

    non-privileged users are prevented from executing privileged functions.

    @@ -3133,6 +2432,7 @@

    other action to be taken when the maximum number of unsuccessful attempts is exceeded is defined (if selected);

    + @@ -3148,16 +2448,10 @@ -

    Enforce a limit of consecutive invalid logon attempts by a user during a ; and

     -

    Automatically when the maximum number of unsuccessful attempts is exceeded.

     @@ -3175,33 +2469,11 @@ - - -

    a limit of consecutive invalid logon attempts by a user during is enforced;

     - - -

    automatically when the maximum number of unsuccessful attempts is exceeded.

    @@ -3262,6 +2534,7 @@

    conditions for system use to be displayed by the system before granting further access are defined;

    + @@ -3276,9 +2549,6 @@ -

    Display to users before granting access to the system that provides privacy and security notices consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines and state that:

    @@ -3299,16 +2569,10 @@     -

    Retain the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the system; and

     -

    For publicly accessible systems:

    @@ -3350,64 +2614,25 @@ - - -

    is displayed to users before granting access to the system that provides privacy and security notices consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

    - -

    the system use notification states that users are accessing a U.S. Government system;

     - -

    the system use notification states that system usage may be monitored, recorded, and subject to audit;

     - -

    the system use notification states that unauthorized use of the system is prohibited and subject to criminal and civil penalties; and

     - -

    the system use notification states that use of the system indicates consent to monitoring and recording;

    @@ -3415,29 +2640,11 @@     - - -

    the notification message or banner is retained on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the system;

     - - @@ -3514,6 +2721,7 @@

    time period of inactivity after which a device lock is initiated is defined (if selected);

    + @@ -3526,16 +2734,10 @@ -

    Prevent further access to the system by ; and

     -

    Retain the device lock until the user reestablishes access using established identification and authentication procedures.

     @@ -3546,33 +2748,11 @@ - - -

    further access to the system is prevented by ;

     - - -

    device lock is retained until the user re-establishes access using established identification and authentication procedures.

    @@ -3611,6 +2791,7 @@     Pattern-hiding Displays + @@ -3619,26 +2800,12 @@ value="system"/> -

    Conceal, via the device lock, information previously visible on the display with a publicly viewable image.

    The pattern-hiding display can include static or dynamic images, such as patterns used with screen savers, photographic images, solid colors, clock, battery life indicator, or a blank screen with the caveat that controlled unclassified information is not displayed.

     - - -

    information previously visible on the display is concealed, via device lock, with a publicly viewable image.

    @@ -3682,6 +2849,7 @@

    conditions or trigger events requiring session disconnect are defined;

    + @@ -3692,26 +2860,12 @@ -

    Automatically terminate a user session after .

    Session termination addresses the termination of user-initiated logical sessions (in contrast to SC-10 , which addresses the termination of network connections associated with communications sessions (i.e., network disconnect)). A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user) accesses an organizational system. Such user sessions can be terminated without terminating network sessions. Session termination ends all processes associated with a user’s logical session except for those processes that are specifically created by the user (i.e., session owner) to continue after the session is terminated. Conditions or trigger events that require automatic termination of the session include organization-defined periods of user inactivity, targeted responses to certain types of incidents, or time-of-day restrictions on system use.

     - - -

    a user session is automatically terminated after .

    @@ -3755,6 +2909,7 @@

    user actions that can be performed on the system without identification or authentication are defined;

    + @@ -3766,16 +2921,10 @@ -

    Identify that can be performed on the system without identification or authentication consistent with organizational mission and business functions; and

     -

    Document and provide supporting rationale in the security plan for the system, user actions not requiring identification or authentication.

     @@ -3787,30 +2936,12 @@ - - -

    that can be performed on the system without identification or authentication consistent with organizational mission and business functions are identified;

     - - @@ -3851,6 +2982,7 @@     Remote Access + @@ -3884,16 +3016,10 @@ -

    Establish and document usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; and

     -

    Authorize each type of remote access to the system prior to allowing such connections.

     @@ -3904,17 +3030,6 @@ - - - @@ -3934,17 +3049,6 @@ - - -

    each type of remote access to the system is authorized prior to allowing such connections.

    @@ -3983,6 +3087,7 @@     Monitoring and Control + @@ -3998,26 +3103,12 @@ -

    Employ automated mechanisms to monitor and control remote access methods.

    Monitoring and control of remote access methods allows organizations to detect attacks and help ensure compliance with remote access policies by auditing the connection activities of remote users on a variety of system components, including servers, notebook computers, workstations, smart phones, and tablets. Audit logging for remote access is enforced by AU-2 . Audit events are defined in AU-2a.

     - - - @@ -4064,7 +3155,7 @@     Protection of Confidentiality and Integrity Using Encryption - + @@ -4076,26 +3167,12 @@ -

    Implement cryptographic mechanisms to protect the confidentiality and integrity of remote access sessions.

    Virtual private networks can be used to protect the confidentiality and integrity of remote access sessions. Transport Layer Security (TLS) is an example of a cryptographic protocol that provides end-to-end communications security over networks and is used for Internet communications and online transactions.

     - - -

    cryptographic mechanisms are implemented to protect the confidentiality and integrity of remote access sessions.

    @@ -4133,6 +3210,7 @@     Managed Access Control Points + @@ -4142,26 +3220,12 @@ -

    Route remote accesses through authorized and managed network access control points.

    Organizations consider the Trusted Internet Connections (TIC) initiative DHS TIC requirements for external network connections since limiting the number of access control points for remote access reduces attack surfaces.

     - - -

    remote accesses are routed through authorized and managed network access control points.

    @@ -4213,6 +3277,7 @@

    needs requiring access to security-relevant information via remote access are defined;

    + @@ -4225,16 +3290,10 @@ -

    Authorize the execution of privileged commands and access to security-relevant information via remote access only in a format that provides assessable evidence and for the following needs: ; and

     -

    Document the rationale for remote access in the security plan for the system.

     @@ -4247,65 +3306,21 @@ - - -

    the execution of privileged commands via remote access is authorized only in a format that provides assessable evidence;

     - - -

    access to security-relevant information via remote access is authorized only in a format that provides assessable evidence;

     - - -

    the execution of privileged commands via remote access is authorized only for the following needs: ;

     - - -

    access to security-relevant information via remote access is authorized only for the following needs: ;

    @@ -4313,13 +3328,6 @@     - -

    the rationale for remote access is documented in the security plan for the system.

    @@ -4358,6 +3366,7 @@     Wireless Access + @@ -4381,16 +3390,10 @@ -

    Establish configuration requirements, connection requirements, and implementation guidance for each type of wireless access; and

     -

    Authorize each type of wireless access to the system prior to allowing such connections.

     @@ -4401,17 +3404,6 @@ - - - @@ -4431,17 +3423,6 @@ - - -

    each type of wireless access to the system is authorized prior to allowing such connections.

    @@ -4486,6 +3467,7 @@ devices + @@ -4497,9 +3479,6 @@ -

    Protect wireless access to the system using authentication of and encryption.

     @@ -4508,33 +3487,11 @@ - - -

    wireless access to the system is protected using authentication of ;

     - - -

    wireless access to the system is protected using encryption.

    @@ -4573,6 +3530,7 @@     Disable Wireless Networking + @@ -4584,26 +3542,12 @@ value="system"/> -

    Disable, when not intended for use, wireless networking capabilities embedded within system components prior to issuance and deployment.

    Wireless networking capabilities that are embedded within system components represent a significant potential vulnerability that can be exploited by adversaries. Disabling wireless capabilities when not needed for essential organizational missions or functions can reduce susceptibility to threats by adversaries involving wireless technologies.

     - - -

    when not intended for use, wireless networking capabilities embedded within system components are disabled prior to issuance and deployment.

    @@ -4640,6 +3584,7 @@     Access Control for Mobile Devices + @@ -4672,16 +3617,10 @@ -

    Establish configuration requirements, connection requirements, and implementation guidance for organization-controlled mobile devices, to include when such devices are outside of controlled areas; and

     -

    Authorize the connection of mobile devices to organizational systems.

     @@ -4694,17 +3633,6 @@ - - - @@ -4724,17 +3652,6 @@ - - -

    the connection of mobile devices to organizational systems is authorized.

    @@ -4787,6 +3704,7 @@

    mobile devices on which to employ encryption are defined;

    + @@ -4798,26 +3716,12 @@ -

    Employ to protect the confidentiality and integrity of information on .

    Container-based encryption provides a more fine-grained approach to data and information encryption on mobile devices, including encrypting selected data structures such as files, records, or fields.

     - - -

    is employed to protect the confidentiality and integrity of information on .

    @@ -4883,6 +3787,7 @@

    types of external systems prohibited from use are defined;

    + @@ -4903,9 +3808,6 @@ -

    , consistent with the trust relationships established with other organizations owning, operating, and/or maintaining external systems, allowing authorized individuals to:

    @@ -4919,9 +3821,6 @@     -

    Prohibit the use of .

     @@ -4944,17 +3843,6 @@ - - - @@ -4971,17 +3859,6 @@ - - -

    the use of is prohibited (if applicable).

    @@ -5020,6 +3897,7 @@     Limits on Authorized Use + @@ -5031,16 +3909,10 @@

    Permit authorized individuals to use an external system to access the system or to process, store, or transmit organization-controlled information only after:

    -

    Verification of the implementation of controls on the external system as specified in the organization’s security and privacy policies and security and privacy plans; or

     -

    Retention of approved system connection or processing agreements with the organizational entity hosting the external system.

     @@ -5051,33 +3923,11 @@ - - -

    authorized individuals are permitted to use an external system to access the system or to process, store, or transmit organization-controlled information only after verification of the implementation of controls on the external system as specified in the organization’s security and privacy policies and security and privacy plans (if applicable);

     - - -

    authorized individuals are permitted to use an external system to access the system or to process, store, or transmit organization-controlled information only after retention of approved system connection or processing agreements with the organizational entity hosting the external system (if applicable).

    @@ -5120,6 +3970,7 @@

    restrictions on the use of organization-controlled portable storage devices by authorized individuals on external systems are defined;

    + @@ -5130,26 +3981,12 @@ -

    Restrict the use of organization-controlled portable storage devices by authorized individuals on external systems using .

    Limits on the use of organization-controlled portable storage devices in external systems include restrictions on how the devices may be used and under what conditions the devices may be used.

     - - -

    the use of organization-controlled portable storage devices by authorized individuals is restricted on external systems using .

    @@ -5199,6 +4036,7 @@

    automated mechanisms or manual processes that assist users in making information-sharing and collaboration decisions are defined;

    + @@ -5217,16 +4055,10 @@ -

    Enable authorized users to determine whether access authorizations assigned to a sharing partner match the information’s access and use restrictions for ; and

     -

    Employ to assist users in making information sharing and collaboration decisions.

     @@ -5237,33 +4069,11 @@ - - -

    authorized users are enabled to determine whether access authorizations assigned to a sharing partner match the information’s access and use restrictions for ;

     - - -

    are employed to assist users in making information-sharing and collaboration decisions.

    @@ -5321,6 +4131,7 @@

    the frequency at which to review the content on the publicly accessible system for non-public information is defined;

    + @@ -5334,30 +4145,18 @@ -

    Designate individuals authorized to make information publicly accessible;

     -

    Train authorized individuals to ensure that publicly accessible information does not contain nonpublic information;

     -

    Review the proposed content of information prior to posting onto the publicly accessible system to ensure that nonpublic information is not included; and

     -

    Review the content on the publicly accessible system for nonpublic information and remove such information, if discovered.

     @@ -5368,65 +4167,21 @@ - - -

    designated individuals are authorized to make information publicly accessible;

     - - -

    authorized individuals are trained to ensure that publicly accessible information does not contain non-public information;

     - - -

    the proposed content of information is reviewed prior to posting onto the publicly accessible system to ensure that non-public information is not included;

     - - - @@ -5546,6 +4301,7 @@

    events that would require procedures to be reviewed and updated are defined;

    + @@ -5566,13 +4322,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -5594,20 +4343,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the awareness and training policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current awareness and training:

    @@ -5628,57 +4367,21 @@ - - -

    an awareness and training policy is developed and documented;

    - - -

    the awareness and training policy is disseminated to ;

     - -

    awareness and training procedures to facilitate the implementation of the awareness and training policy and associated access controls are developed and documented;

     - -

    the awareness and training procedures are disseminated to .

    @@ -5686,13 +4389,6 @@ - - @@ -5732,13 +4428,6 @@ - -

    the awareness and training policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines; and

    @@ -5748,17 +4437,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the awareness and training policy and procedures;

    @@ -5766,17 +4444,6 @@ - - - @@ -5791,17 +4458,6 @@ - - - @@ -5898,6 +4554,7 @@

    events that would require literacy training and awareness content to be updated are defined;

    + @@ -5931,9 +4588,6 @@ -

    Provide security and privacy literacy training to system users (including managers, senior executives, and contractors):

    @@ -5946,23 +4600,14 @@     -

    Employ the following techniques to increase the security and privacy awareness of system users ;

     -

    Update literacy training and awareness content and following ; and

     -

    Incorporate lessons learned from internal or external security incidents or breaches into literacy training and awareness techniques.

     @@ -5978,65 +4623,21 @@ - - -

    security literacy training is provided to system users (including managers, senior executives, and contractors) as part of initial training for new users;

     - - -

    privacy literacy training is provided to system users (including managers, senior executives, and contractors) as part of initial training for new users;

     - - -

    security literacy training is provided to system users (including managers, senior executives, and contractors) thereafter;

     - - -

    privacy literacy training is provided to system users (including managers, senior executives, and contractors) thereafter;

    @@ -6044,17 +4645,6 @@     - - - @@ -6071,30 +4661,12 @@ - -

    are employed to increase the security and privacy awareness of system users;

     - - - @@ -6109,17 +4681,6 @@ - - -

    lessons learned from internal or external security incidents or breaches are incorporated into literacy training and awareness techniques.

    @@ -6159,6 +4720,7 @@     Insider Threat + @@ -6171,26 +4733,12 @@ -

    Provide literacy training on recognizing and reporting potential indicators of insider threat.

    Potential indicators and possible precursors of insider threat can include behaviors such as inordinate, long-term job dissatisfaction; attempts to gain access to information not required for job performance; unexplained access to financial resources; bullying or harassment of fellow employees; workplace violence; and other serious violations of policies, procedures, directives, regulations, rules, or practices. Literacy training includes how to communicate the concerns of employees and management regarding potential indicators of insider threat through channels established by the organization and in accordance with established policies and procedures. Organizations may consider tailoring insider threat awareness topics to the role. For example, training for managers may be focused on changes in the behavior of team members, while training for employees may be focused on more general observations.

     - - - @@ -6229,6 +4777,7 @@     Social Engineering and Mining + @@ -6240,26 +4789,12 @@ value="true"/> -

    Provide literacy training on recognizing and reporting potential and actual instances of social engineering and social mining.

    Social engineering is an attempt to trick an individual into revealing information or taking an action that can be used to breach, compromise, or otherwise adversely impact a system. Social engineering includes phishing, pretexting, impersonation, baiting, quid pro quo, thread-jacking, social media exploitation, and tailgating. Social mining is an attempt to gather information about the organization that may be used to support future attacks. Literacy training includes information on how to communicate the concerns of employees and management regarding potential and actual instances of social engineering and data mining through organizational channels based on established policies and procedures.

     - - - @@ -6352,6 +4887,7 @@

    events that require role-based training content to be updated are defined;

    + @@ -6388,9 +4924,6 @@ -

    Provide role-based security and privacy training to personnel with the following roles and responsibilities: :

    @@ -6403,16 +4936,10 @@     -

    Update role-based training content and following ; and

     -

    Incorporate lessons learned from internal or external security incidents or breaches into role-based training.

     @@ -6426,17 +4953,6 @@ - - - @@ -6463,17 +4979,6 @@ - - - @@ -6490,13 +4995,6 @@ - - @@ -6511,17 +5009,6 @@ - - -

    lessons learned from internal or external security incidents or breaches are incorporated into role-based training.

    @@ -6572,6 +5059,7 @@

    time period for retaining individual training records is defined;

    + @@ -6590,16 +5078,10 @@ -

    Document and monitor information security and privacy training activities, including security and privacy awareness training and specific role-based security and privacy training; and

     -

    Retain individual training records for .

     @@ -6610,17 +5092,6 @@ - - - @@ -6635,13 +5106,6 @@ - -

    individual training records are retained for .

    @@ -6747,6 +5211,7 @@

    events that would require audit and accountability procedures to be reviewed and updated are defined;

    + @@ -6765,13 +5230,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -6793,20 +5251,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the audit and accountability policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current audit and accountability:

    @@ -6827,57 +5275,21 @@ - - -

    an audit and accountability policy is developed and documented;

     - - -

    the audit and accountability policy is disseminated to ;

     - -

    audit and accountability procedures to facilitate the implementation of the audit and accountability policy and associated audit and accountability controls are developed and documented;

     - -

    the audit and accountability procedures are disseminated to ;

    @@ -6885,13 +5297,6 @@ - - @@ -6931,13 +5336,6 @@ - -

    the of the audit and accountability policy is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines;

    @@ -6947,17 +5345,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the audit and accountability policy and procedures;

    @@ -6965,17 +5352,6 @@ - - - @@ -6990,17 +5366,6 @@ - - - @@ -7081,7 +5446,7 @@

    the frequency of event types selected for logging are reviewed and updated;

    - + @@ -7126,37 +5491,22 @@ -

    Identify the types of events that the system is capable of logging in support of the audit function: ;

     -

    Coordinate the event logging function with other organizational entities requiring audit-related information to guide and inform the selection criteria for events to be logged;

     -

    Specify the following event types for logging within the system: ;

     -

    Provide a rationale for why the event types selected for logging are deemed to be adequate to support after-the-fact investigations of incidents; and

     -

    Review and update the event types selected for logging .

     @@ -7180,34 +5530,12 @@ - - -

    that the system is capable of logging are identified in support of the audit logging function;

     - - -

    the event logging function is coordinated with other organizational entities requiring audit-related information to guide and inform the selection criteria for events to be logged;

    @@ -7215,30 +5543,12 @@ - - -

    are specified for logging within the system;

     - -

    the specified event types are logged within the system ;

    @@ -7246,29 +5556,11 @@     - - -

    a rationale is provided for why the event types selected for logging are deemed to be adequate to support after-the-fact investigations of incidents;

     - -

    the event types selected for logging are reviewed and updated .

    @@ -7309,7 +5601,7 @@     Content of Audit Records - + @@ -7330,44 +5622,26 @@

    Ensure that audit records contain information that establishes the following:

    -

    What type of event occurred;

     -

    When the event occurred;

     -

    Where the event occurred;

     -

    Source of the event;

     -

    Outcome of the event; and

     -

    Identity of any individuals, subjects, or objects/entities associated with the event.

     @@ -7376,17 +5650,6 @@

    Audit record content that may be necessary to support the auditing function includes event descriptions (item a), time stamps (item b), source and destination addresses (item c), user or process identifiers (items d and f), success or fail indications (item e), and filenames involved (items a, c, e, and f) . Event outcomes include indicators of event success or failure and event-specific results, such as the system security and privacy posture after the event occurred. Organizations consider how audit records can reveal information about individuals that may give rise to privacy risks and how best to mitigate such risks. For example, there is the potential to reveal personally identifiable information in the audit trail, especially if the trail records inputs or is based on patterns or time of usage.

     - - - @@ -7465,7 +5728,7 @@

    additional information to be included in audit records is defined;

    - + @@ -7474,9 +5737,6 @@ value="system"/> -

    Generate audit records containing the following additional information: .

    AU-3 (1) Additional FedRAMP Requirements and Guidance @@ -7490,17 +5750,6 @@

    The ability to add information generated in audit records is dependent on system functionality to configure the audit record content. Organizations may consider additional information in audit records including, but not limited to, access control or flow control rules invoked and individual identities of group account users. Organizations may also consider limiting additional audit record information to only information that is explicitly needed for audit requirements. This facilitates the use of audit trails and audit logs by not including information in audit records that could potentially be misleading, make it more difficult to locate information of interest, or increase the risk to individuals' privacy.

     - - -

    generated audit records contain the following .

    @@ -7547,7 +5796,7 @@

    audit log retention requirements are defined;

    - + @@ -7567,26 +5816,12 @@ -

    Allocate audit log storage capacity to accommodate .

    Organizations consider the types of audit logging to be performed and the audit log processing requirements when allocating audit log storage capacity. Allocating sufficient audit log storage capacity reduces the likelihood of such capacity being exceeded and resulting in the potential loss or reduction of audit logging capability.

     - - -

    audit log storage capacity is allocated to accommodate .

    @@ -7650,7 +5885,7 @@

    additional actions to be taken in the event of an audit logging process failure are defined;

    - + @@ -7668,16 +5903,10 @@ -

    Alert within in the event of an audit logging process failure; and

     -

    Take the following additional actions: .

     @@ -7688,34 +5917,12 @@ - - -

    are alerted in the event of an audit logging process failure within ;

     - - -

    are taken in the event of an audit logging process failure.

    @@ -7781,7 +5988,7 @@

    personnel or roles to receive findings from reviews and analyses of system records is/are defined;

    - + @@ -7825,23 +6032,14 @@ -

    Review and analyze system audit records for indications of and the potential impact of the inappropriate or unusual activity;

     -

    Report findings to ; and

     -

    Adjust the level of audit record review, analysis, and reporting within the system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.

     @@ -7859,49 +6057,16 @@ - - -

    system audit records are reviewed and analyzed for indications of and the potential impact of the inappropriate or unusual activity;

     - - -

    findings are reported to ;

     - - -

    the level of audit record review, analysis, and reporting within the system is adjusted when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.

    @@ -7937,7 +6102,7 @@

    automated mechanisms used for integrating audit record review, analysis, and reporting processes are defined;

    - + @@ -7950,26 +6115,12 @@ -

    Integrate audit record review, analysis, and reporting processes using .

    Organizational processes that benefit from integrated audit record review, analysis, and reporting include incident response, continuous monitoring, contingency planning, investigation and response to suspicious activities, and Inspector General audits.

     - - -

    audit record review, analysis, and reporting processes are integrated using .

    @@ -8007,7 +6158,7 @@     Correlate Audit Record Repositories - + @@ -8021,26 +6172,12 @@ -

    Analyze and correlate audit records across different repositories to gain organization-wide situational awareness.

    Organization-wide situational awareness includes awareness across all three levels of risk management (i.e., organizational level, mission/business process level, and information system level) and supports cross-organization awareness.

     - - -

    audit records across different repositories are analyzed and correlated to gain organization-wide situational awareness.

    @@ -8078,6 +6215,7 @@     Audit Record Reduction and Report Generation + @@ -8103,16 +6241,10 @@

    Provide and implement an audit record reduction and report generation capability that:

    -

    Supports on-demand audit record review, analysis, and reporting requirements and after-the-fact investigations of incidents; and

     -

    Does not alter the original content or time ordering of audit records.

     @@ -8123,21 +6255,6 @@ - - - - @@ -8152,17 +6269,6 @@ - - - @@ -8216,6 +6322,7 @@

    fields within audit records that can be processed, sorted, or searched are defined;

    + @@ -8227,26 +6334,12 @@ value="true"/> -

    Provide and implement the capability to process, sort, and search audit records for events of interest based on the following content: .

    Events of interest can be identified by the content of audit records, including system resources involved, information objects accessed, identities of individuals, event types, event locations, event dates and times, Internet Protocol addresses involved, or event success or failure. Organizations may define event criteria to any degree of granularity required, such as locations selectable by a general networking location or by specific system component.

     - - - @@ -8307,7 +6400,7 @@

    granularity of time measurement for audit record timestamps is defined;

    - + @@ -8320,16 +6413,10 @@ -

    Use internal system clocks to generate time stamps for audit records; and

     -

    Record time stamps for audit records that meet and that use Coordinated Universal Time, have a fixed local time offset from Coordinated Universal Time, or that include the local time offset as part of the time stamp.

     @@ -8340,33 +6427,11 @@ - - -

    internal system clocks are used to generate timestamps for audit records;

     - - -

    timestamps are recorded for audit records that meet and that use Coordinated Universal Time, have a fixed local time offset from Coordinated Universal Time, or include the local time offset as part of the timestamp.

    @@ -8412,6 +6477,7 @@

    personnel or roles to be alerted upon detection of unauthorized access, modification, or deletion of audit information is/are defined;

    + @@ -8437,16 +6503,10 @@ -

    Protect audit information and audit logging tools from unauthorized access, modification, and deletion; and

     -

    Alert upon detection of unauthorized access, modification, or deletion of audit information.

     @@ -8457,33 +6517,11 @@ - - -

    audit information and audit logging tools are protected from unauthorized access, modification, and deletion;

     - - -

    are alerted upon detection of unauthorized access, modification, or deletion of audit information.

    @@ -8532,6 +6570,7 @@

    a subset of privileged users or roles authorized to access management of audit logging functionality is defined;

    + @@ -8541,26 +6580,12 @@ -

    Authorize access to management of audit logging functionality to only .

    Individuals or roles with privileged access to a system and who are also the subject of an audit by that system may affect the reliability of the audit information by inhibiting audit activities or modifying audit records. Requiring privileged access to be further defined between audit-related privileges and other privileges limits the number of users or roles with audit-related privileges.

     - - -

    access to management of audit logging functionality is authorized only to .

    @@ -8614,7 +6639,7 @@

    a time period to retain audit records that is consistent with the records retention policy is defined;

    - + @@ -8632,9 +6657,6 @@ -

    Retain audit records for to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.

    AU-11 Additional FedRAMP Requirements and Guidance @@ -8656,17 +6678,6 @@

    Organizations retain audit records until it is determined that the records are no longer needed for administrative, legal, audit, or other operational purposes. This includes the retention and availability of audit records relative to Freedom of Information Act (FOIA) requests, subpoenas, and law enforcement actions. Organizations develop standard categories of audit records relative to such types of actions and standard response processes for each type of action. The National Archives and Records Administration (NARA) General Records Schedules provide federal policy on records retention.

     - - -

    audit records are retained for to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.

    @@ -8716,7 +6727,7 @@

    personnel or roles allowed to select the event types that are to be logged by specific components of the system is/are defined;

    - + @@ -8744,23 +6755,14 @@ -

    Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2a on ;

     -

    Allow to select the event types that are to be logged by specific components of the system; and

     -

    Generate audit records for the event types defined in AU-2c that include the audit record content defined in AU-3.

     @@ -8771,46 +6773,17 @@ - - -

    audit record generation capability for the event types the system is capable of auditing (defined in AU-02_ODP[01]) is provided by ;

     - - -

    is/are allowed to select the event types that are to be logged by specific components of the system;

     - -

    audit records for the event types defined in AU-02_ODP[02] that include the audit record content defined in AU-03 are generated.

    @@ -8922,6 +6895,7 @@

    events that would require assessment, authorization, and monitoring procedures to be reviewed and updated are defined;

    + @@ -8946,13 +6920,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -8974,20 +6941,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the assessment, authorization, and monitoring policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current assessment, authorization, and monitoring:

    @@ -9008,57 +6965,21 @@ - - -

    an assessment, authorization, and monitoring policy is developed and documented;

     - - -

    the assessment, authorization, and monitoring policy is disseminated to ;

     - -

    assessment, authorization, and monitoring procedures to facilitate the implementation of the assessment, authorization, and monitoring policy and associated assessment, authorization, and monitoring controls are developed and documented;

     - -

    the assessment, authorization, and monitoring procedures are disseminated to ;

    @@ -9066,13 +6987,6 @@ - - @@ -9112,13 +7026,6 @@ - -

    the assessment, authorization, and monitoring policy is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines;

    @@ -9128,17 +7035,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the assessment, authorization, and monitoring policy and procedures;

    @@ -9146,17 +7042,6 @@ - - - @@ -9171,17 +7056,6 @@ - - - @@ -9242,6 +7116,7 @@

    individuals or roles to whom control assessment results are to be provided are defined;

    + @@ -9276,16 +7151,10 @@ -

    Select the appropriate assessor or assessment team for the type of assessment to be conducted;

     -

    Develop a control assessment plan that describes the scope of the assessment including:

    @@ -9302,30 +7171,18 @@     -

    Ensure the control assessment plan is reviewed and approved by the authorizing official or designated representative prior to conducting the assessment;

     -

    Assess the controls in the system and its environment of operation to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security and privacy requirements;

     -

    Produce a control assessment report that document the results of the assessment; and

     -

    Provide the results of the control assessment to .

     @@ -9347,13 +7204,6 @@ - -

    an appropriate assessor or assessment team is selected for the type of assessment to be conducted;

    @@ -9361,49 +7211,16 @@ - - -

    a control assessment plan is developed that describes the scope of the assessment, including controls and control enhancements under assessment;

     - - -

    a control assessment plan is developed that describes the scope of the assessment, including assessment procedures to be used to determine control effectiveness;

     - - - @@ -9425,33 +7242,11 @@ - - -

    the control assessment plan is reviewed and approved by the authorizing official or designated representative prior to conducting the assessment;

     - - - @@ -9466,25 +7261,11 @@ - -

    a control assessment report is produced that documents the results of the assessment;

     - -

    the results of the control assessment are provided to .

    @@ -9522,6 +7303,7 @@     Independent Assessors + @@ -9533,9 +7315,6 @@ value="true"/> -

    Employ independent assessors or assessment teams to conduct control assessments.

    CA-2 (1) Additional FedRAMP Requirements and Guidance @@ -9551,17 +7330,6 @@

    When organizations that own the systems are small or the structures of the organizations require that assessments be conducted by individuals that are in the developmental, operational, or management chain of the system owners, independence in assessment processes can be achieved by ensuring that assessment results are carefully reviewed and analyzed by independent teams of experts to validate the completeness, accuracy, integrity, and reliability of the results. Assessments performed for purposes other than to support authorization decisions are more likely to be useable for such decisions when performed by assessors with sufficient independence, thereby reducing the need to repeat assessments.

     - - -

    independent assessors or assessment teams are employed to conduct control assessments.

    @@ -9620,6 +7388,7 @@

    requirements to be met by the control assessment performed by an external organization on the system are defined;

    + @@ -9632,26 +7401,12 @@ -

    Leverage the results of control assessments performed by on when the assessment meets .

    Organizations may rely on control assessments of organizational systems by other (external) organizations. Using such assessments and reusing existing assessment evidence can decrease the time and resources required for assessments by limiting the independent assessment activities that organizations need to perform. The factors that organizations consider in determining whether to accept assessment results from external organizations can vary. Such factors include the organization’s past experience with the organization that conducted the assessment, the reputation of the assessment organization, the level of detail of supporting assessment evidence provided, and mandates imposed by applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Accredited testing laboratories that support the Common Criteria Program ISO 15408-1 , the NIST Cryptographic Module Validation Program (CMVP), or the NIST Cryptographic Algorithm Validation Program (CAVP) can provide independent assessment results that organizations can leverage.

     - - -

    the results of control assessments performed by on are leveraged when the assessment meets .

    @@ -9715,6 +7470,7 @@

    the frequency at which to review and update agreements is defined;

    + @@ -9741,23 +7497,14 @@ -

    Approve and manage the exchange of information between the system and other systems using ;

     -

    Document, as part of each exchange agreement, the interface characteristics, security and privacy requirements, controls, and responsibilities for each system, and the impact level of the information communicated; and

     -

    Review and update the agreements .

     @@ -9769,29 +7516,11 @@ - - -

    the exchange of information between the system and other systems is approved and managed using ;

     - - @@ -9826,17 +7555,6 @@ - - -

    agreements are reviewed and updated .

    @@ -9887,6 +7605,7 @@

    the frequency at which to update an existing plan of action and milestones based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities is defined;

    + @@ -9907,16 +7626,10 @@ -

    Develop a plan of action and milestones for the system to document the planned remediation actions of the organization to correct weaknesses or deficiencies noted during the assessment of the controls and to reduce or eliminate known vulnerabilities in the system; and

     -

    Update existing plan of action and milestones based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities.

     @@ -9938,33 +7651,11 @@ - - -

    a plan of action and milestones for the system is developed to document the planned remediation actions of the organization to correct weaknesses or deficiencies noted during the assessment of the controls and to reduce or eliminate known vulnerabilities in the system;

     - - -

    existing plan of action and milestones are updated based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities.

    @@ -10015,6 +7706,7 @@

    frequency at which to update the authorizations is defined;

    + @@ -10037,23 +7729,14 @@ -

    Assign a senior official as the authorizing official for the system;

     -

    Assign a senior official as the authorizing official for common controls available for inheritance by organizational systems;

     -

    Ensure that the authorizing official for the system, before commencing operations:

    @@ -10066,16 +7749,10 @@     -

    Ensure that the authorizing official for common controls authorizes the use of those controls for inheritance by organizational systems;

     -

    Update the authorizations .

     @@ -10094,33 +7771,11 @@ - - -

    a senior official is assigned as the authorizing official for the system;

     - - -

    a senior official is assigned as the authorizing official for common controls available for inheritance by organizational systems;

    @@ -10128,33 +7783,11 @@ - - -

    before commencing operations, the authorizing official for the system accepts the use of common controls inherited by the system;

     - - -

    before commencing operations, the authorizing official for the system authorizes the system to operate;

    @@ -10162,29 +7795,11 @@     - - -

    the authorizing official for common controls authorizes the use of those controls for inheritance by organizational systems;

     - -

    the authorizations are updated .

    @@ -10273,6 +7888,7 @@

    frequency at which the privacy status of the system is reported is defined;

    + @@ -10344,51 +7960,30 @@

    Develop a system-level continuous monitoring strategy and implement continuous monitoring in accordance with the organization-level continuous monitoring strategy that includes:

    -

    Establishing the following system-level metrics to be monitored: ;

     -

    Establishing for monitoring and for assessment of control effectiveness;

     -

    Ongoing control assessments in accordance with the continuous monitoring strategy;

     -

    Ongoing monitoring of system and organization-defined metrics in accordance with the continuous monitoring strategy;

     -

    Correlation and analysis of information generated by control assessments and monitoring;

     -

    Response actions to address results of the analysis of control assessment and monitoring information; and

     -

    Reporting the security and privacy status of the system to .

    @@ -10416,65 +8011,21 @@ - - -

    a system-level continuous monitoring strategy is developed;

     - - -

    system-level continuous monitoring is implemented in accordance with the organization-level continuous monitoring strategy;

     - - -

    system-level continuous monitoring includes establishment of the following system-level metrics to be monitored: ;

     - - - @@ -10489,81 +8040,26 @@ - - -

    system-level continuous monitoring includes ongoing control assessments in accordance with the continuous monitoring strategy;

     - - -

    system-level continuous monitoring includes ongoing monitoring of system and organization-defined metrics in accordance with the continuous monitoring strategy;

     - - -

    system-level continuous monitoring includes correlation and analysis of information generated by control assessments and monitoring;

     - - -

    system-level continuous monitoring includes response actions to address the results of the analysis of control assessment and monitoring information;

     - - - @@ -10621,6 +8117,7 @@ Independent Assessment + @@ -10632,26 +8129,12 @@ value="true"/> -

    Employ independent assessors or assessment teams to monitor the controls in the system on an ongoing basis.

    Organizations maximize the value of control assessments by requiring that assessments be conducted by assessors with appropriate levels of independence. The level of required independence is based on organizational continuous monitoring strategies. Assessor independence provides a degree of impartiality to the monitoring process. To achieve such impartiality, assessors do not create a mutual or conflicting interest with the organizations where the assessments are being conducted, assess their own work, act as management or employees of the organizations they are serving, or place themselves in advocacy positions for the organizations acquiring their services.

     - - -

    independent assessors or assessment teams are employed to monitor the controls in the system on an ongoing basis.

    @@ -10685,6 +8168,7 @@     Risk Monitoring + @@ -10701,23 +8185,14 @@

    Ensure risk monitoring is an integral part of the continuous monitoring strategy that includes the following:

    -

    Effectiveness monitoring;

     -

    Compliance monitoring; and

     -

    Change monitoring.

     @@ -10726,63 +8201,19 @@

    Risk monitoring is informed by the established organizational risk tolerance. Effectiveness monitoring determines the ongoing effectiveness of the implemented risk response measures. Compliance monitoring verifies that required risk response measures are implemented. It also verifies that security and privacy requirements are satisfied. Change monitoring identifies changes to organizational systems and environments of operation that may affect security and privacy risk.

     - - -

    risk monitoring is an integral part of the continuous monitoring strategy;

    - - -

    effectiveness monitoring is included in risk monitoring;

     - - -

    compliance monitoring is included in risk monitoring;

     - - -

    change monitoring is included in risk monitoring.

    @@ -10843,6 +8274,7 @@

    systems or system components on which penetration testing is to be conducted are defined;

    + @@ -10858,9 +8290,6 @@ -

    Conduct penetration testing on .

    CA-8 Additional FedRAMP Requirements and Guidance @@ -10875,17 +8304,6 @@

    Organizations can use the results of vulnerability analyses to support penetration testing activities. Penetration testing can be conducted internally or externally on the hardware, software, or firmware components of a system and can exercise both physical and technical controls. A standard method for penetration testing includes a pretest analysis based on full knowledge of the system, pretest identification of potential vulnerabilities based on the pretest analysis, and testing designed to determine the exploitability of vulnerabilities. All parties agree to the rules of engagement before commencing penetration testing scenarios. Organizations correlate the rules of engagement for the penetration tests with the tools, techniques, and procedures that are anticipated to be employed by adversaries. Penetration testing may result in the exposure of information that is protected by laws or regulations, to individuals conducting the testing. Rules of engagement, contracts, or other appropriate mechanisms can be used to communicate expectations for how to protect this information. Risk assessments guide the decisions on the level of independence required for the personnel conducting penetration testing.

     - - -

    penetration testing is conducted on .

    @@ -10923,6 +8341,7 @@     Independent Penetration Testing Agent or Team + @@ -10935,26 +8354,12 @@ -

    Employ an independent penetration testing agent or team to perform penetration testing on the system or system components.

    Independent penetration testing agents or teams are individuals or groups who conduct impartial penetration testing of organizational systems. Impartiality implies that penetration testing agents or teams are free from perceived or actual conflicts of interest with respect to the development, operation, or management of the systems that are the targets of the penetration testing. CA-2(1) provides additional information on independent assessments that can be applied to penetration testing.

     - - -

    an independent penetration testing agent or team is employed to perform penetration testing on the system or system components.

    @@ -10991,7 +8396,7 @@

    red team exercises to simulate attempts by adversaries to compromise organizational systems are defined;

    - + @@ -11003,12 +8408,9 @@ value="true"/> -

    Employ the following red-team exercises to simulate attempts by adversaries to compromise organizational systems in accordance with applicable rules of engagement: .

    - CA-8(2) Additional FedRAMP Requirements and Guidance + CM-2 Additional FedRAMP Requirements and Guidance

    See the FedRAMP Documents page> Penetration Test Guidance

    @@ -11020,17 +8422,6 @@

    Red team exercises extend the objectives of penetration testing by examining the security and privacy posture of organizations and the capability to implement effective cyber defenses. Red team exercises simulate attempts by adversaries to compromise mission and business functions and provide a comprehensive assessment of the security and privacy posture of systems and organizations. Such attempts may include technology-based attacks and social engineering-based attacks. Technology-based attacks include interactions with hardware, software, or firmware components and/or mission and business processes. Social engineering-based attacks include interactions via email, telephone, shoulder surfing, or personal conversations. Red team exercises are most effective when conducted by penetration testing agents and teams with knowledge of and experience with current adversarial tactics, techniques, procedures, and tools. While penetration testing may be primarily laboratory-based testing, organizations can use red team exercises to provide more comprehensive assessments that reflect real-world conditions. The results from red team exercises can be used by organizations to improve security and privacy awareness and training and to assess control effectiveness.

     - - -

    are employed to simulate attempts by adversaries to compromise organizational systems in accordance with applicable rules of engagement.

    @@ -11097,6 +8488,7 @@

    frequency at which to review the continued need for each internal connection is defined;

    + @@ -11118,30 +8510,18 @@ -

    Authorize internal connections of to the system;

     -

    Document, for each internal connection, the interface characteristics, security and privacy requirements, and the nature of the information communicated;

     -

    Terminate internal system connections after ; and

     -

    Review the continued need for each internal connection.

     @@ -11152,29 +8532,11 @@ - - -

    internal connections of to the system are authorized;

     - - @@ -11199,33 +8561,11 @@ - - -

    internal system connections are terminated after ;

     - - -

    the continued need for each internal connection is reviewed .

    @@ -11338,6 +8678,7 @@

    events that would require configuration management procedures to be reviewed and updated are defined;

    + @@ -11358,13 +8699,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -11386,20 +8720,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the configuration management policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current configuration management:

    @@ -11420,57 +8744,21 @@ - - -

    a configuration management policy is developed and documented;

     - - -

    the configuration management policy is disseminated to ;

     - -

    configuration management procedures to facilitate the implementation of the configuration management policy and associated configuration management controls are developed and documented;

     - -

    the configuration management procedures are disseminated to ;

    @@ -11478,13 +8766,6 @@ - - @@ -11524,13 +8805,6 @@ - -

    the configuration management policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

    @@ -11540,17 +8814,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the configuration management policy and procedures;

    @@ -11558,17 +8821,6 @@ - - - @@ -11583,17 +8835,6 @@ - - - @@ -11658,6 +8899,7 @@

    the circumstances requiring baseline configuration review and update are defined;

    + @@ -11690,16 +8932,10 @@ -

    Develop, document, and maintain under configuration control, a current baseline configuration of the system; and

     -

    Review and update the baseline configuration of the system:

    @@ -11730,13 +8966,6 @@ - - @@ -11753,49 +8982,16 @@ - - -

    the baseline configuration of the system is reviewed and updated ;

     - - -

    the baseline configuration of the system is reviewed and updated when required due to ;

     - - -

    the baseline configuration of the system is reviewed and updated when system components are installed or upgraded.

    @@ -11847,6 +9043,7 @@

    automated mechanisms for maintaining baseline configuration of the system are defined;

    + @@ -11861,26 +9058,12 @@ -

    Maintain the currency, completeness, accuracy, and availability of the baseline configuration of the system using .

    Automated mechanisms that help organizations maintain consistent baseline configurations for systems include configuration management tools, hardware, software, firmware inventory tools, and network management tools. Automated tools can be used at the organization level, mission and business process level, or system level on workstations, servers, notebook computers, network components, or mobile devices. Tools can be used to track version numbers on operating systems, applications, types of software installed, and current patch levels. Automation support for accuracy and currency can be satisfied by the implementation of CM-8(2) for organizations that combine system component inventory and baseline configuration activities.

     - - - @@ -11946,6 +9129,7 @@

    the number of previous baseline configuration versions to be retained is defined;

    + @@ -11957,22 +9141,12 @@ value="true"/> -

    Retain of previous versions of baseline configurations of the system to support rollback.

    Retaining previous versions of baseline configurations to support rollback include hardware, software, firmware, configuration files, configuration records, and associated documentation.

     - -

    of previous baseline configuration version(s) of the system is/are retained to support rollback.

    @@ -12029,6 +9203,7 @@

    the controls to be applied when the individuals return from travel are defined;

    + @@ -12043,16 +9218,10 @@ -

    Issue with to individuals traveling to locations that the organization deems to be of significant risk; and

     -

    Apply the following controls to the systems or components when the individuals return from travel: .

     @@ -12063,34 +9232,12 @@ - - -

    with are issued to individuals traveling to locations that the organization deems to be of significant risk;

     - - -

    are applied to the systems or system components when the individuals return from travel.

    @@ -12169,6 +9316,7 @@

    configuration change conditions that prompt the configuration control element to convene are defined (if selected);

    + @@ -12206,51 +9354,30 @@ -

    Determine and document the types of changes to the system that are configuration-controlled;

     -

    Review proposed configuration-controlled changes to the system and approve or disapprove such changes with explicit consideration for security and privacy impact analyses;

     -

    Document configuration change decisions associated with the system;

     -

    Implement approved configuration-controlled changes to the system;

     -

    Retain records of configuration-controlled changes to the system for ;

     -

    Monitor and review activities associated with configuration-controlled changes to the system; and

     -

    Coordinate and provide oversight for configuration change control activities through that convenes .

     @@ -12272,33 +9399,11 @@ - - -

    the types of changes to the system that are configuration-controlled are determined and documented;

     - - - @@ -12313,57 +9418,21 @@ - - -

    configuration change decisions associated with the system are documented;

     - -

    approved configuration-controlled changes to the system are implemented;

     - -

    records of configuration-controlled changes to the system are retained for ;

     - - - @@ -12380,33 +9449,11 @@ - - -

    configuration change control activities are coordinated and overseen by ;

     - - -

    the configuration control element convenes .

    @@ -12454,6 +9501,7 @@     Testing, Validation, and Documentation of Changes + @@ -12465,26 +9513,12 @@ value="true"/> -

    Test, validate, and document changes to the system before finalizing the implementation of the changes.

    Changes to systems include modifications to hardware, software, or firmware components and configuration settings defined in CM-6 . Organizations ensure that testing does not interfere with system operations that support organizational mission and business functions. Individuals or groups conducting tests understand security and privacy policies and procedures, system security and privacy policies and procedures, and the health, safety, and environmental risks associated with specific facilities or processes. Operational systems may need to be taken offline, or replicated to the extent feasible, before testing can be conducted. If systems must be taken offline for testing, the tests are scheduled to occur during planned system outages whenever possible. If the testing cannot be conducted on operational systems, organizations employ compensating controls.

     - - - @@ -12569,6 +9603,7 @@

    the configuration change control element of which the security and privacy representatives are to be members is defined;

    + @@ -12577,26 +9612,12 @@ value="organization"/> -

    Require to be members of the .

    Information security and privacy representatives include system security officers, senior agency information security officers, senior agency officials for privacy, or system privacy officers. Representation by personnel with information security and privacy expertise is important because changes to system configurations can have unintended side effects, some of which may be security- or privacy-relevant. Detecting such changes early in the process can help avoid unintended, negative consequences that could ultimately affect the security and privacy posture of systems. The configuration change control element referred to in the second organization-defined parameter reflects the change control elements defined by organizations in CM-3g.

     - - - @@ -12644,6 +9665,7 @@     Impact Analyses + @@ -12667,26 +9689,12 @@ -

    Analyze changes to the system to determine potential security and privacy impacts prior to change implementation.

    Organizational personnel with security or privacy responsibilities conduct impact analyses. Individuals conducting impact analyses possess the necessary skills and technical expertise to analyze the changes to systems as well as the security or privacy ramifications. Impact analyses include reviewing security and privacy plans, policies, and procedures to understand control requirements; reviewing system design documentation and operational procedures to understand control implementation and how specific system changes might affect the controls; reviewing the impact of changes on organizational supply chain partners with stakeholders; and determining how potential changes to a system create new risks to the privacy of individuals and the ability of implemented controls to mitigate those risks. Impact analyses also include risk assessments to understand the impact of the changes and determine if additional controls are required.

     - - - @@ -12742,6 +9750,7 @@ Verification of Controls + @@ -12756,26 +9765,12 @@ -

    After system changes, verify that the impacted controls are implemented correctly, operating as intended, and producing the desired outcome with regard to meeting the security and privacy requirements for the system.

    Implementation in this context refers to installing changed code in the operational system that may have an impact on security or privacy controls.

     - - - @@ -12852,7 +9847,7 @@     Access Restrictions for Change - + @@ -12872,26 +9867,12 @@ -

    Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system.

    Changes to the hardware, software, or firmware components of systems or the operational procedures related to the system can potentially have significant effects on the security of the systems or individuals’ privacy. Therefore, organizations permit only qualified and authorized individuals to access systems for purposes of initiating changes. Access restrictions include physical and logical access controls (see AC-3 and PE-3 ), software libraries, workflow automation, media libraries, abstract layers (i.e., changes implemented into external interfaces rather than directly into systems), and change windows (i.e., changes occur only during specified times).

     - - - @@ -12970,6 +9951,7 @@

    mechanisms used to automate the enforcement of access restrictions are defined;

    + @@ -12986,16 +9968,10 @@ -

    Enforce access restrictions using ; and

     -

    Automatically generate audit records of the enforcement actions.

     @@ -13006,29 +9982,11 @@ - -

    access restrictions for change are enforced using ;

     - - -

    audit records of enforcement actions are automatically generated.

    @@ -13092,6 +10050,7 @@

    frequency at which to reevaluate privileges is defined;

    + @@ -13102,16 +10061,10 @@ -

    Limit privileges to change system components and system-related information within a production or operational environment; and

     -

    Review and reevaluate privileges .

     @@ -13122,13 +10075,6 @@ - - @@ -13143,17 +10089,6 @@ - - - @@ -13226,7 +10161,7 @@

    operational requirements necessitating approval of deviations are defined;

    - + @@ -13272,30 +10207,18 @@ -

    Establish and document configuration settings for components employed within the system that reflect the most restrictive mode consistent with operational requirements using ;

     -

    Implement the configuration settings;

     -

    Identify, document, and approve any deviations from established configuration settings for based on ; and

     -

    Monitor and control changes to the configuration settings in accordance with organizational policies and procedures.

     @@ -13311,7 +10234,7 @@     -

    Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP's Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.

    +

    Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP’s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.

    During monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests.

         @@ -13324,45 +10247,16 @@ - -

    configuration settings that reflect the most restrictive mode consistent with operational requirements are established and documented for components employed within the system using ;

     - - -

    the configuration settings documented in CM-06a are implemented;

     - - - @@ -13377,17 +10271,6 @@ - - - @@ -13471,7 +10354,7 @@

    automated mechanisms to verify configuration settings are defined;

    - + @@ -13481,22 +10364,12 @@ -

    Manage, apply, and verify configuration settings for using .

    Automated tools (e.g., hardening tools, baseline configuration tools) can improve the accuracy, consistency, and availability of configuration settings information. Automation can also provide data aggregation and data correlation capabilities, alerting mechanisms, and dashboards to support risk-based decision-making within the organization.

     - - @@ -13594,7 +10467,7 @@

    services to be prohibited or restricted are defined;

    - + @@ -13628,16 +10501,10 @@ -

    Configure the system to provide only ; and

     -

    Prohibit or restrict the use of the following functions, ports, protocols, software, and/or services: .

     @@ -13655,29 +10522,11 @@ - - -

    the system is configured to provide only ;

     - - @@ -13787,7 +10636,7 @@

    services to be disabled or removed when deemed unnecessary or non-secure are defined;

    - + @@ -13801,16 +10650,10 @@ -

    Review the system to identify unnecessary and/or nonsecure functions, ports, protocols, software, and services; and

     -

    Disable or remove .

     @@ -13821,33 +10664,11 @@ - - -

    the system is reviewed to identify unnecessary and/or non-secure functions, ports, protocols, software, and services:

     - - - @@ -13935,7 +10756,7 @@

    policies, rules of behavior, and/or access agreements regarding software program usage and restrictions are defined (if selected);

    - + @@ -13949,9 +10770,6 @@ -

    Prevent program execution in accordance with .

    CM-7 (2) Additional FedRAMP Requirements and Guidance @@ -13965,13 +10783,6 @@

    Prevention of program execution addresses organizational policies, rules of behavior, and/or access agreements that restrict software usage and the terms and conditions imposed by the developer or manufacturer, including software licensing and copyrights. Restrictions include prohibiting auto-execute features, restricting roles allowed to approve program execution, permitting or prohibiting specific software programs, or restricting the number of program instances executed at the same time.

     - -

    program execution is prevented in accordance with .

    @@ -14033,7 +10844,7 @@

    frequency at which to review and update the list of authorized software programs is defined;

    - + @@ -14055,23 +10866,14 @@ -

    Identify ;

     -

    Employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the system; and

     -

    Review and update the list of authorized software programs .

     @@ -14082,46 +10884,17 @@ - - -

    are identified;

     - -

    a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the system is employed;

     - - -

    the list of authorized software programs is reviewed and updated .

    @@ -14186,7 +10959,7 @@

    frequency at which to review and update the system component inventory is defined;

    - + @@ -14222,9 +10995,6 @@ -

    Develop and document an inventory of system components that:

    @@ -14249,9 +11019,6 @@     -

    Review and update the system component inventory .

     @@ -14272,81 +11039,26 @@ - - -

    an inventory of system components that accurately reflects the system is developed and documented;

     - - -

    an inventory of system components that includes all components within the system is developed and documented;

     - - -

    an inventory of system components that does not include duplicate accounting of components or components assigned to any other system is developed and documented;

     - - -

    an inventory of system components that is at the level of granularity deemed necessary for tracking and reporting is developed and documented;

     - - -

    an inventory of system components that includes is developed and documented;

    @@ -14354,17 +11066,6 @@     - - -

    the system component inventory is reviewed and updated .

    @@ -14405,6 +11106,7 @@     Updates During Installation and Removal + @@ -14417,26 +11119,12 @@ -

    Update the inventory of system components as part of component installations, removals, and system updates.

    Organizations can improve the accuracy, completeness, and consistency of system component inventories if the inventories are updated as part of component installations or removals or during general system updates. If inventories are not updated at these key times, there is a greater likelihood that the information will not be appropriately captured and documented. System updates include hardware, software, and firmware components.

     - - - @@ -14543,6 +11231,7 @@

    personnel or roles to be notified when unauthorized components are detected is/are defined (if selected);

    + @@ -14564,17 +11253,11 @@ -

    Detect the presence of unauthorized hardware, software, and firmware components within the system using ; and

     -

    Take the following actions when unauthorized components are detected: .

     @@ -14586,13 +11269,6 @@ - - @@ -14615,13 +11291,6 @@ - - @@ -14695,6 +11364,7 @@

    personnel or roles to review and approve the configuration management plan is/are defined;

    + @@ -14714,37 +11384,22 @@

    Develop, document, and implement a configuration management plan for the system that:

    -

    Addresses roles, responsibilities, and configuration management processes and procedures;

     -

    Establishes a process for identifying configuration items throughout the system development life cycle and for managing the configuration of the configuration items;

     -

    Defines the configuration items for the system and places the configuration items under configuration management;

     -

    Is reviewed and approved by ; and

     -

    Protects the configuration management plan from unauthorized disclosure and modification.

     @@ -14759,13 +11414,6 @@

    Organizations can employ templates to help ensure the consistent and timely development and implementation of configuration management plans. Templates can represent a configuration management plan for the organization with subsets of the plan implemented on a system by system basis. Configuration management approval processes include the designation of key stakeholders responsible for reviewing and approving proposed changes to systems, and personnel who conduct security and privacy impact analyses prior to the implementation of changes to the systems. Configuration items are the system components, such as the hardware, software, firmware, and documentation to be configuration-managed. As systems continue through the system development life cycle, new configuration items may be identified, and some existing configuration items may no longer need to be under configuration control.

     - - @@ -14778,13 +11426,6 @@ - - @@ -14806,29 +11447,11 @@ - - -

    the configuration management plan establishes a process for identifying configuration items throughout the system development life cycle;

     - -

    the configuration management plan establishes a process for managing the configuration of the configuration items;

    @@ -14838,25 +11461,11 @@ - -

    the configuration management plan defines the configuration items for the system;

     - -

    the configuration management plan places the configuration items under configuration management;

    @@ -14864,29 +11473,11 @@     - - -

    the configuration management plan is reviewed and approved by ;

     - - @@ -14941,6 +11532,7 @@     Software Usage Restrictions + @@ -14955,23 +11547,14 @@ -

    Use software and associated documentation in accordance with contract agreements and copyright laws;

     -

    Track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and

     -

    Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.

     @@ -14982,49 +11565,16 @@ - - -

    software and associated documentation are used in accordance with contract agreements and copyright laws;

     - - -

    the use of software and associated documentation protected by quantity licenses is tracked to control copying and distribution;

     - - -

    the use of peer-to-peer file sharing technology is controlled and documented to ensure that peer-to-peer file sharing is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.

    @@ -15093,6 +11643,7 @@

    frequency with which to monitor compliance is defined;

    + @@ -15112,23 +11663,14 @@ -

    Establish governing the installation of software by users;

     -

    Enforce software installation policies through the following methods: ; and

     -

    Monitor policy compliance .

     @@ -15139,46 +11681,17 @@ - - -

    governing the installation of software by users are established;

     - - -

    software installation policies are enforced through ;

     - -

    compliance with is monitored .

    @@ -15232,6 +11745,7 @@

    information for which the location is to be identified and documented is defined;

    + @@ -15262,23 +11776,14 @@ -

    Identify and document the location of and the specific system components on which the information is processed and stored;

     -

    Identify and document the users who have access to the system and system components where the information is processed and stored; and

     -

    Document changes to the location (i.e., system or system components) where the information is processed and stored.

     @@ -15298,49 +11803,16 @@ - - -

    the location of is identified and documented;

     - - -

    the specific system components on which is processed are identified and documented;

     - - -

    the specific system components on which is stored are identified and documented;

    @@ -15348,17 +11820,6 @@     - - - @@ -15373,17 +11834,6 @@ - - - @@ -15457,6 +11907,7 @@

    system components where the information is located are defined;

    + @@ -15468,9 +11919,6 @@ value="true"/> -

    Use automated tools to identify on to ensure controls are in place to protect organizational information and individual privacy.

    CM-12 (1) Additional FedRAMP Requirements and Guidance @@ -15484,13 +11932,6 @@

    The use of automated tools helps to increase the effectiveness and efficiency of the information location capability implemented within the system. Automation also helps organizations manage the data produced during information location activities and share such information across the organization. The output of automated information location tools can be used to guide and inform system architecture and design decisions.

     - -

    automated tools are used to identify on to ensure that controls are in place to protect organizational information and individual privacy.

    @@ -15605,6 +12046,7 @@

    events that would require procedures to be reviewed and updated are defined;

    + @@ -15625,13 +12067,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -15653,20 +12088,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the contingency planning policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current contingency planning:

    @@ -15687,57 +12112,21 @@ - - -

    a contingency planning policy is developed and documented;

     - - -

    the contingency planning policy is disseminated to ;

     - -

    contingency planning procedures to facilitate the implementation of the contingency planning policy and associated contingency planning controls are developed and documented;

     - -

    the contingency planning procedures are disseminated to ;

    @@ -15745,13 +12134,6 @@ - - @@ -15791,13 +12173,6 @@ - -

    the contingency planning policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

    @@ -15807,17 +12182,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the contingency planning policy and procedures;

    @@ -15825,17 +12189,6 @@ - - - @@ -15850,17 +12203,6 @@ - - - @@ -15955,6 +12297,7 @@

    key contingency organizational elements to communicate changes to are defined;

    + @@ -15990,9 +12333,6 @@ -

    Develop a contingency plan for the system that:

    @@ -16025,51 +12365,30 @@     -

    Distribute copies of the contingency plan to ;

     -

    Coordinate contingency planning activities with incident handling activities;

     -

    Review the contingency plan for the system ;

     -

    Update the contingency plan to address changes to the organization, system, or environment of operation and problems encountered during contingency plan implementation, execution, or testing;

     -

    Communicate contingency plan changes to ;

     -

    Incorporate lessons learned from contingency plan testing, training, or actual contingency activities into contingency testing and training; and

     -

    Protect the contingency plan from unauthorized disclosure and modification.

     @@ -16094,25 +12413,11 @@ - -

    a contingency plan for the system is developed that identifies essential mission and business functions and associated contingency requirements;

     - - @@ -16132,13 +12437,6 @@ - - @@ -16158,49 +12456,21 @@ - -

    a contingency plan for the system is developed that addresses maintaining essential mission and business functions despite a system disruption, compromise, or failure;

     - -

    a contingency plan for the system is developed that addresses eventual, full-system restoration without deterioration of the controls originally planned and implemented;

     - -

    a contingency plan for the system is developed that addresses the sharing of contingency information;

     - - @@ -16219,33 +12489,11 @@ - - -

    copies of the contingency plan are distributed to ;

     - - -

    copies of the contingency plan are distributed to ;

    @@ -16253,33 +12501,11 @@     - - -

    contingency planning activities are coordinated with incident handling activities;

     - - -

    the contingency plan for the system is reviewed ;

    @@ -16287,33 +12513,11 @@ - - -

    the contingency plan is updated to address changes to the organization, system, or environment of operation;

     - - -

    the contingency plan is updated to address problems encountered during contingency plan implementation, execution, or testing;

    @@ -16321,17 +12525,6 @@     - - - @@ -16346,17 +12539,6 @@ - - - @@ -16371,21 +12553,6 @@ - - - - @@ -16433,6 +12600,7 @@ Coordinate with Related Plans + @@ -16441,26 +12609,12 @@ value="organization"/> -

    Coordinate contingency plan development with organizational elements responsible for related plans.

    Plans that are related to contingency plans include Business Continuity Plans, Disaster Recovery Plans, Critical Infrastructure Plans, Continuity of Operations Plans, Crisis Communications Plans, Insider Threat Implementation Plans, Data Breach Response Plans, Cyber Incident Response Plans, Breach Response Plans, and Occupant Emergency Plans.

     - - -

    contingency plan development is coordinated with organizational elements responsible for related plans.

    @@ -16518,6 +12672,7 @@

    the contingency plan activation time period within which to resume mission and business functions is defined;

    + @@ -16526,26 +12681,12 @@ value="organization"/> -

    Plan for the resumption of mission and business functions within of contingency plan activation.

    Organizations may choose to conduct contingency planning activities to resume mission and business functions as part of business continuity planning or as part of business impact analyses. Organizations prioritize the resumption of mission and business functions. The time period for resuming mission and business functions may be dependent on the severity and extent of the disruptions to the system and its supporting infrastructure.

     - - -

    the resumption of mission and business functions are planned for within of contingency plan activation.

    @@ -16590,6 +12731,7 @@ essential + @@ -16600,26 +12742,12 @@ -

    Identify critical system assets supporting mission and business functions.

    Organizations may choose to identify critical assets as part of criticality analysis, business continuity planning, or business impact analyses. Organizations identify critical system assets so that additional controls can be employed (beyond the controls routinely implemented) to help ensure that organizational mission and business functions can continue to be conducted during contingency operations. The identification of critical information assets also facilitates the prioritization of organizational resources. Critical system assets include technical and operational aspects. Technical aspects include system components, information technology services, information technology products, and mechanisms. Operational aspects include procedures (i.e., manually executed operations) and personnel (i.e., individuals operating technical controls and/or executing manual procedures). Organizational program protection plans can assist in identifying critical assets. If critical assets are resident within or supported by external service providers, organizations consider implementing CP-2(7) as a control enhancement.

     - - -

    critical system assets supporting mission and business functions are identified.

    @@ -16688,6 +12816,7 @@

    events necessitating review and update of contingency training are defined;

    + @@ -16709,9 +12838,6 @@ -

    Provide contingency training to system users consistent with assigned roles and responsibilities:

    @@ -16729,9 +12855,6 @@     -

    Review and update contingency training content and following .

     @@ -16751,49 +12874,16 @@ - - -

    contingency training is provided to system users consistent with assigned roles and responsibilities within of assuming a contingency role or responsibility;

     - - -

    contingency training is provided to system users consistent with assigned roles and responsibilities when required by system changes;

     - - -

    contingency training is provided to system users consistent with assigned roles and responsibilities thereafter;

    @@ -16803,33 +12893,11 @@ - - -

    the contingency plan training content is reviewed and updated ;

     - - -

    the contingency plan training content is reviewed and updated following .

    @@ -16901,7 +12969,7 @@

    tests for determining readiness to execute the contingency plan are defined;

    - + @@ -16927,23 +12995,14 @@ -

    Test the contingency plan for the system using the following tests to determine the effectiveness of the plan and the readiness to execute the plan: .

     -

    Review the contingency plan test results; and

     -

    Initiate corrective actions, if needed.

     @@ -16967,62 +13026,17 @@ - - - -

    the contingency plan for the system is tested ;

     - - - -

    are used to determine the effectiveness of the plan;

     - - - -

    are used to determine the readiness to execute the plan;

    @@ -17031,33 +13045,11 @@     - - -

    the contingency plan test results are reviewed;

     - - -

    corrective actions are initiated, if needed.

    @@ -17095,6 +13087,7 @@     Coordinate with Related Plans + @@ -17108,30 +13101,12 @@ -

    Coordinate contingency plan testing with organizational elements responsible for related plans.

    Plans related to contingency planning for organizational systems include Business Continuity Plans, Disaster Recovery Plans, Continuity of Operations Plans, Crisis Communications Plans, Critical Infrastructure Plans, Cyber Incident Response Plans, and Occupant Emergency Plans. Coordination of contingency plan testing does not require organizations to create organizational elements to handle related plans or to align such elements with specific plans. However, it does require that if such organizational elements are responsible for related plans, organizations coordinate with those elements.

     - - - -

    contingency plan testing is coordinated with organizational elements responsible for related plans.

    @@ -17169,6 +13144,7 @@     Alternate Storage Site + @@ -17188,16 +13164,10 @@ -

    Establish an alternate storage site, including necessary agreements to permit the storage and retrieval of system backup information; and

     -

    Ensure that the alternate storage site provides controls equivalent to that of the primary site.

     @@ -17210,41 +13180,11 @@ - - - -

    an alternate storage site is established;

     - - - -

    establishment of the alternate storage site includes necessary agreements to permit the storage and retrieval of system backup information;

    @@ -17252,21 +13192,6 @@     - - - -

    the alternate storage site provides controls equivalent to that of the primary site.

    @@ -17305,6 +13230,7 @@     Separation from Primary Site + @@ -17314,30 +13240,12 @@ -

    Identify an alternate storage site that is sufficiently separated from the primary storage site to reduce susceptibility to the same threats.

    Threats that affect alternate storage sites are defined in organizational risk assessments and include natural disasters, structural failures, hostile attacks, and errors of omission or commission. Organizations determine what is considered a sufficient degree of separation between primary and alternate storage sites based on the types of threats that are of concern. For threats such as hostile attacks, the degree of separation between sites is less relevant.

     - - - -

    an alternate storage site that is sufficiently separated from the primary storage site is identified to reduce susceptibility to the same threats.

    @@ -17368,6 +13276,7 @@     Accessibility + @@ -17377,9 +13286,6 @@ -

    Identify potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outline explicit mitigation actions.

     @@ -17388,33 +13294,11 @@ - - -

    potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster are identified;

     - - -

    explicit mitigation actions to address identified accessibility problems are outlined.

    @@ -17461,6 +13345,7 @@

    time period consistent with recovery time and recovery point objectives is defined;

    + @@ -17482,23 +13367,14 @@ -

    Establish an alternate processing site, including necessary agreements to permit the transfer and resumption of for essential mission and business functions within when the primary processing capabilities are unavailable;

     -

    Make available at the alternate processing site, the equipment and supplies required to transfer and resume operations or put contracts in place to support delivery to the site within the organization-defined time period for transfer and resumption; and

     -

    Provide controls at the alternate processing site that are equivalent to those at the primary site.

     @@ -17516,21 +13392,6 @@ - - - -

    an alternate processing site, including necessary agreements to permit the transfer and resumption of for essential mission and business functions, is established within when the primary processing capabilities are unavailable;

    @@ -17538,41 +13399,11 @@ - - - -

    the equipment and supplies required to transfer operations are made available at the alternate processing site or if contracts are in place to support delivery to the site within for transfer;

     - - - -

    the equipment and supplies required to resume operations are made available at the alternate processing site or if contracts are in place to support delivery to the site within for resumption;

    @@ -17580,21 +13411,6 @@     - - - -

    controls provided at the alternate processing site are equivalent to those at the primary site.

    @@ -17635,6 +13451,7 @@     Separation from Primary Site + @@ -17644,9 +13461,6 @@ -

    Identify an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats.

    CP-7 (1) Additional FedRAMP Requirements and Guidance @@ -17660,17 +13474,6 @@

    Threats that affect alternate processing sites are defined in organizational assessments of risk and include natural disasters, structural failures, hostile attacks, and errors of omission or commission. Organizations determine what is considered a sufficient degree of separation between primary and alternate processing sites based on the types of threats that are of concern. For threats such as hostile attacks, the degree of separation between sites is less relevant.

     - - -

    an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats is identified.

    @@ -17701,6 +13504,7 @@     Accessibility + @@ -17710,9 +13514,6 @@ -

    Identify potential accessibility problems to alternate processing sites in the event of an area-wide disruption or disaster and outlines explicit mitigation actions.

     @@ -17721,33 +13522,11 @@ - - -

    potential accessibility problems to alternate processing sites in the event of an area-wide disruption or disaster are identified;

     - - -

    explicit mitigation actions to address identified accessibility problems are outlined.

    @@ -17780,6 +13559,7 @@     Priority of Service + @@ -17788,26 +13568,12 @@ value="organization"/> -

    Develop alternate processing site agreements that contain priority-of-service provisions in accordance with availability requirements (including recovery time objectives).

    Priority of service agreements refer to negotiated agreements with service providers that ensure that organizations receive priority treatment consistent with their availability requirements and the availability of information resources for logical alternate processing and/or at the physical alternate processing site. Organizations establish recovery time objectives as part of contingency planning.

     - - -

    alternate processing site agreements that contain priority-of-service provisions in accordance with availability requirements (including recovery time objectives) are developed.

    @@ -17851,6 +13617,7 @@

    time period within which to resume essential mission and business functions when the primary telecommunications capabilities are unavailable is defined;

    + @@ -17864,9 +13631,6 @@ -

    Establish alternate telecommunications services, including necessary agreements to permit the resumption of for essential mission and business functions within when the primary telecommunications capabilities are unavailable at either the primary or alternate processing or storage sites.

    CP-8 Additional FedRAMP Requirements and Guidance @@ -17880,21 +13644,6 @@

    Telecommunications services (for data and voice) for primary and alternate processing and storage sites are in scope for CP-8 . Alternate telecommunications services reflect the continuity requirements in contingency plans to maintain essential mission and business functions despite the loss of primary telecommunications services. Organizations may specify different time periods for primary or alternate sites. Alternate telecommunications services include additional organizational or commercial ground-based circuits or lines, network-based approaches to telecommunications, or the use of satellites. Organizations consider factors such as availability, quality of service, and access when entering into alternate telecommunications agreements.

     - - - -

    alternate telecommunications services, including necessary agreements to permit the resumption of , are established for essential mission and business functions within when the primary telecommunications capabilities are unavailable at either the primary or alternate processing or storage sites.

    @@ -17931,6 +13680,7 @@     Priority of Service Provisions + @@ -17940,16 +13690,10 @@ -

    Develop primary and alternate telecommunications service agreements that contain priority-of-service provisions in accordance with availability requirements (including recovery time objectives); and

     -

    Request Telecommunications Service Priority for all telecommunications services used for national security emergency preparedness if the primary and/or alternate telecommunications services are provided by a common carrier.

     @@ -17960,21 +13704,6 @@ - - - - @@ -17989,21 +13718,6 @@ - - - -

    Telecommunications Service Priority is requested for all telecommunications services used for national security emergency preparedness if the primary and/or alternate telecommunications services are provided by a common carrier.

    @@ -18043,6 +13757,7 @@     Single Points of Failure + @@ -18051,26 +13766,12 @@ value="organization"/> -

    Obtain alternate telecommunications services to reduce the likelihood of sharing a single point of failure with primary telecommunications services.

    In certain circumstances, telecommunications service providers or services may share the same physical lines, which increases the vulnerability of a single failure point. It is important to have provider transparency for the actual physical transmission capability for telecommunication services.

     - - -

    alternate telecommunications services to reduce the likelihood of sharing a single point of failure with primary telecommunications services are obtained.

    @@ -18140,6 +13841,7 @@

    frequency at which to conduct backups of system documentation consistent with recovery time and recovery point objectives is defined;

    + @@ -18163,31 +13865,19 @@ -

    Conduct backups of user-level information contained in ;

     -

    Conduct backups of system-level information contained in the system ;

     -

    Conduct backups of system documentation, including security- and privacy-related documentation ; and

     -

    Protect the confidentiality, integrity, and availability of backup information.

     @@ -18217,77 +13907,21 @@ - - - -

    backups of user-level information contained in are conducted ;

     - - - -

    backups of system-level information contained in the system are conducted ;

     - - - -

    backups of system documentation, including security- and privacy-related documentation are conducted ;

     - - - @@ -18360,6 +13994,7 @@

    frequency at which to test backup information for information integrity is defined;

    + @@ -18369,30 +14004,12 @@ -

    Test backup information to verify media reliability and information integrity.

    Organizations need assurance that backup information can be reliably retrieved. Reliability pertains to the systems and system components where the backup information is stored, the operations used to retrieve the information, and the integrity of the information being retrieved. Independent and specialized tests can be used for each of the aspects of reliability. For example, decrypting and transporting (or transmitting) a random sample of backup files from the alternate storage or backup site and comparing the information to the same information at the primary processing site can provide such assurance.

     - - - - @@ -18450,6 +14067,7 @@

    backup information to protect against unauthorized disclosure and modification is defined;

    + @@ -18461,9 +14079,6 @@ -

    Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of .

    CP-9 (8) Additional FedRAMP Requirements and Guidance @@ -18477,21 +14092,6 @@

    The selection of cryptographic mechanisms is based on the need to protect the confidentiality and integrity of backup information. The strength of mechanisms selected is commensurate with the security category or classification of the information. Cryptographic protection applies to system backup information in storage at both primary and alternate locations. Organizations that implement cryptographic mechanisms to protect information at rest also consider cryptographic key management solutions.

     - - - -

    cryptographic mechanisms are implemented to prevent unauthorized disclosure and modification of .

    @@ -18543,6 +14143,7 @@

    time period consistent with recovery time and recovery point objectives for the reconstitution of the system is determined;

    + @@ -18560,30 +14161,12 @@ -

    Provide for the recovery and reconstitution of the system to a known state within after a disruption, compromise, or failure.

    Recovery is executing contingency plan activities to restore organizational mission and business functions. Reconstitution takes place following recovery and includes activities for returning systems to fully operational states. Recovery and reconstitution operations reflect mission and business priorities; recovery point, recovery time, and reconstitution objectives; and organizational metrics consistent with contingency plan requirements. Reconstitution includes the deactivation of interim system capabilities that may have been needed during recovery operations. Reconstitution also includes assessments of fully restored system capabilities, reestablishment of continuous monitoring activities, system reauthorization (if required), and activities to prepare the system and organization for future disruptions, breaches, compromises, or failures. Recovery and reconstitution capabilities can include automated mechanisms and manual procedures. Organizations establish recovery time and recovery point objectives as part of contingency planning.

     - - - - @@ -18631,6 +14214,7 @@ Transaction Recovery + @@ -18639,30 +14223,12 @@ value="organization"/> -

    Implement transaction recovery for systems that are transaction-based.

    Transaction-based systems include database management systems and transaction processing systems. Mechanisms supporting transaction recovery include transaction rollback and transaction journaling.

     - - - -

    transaction recovery is implemented for systems that are transaction-based.

    @@ -18773,6 +14339,7 @@

    events that would require identification and authentication procedures to be reviewed and updated are defined;

    + @@ -18799,13 +14366,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -18827,20 +14387,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the identification and authentication policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current identification and authentication:

    @@ -18861,57 +14411,21 @@ - - -

    an identification and authentication policy is developed and documented;

     - - -

    the identification and authentication policy is disseminated to ;

     - -

    identification and authentication procedures to facilitate the implementation of the identification and authentication policy and associated identification and authentication controls are developed and documented;

     - -

    the identification and authentication procedures are disseminated to ;

    @@ -18919,13 +14433,6 @@ - - @@ -18965,13 +14472,6 @@ - -

    the identification and authentication policy is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines;

    @@ -18981,17 +14481,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the identification and authentication policy and procedures;

    @@ -18999,17 +14488,6 @@ - - - @@ -19024,17 +14502,6 @@ - - - @@ -19075,7 +14542,7 @@     Identification and Authentication (Organizational Users) - + @@ -19121,9 +14588,6 @@ -

    Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.

    IA-2 Additional FedRAMP Requirements and Guidance @@ -19153,41 +14617,11 @@ - - - -

    organizational users are uniquely identified and authenticated;

     - - - -

    the unique identification of authenticated organizational users is associated with processes acting on behalf of those users.

    @@ -19228,7 +14662,7 @@     Multi-factor Authentication to Privileged Accounts - + @@ -19239,9 +14673,6 @@ -

    Implement multi-factor authentication for access to privileged accounts.

    IA-2 (1) Additional FedRAMP Requirements and Guidance @@ -19263,13 +14694,6 @@

    Multi-factor authentication requires the use of two or more different factors to achieve authentication. The authentication factors are defined as follows: something you know (e.g., a personal identification number [PIN]), something you have (e.g., a physical authenticator such as a cryptographic private key), or something you are (e.g., a biometric). Multi-factor authentication solutions that feature physical authenticators include hardware authenticators that provide time-based or challenge-response outputs and smart cards such as the U.S. Government Personal Identity Verification (PIV) card or the Department of Defense (DoD) Common Access Card (CAC). In addition to authenticating users at the system level (i.e., at logon), organizations may employ authentication mechanisms at the application level, at their discretion, to provide increased security. Regardless of the type of access (i.e., local, network, remote), privileged accounts are authenticated using multi-factor options appropriate for the level of risk. Organizations can add additional security measures, such as additional or more rigorous authentication mechanisms, for specific types of access.

     - -

    multi-factor authentication is implemented for access to privileged accounts.

    @@ -19309,7 +14733,7 @@     Multi-factor Authentication to Non-privileged Accounts - + @@ -19319,9 +14743,6 @@ -

    Implement multi-factor authentication for access to non-privileged accounts.

    IA-2 (2) Additional FedRAMP Requirements and Guidance @@ -19343,13 +14764,6 @@

    Multi-factor authentication requires the use of two or more different factors to achieve authentication. The authentication factors are defined as follows: something you know (e.g., a personal identification number [PIN]), something you have (e.g., a physical authenticator such as a cryptographic private key), or something you are (e.g., a biometric). Multi-factor authentication solutions that feature physical authenticators include hardware authenticators that provide time-based or challenge-response outputs and smart cards such as the U.S. Government Personal Identity Verification card or the DoD Common Access Card. In addition to authenticating users at the system level, organizations may also employ authentication mechanisms at the application level, at their discretion, to provide increased information security. Regardless of the type of access (i.e., local, network, remote), non-privileged accounts are authenticated using multi-factor options appropriate for the level of risk. Organizations can provide additional security measures, such as additional or more rigorous authentication mechanisms, for specific types of access.

     - -

    multi-factor authentication for access to non-privileged accounts is implemented.

    @@ -19389,7 +14803,7 @@     Individual Authentication with Group Authentication - + @@ -19401,22 +14815,12 @@ value="system"/> -

    When shared accounts or authenticators are employed, require users to be individually authenticated before granting access to the shared accounts or resources.

    Individual authentication prior to shared group authentication mitigates the risk of using group accounts or authenticators.

     - -

    users are required to be individually authenticated before granting access to the shared accounts or resources when shared accounts or authenticators are employed.

    @@ -19490,7 +14894,7 @@

    the strength of mechanism requirements to be enforced by a device separate from the system gaining access to accounts is defined;

    - + @@ -19502,16 +14906,10 @@

    Implement multi-factor authentication for access to such that:

    -

    One of the factors is provided by a device separate from the system gaining access; and

     -

    The device meets .

     @@ -19533,33 +14931,11 @@ - - -

    multi-factor authentication is implemented for access to such that one of the factors is provided by a device separate from the system gaining access;

     - - -

    multi-factor authentication is implemented for access to such that the device meets .

    @@ -19612,7 +14988,7 @@ non-privileged accounts - + @@ -19621,26 +14997,12 @@ value="system"/> -

    Implement replay-resistant authentication mechanisms for access to .

    Authentication processes resist replay attacks if it is impractical to achieve successful authentications by replaying previous authentication messages. Replay-resistant techniques include protocols that use nonces or challenges such as time synchronous or cryptographic authenticators.

     - - -

    replay-resistant authentication mechanisms for access to are implemented.

    @@ -19681,7 +15043,7 @@     Acceptance of PIV Credentials - + @@ -19690,9 +15052,6 @@ value="system"/> -

    Accept and electronically verify Personal Identity Verification-compliant credentials.

    IA-2 (12) Additional FedRAMP Requirements and Guidance @@ -19706,17 +15065,6 @@

    Acceptance of Personal Identity Verification (PIV)-compliant credentials applies to organizations implementing logical access control and physical access control systems. PIV-compliant credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. The adequacy and reliability of PIV card issuers are authorized using SP 800-79-2 . Acceptance of PIV-compliant credentials includes derived PIV credentials, the use of which is addressed in SP 800-166 . The DOD Common Access Card (CAC) is an example of a PIV credential.

     - - -

    Personal Identity Verification-compliant credentials are accepted and electronically verified.

    @@ -19772,6 +15120,7 @@ network + @@ -19791,26 +15140,12 @@ -

    Uniquely identify and authenticate before establishing a connection.

    Devices that require unique device-to-device identification and authentication are defined by type, device, or a combination of type and device. Organization-defined device types include devices that are not owned by the organization. Systems use shared known information (e.g., Media Access Control [MAC], Transmission Control Protocol/Internet Protocol [TCP/IP] addresses) for device identification or organizational authentication solutions (e.g., Institute of Electrical and Electronics Engineers (IEEE) 802.1x and Extensible Authentication Protocol [EAP], RADIUS server with EAP-Transport Layer Security [TLS] authentication, Kerberos) to identify and authenticate devices on local and wide area networks. Organizations determine the required strength of authentication mechanisms based on the security categories of systems and mission or business requirements. Because of the challenges of implementing device authentication on a large scale, organizations can restrict the application of the control to a limited number/type of devices based on mission or business needs.

     - - -

    are uniquely identified and authenticated before establishing a connection.

    @@ -19872,7 +15207,7 @@

    a time period for preventing reuse of identifiers is defined;

    - + @@ -19904,30 +15239,18 @@

    Manage system identifiers by:

    -

    Receiving authorization from to assign an individual, group, role, service, or device identifier;

     -

    Selecting an identifier that identifies an individual, group, role, service, or device;

     -

    Assigning the identifier to the intended individual, group, role, service, or device; and

     -

    Preventing reuse of identifiers for .

     @@ -19938,65 +15261,21 @@ - - -

    system identifiers are managed by receiving authorization from to assign to an individual, group, role, or device identifier;

     - - -

    system identifiers are managed by selecting an identifier that identifies an individual, group, role, service, or device;

     - - -

    system identifiers are managed by assigning the identifier to the intended individual, group, role, service, or device;

     - - -

    system identifiers are managed by preventing reuse of identifiers for .

    @@ -20048,6 +15327,7 @@

    characteristics used to identify individual status is defined;

    + @@ -20056,26 +15336,12 @@ value="organization"/> -

    Manage individual identifiers by uniquely identifying each individual as .

    Characteristics that identify the status of individuals include contractors, foreign nationals, and non-organizational users. Identifying the status of individuals by these characteristics provides additional information about the people with whom organizational personnel are communicating. For example, it might be useful for a government employee to know that one of the individuals on an email message is a contractor.

     - - -

    individual identifiers are managed by uniquely identifying each individual as .

    @@ -20124,7 +15390,7 @@

    events that trigger the change or refreshment of authenticators are defined;

    - + @@ -20163,65 +15429,38 @@

    Manage system authenticators by:

    -

    Verifying, as part of the initial authenticator distribution, the identity of the individual, group, role, service, or device receiving the authenticator;

     -

    Establishing initial authenticator content for any authenticators issued by the organization;

     -

    Ensuring that authenticators have sufficient strength of mechanism for their intended use;

     -

    Establishing and implementing administrative procedures for initial authenticator distribution, for lost or compromised or damaged authenticators, and for revoking authenticators;

     -

    Changing default authenticators prior to first use;

     -

    Changing or refreshing authenticators or when occur;

     -

    Protecting authenticator content from unauthorized disclosure and modification;

     -

    Requiring individuals to take, and having devices implement, specific controls to protect authenticators; and

     -

    Changing authenticators for group or role accounts when membership to those accounts changes.

     @@ -20244,113 +15483,36 @@ - - -

    system authenticators are managed through the verification of the identity of the individual, group, role, service, or device receiving the authenticator as part of the initial authenticator distribution;

     - - -

    system authenticators are managed through the establishment of initial authenticator content for any authenticators issued by the organization;

     - - -

    system authenticators are managed to ensure that authenticators have sufficient strength of mechanism for their intended use;

     - - -

    system authenticators are managed through the establishment and implementation of administrative procedures for initial authenticator distribution; lost, compromised, or damaged authenticators; and the revocation of authenticators;

     - - -

    system authenticators are managed through the change of default authenticators prior to first use;

     - - -

    system authenticators are managed through the change or refreshment of authenticators or when occur;

     - - -

    system authenticators are managed through the protection of authenticator content from unauthorized disclosure and modification;

    @@ -20358,33 +15520,11 @@ - - -

    system authenticators are managed through the requirement for individuals to take specific controls to protect authenticators;

     - - -

    system authenticators are managed through the requirement for devices to implement specific controls to protect authenticators;

    @@ -20392,17 +15532,6 @@     - - -

    system authenticators are managed through the change of authenticators for group or role accounts when membership to those accounts changes.

    @@ -20454,6 +15583,7 @@

    authenticator composition and complexity rules are defined;

    + @@ -20468,58 +15598,34 @@

    For password-based authentication:

    -

    Maintain a list of commonly-used, expected, or compromised passwords and update the list and when organizational passwords are suspected to have been compromised directly or indirectly;

     -

    Verify, when users create or update passwords, that the passwords are not found on the list of commonly-used, expected, or compromised passwords in IA-5(1)(a);

     -

    Transmit passwords only over cryptographically-protected channels;

     -

    Store passwords using an approved salted key derivation function, preferably using a keyed hash;

     -

    Require immediate selection of a new password upon account recovery;

     -

    Allow user selection of long passwords and passphrases, including spaces and all printable characters;

     -

    Employ automated tools to assist the user in selecting strong password authenticators; and

     -

    Enforce the following composition and complexity rules: .

     @@ -20531,7 +15637,7 @@     -

    For cases where technology doesn't allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.

    +

    For cases where technology doesn’t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.

    For emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used.

     @@ -20546,109 +15652,41 @@ - - -

    for password-based authentication, a list of commonly used, expected, or compromised passwords is maintained and updated and when organizational passwords are suspected to have been compromised directly or indirectly;

     - - -

    for password-based authentication when passwords are created or updated by users, the passwords are verified not to be found on the list of commonly used, expected, or compromised passwords in IA-05(01)(a);

     - -

    for password-based authentication, passwords are only transmitted over cryptographically protected channels;

     - -

    for password-based authentication, passwords are stored using an approved salted key derivation function, preferably using a keyed hash;

     - -

    for password-based authentication, immediate selection of a new password is required upon account recovery;

     - -

    for password-based authentication, user selection of long passwords and passphrases is allowed, including spaces and all printable characters;

     - -

    for password-based authentication, automated tools are employed to assist the user in selecting strong password authenticators;

     - - -

    for password-based authentication, are enforced.

    @@ -20689,6 +15727,7 @@     Public Key-based Authentication + @@ -20700,9 +15739,6 @@ -

    For public key-based authentication:

    @@ -20715,9 +15751,6 @@     -

    When public key infrastructure (PKI) is used:

    @@ -20738,25 +15771,11 @@ - -

    authorized access to the corresponding private key is enforced for public key-based authentication;

     - -

    the authenticated identity is mapped to the account of the individual or group for public key-based authentication;

    @@ -20766,25 +15785,11 @@ - -

    when public key infrastructure (PKI) is used, certificates are validated by constructing and verifying a certification path to an accepted trust anchor, including checking certificate status information;

     - -

    when public key infrastructure (PKI) is used, a local cache of revocation data is implemented to support path discovery and validation.

    @@ -20827,6 +15832,7 @@     Protection of Authenticators + @@ -20836,22 +15842,12 @@ -

    Protect authenticators commensurate with the security category of the information to which use of the authenticator permits access.

    For systems that contain multiple security categories of information without reliable physical or logical separation between categories, authenticators used to grant access to the systems are protected commensurate with the highest security category of information on the systems. Security categories of information are determined as part of the security categorization process.

     - -

    authenticators are protected commensurate with the security category of the information to which use of the authenticator permits access.

    @@ -20890,6 +15886,7 @@     No Embedded Unencrypted Static Authenticators + @@ -20898,9 +15895,6 @@ value="organization"/> -

    Ensure that unencrypted static authenticators are not embedded in applications or other forms of static storage.

    IA-5 (7) Additional FedRAMP Requirements and Guidance @@ -20914,13 +15908,6 @@

    In addition to applications, other forms of static storage include access scripts and function keys. Organizations exercise caution when determining whether embedded or stored authenticators are in encrypted or unencrypted form. If authenticators are used in the manner stored, then those representations are considered unencrypted authenticators.

     - -

    unencrypted static authenticators are not embedded in applications or other forms of static storage.

    @@ -20961,6 +15948,7 @@     Authentication Feedback + @@ -20969,22 +15957,12 @@ value="system"/> -

    Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals.

    Authentication feedback from systems does not provide information that would allow unauthorized individuals to compromise authentication mechanisms. For some types of systems, such as desktops or notebooks with relatively large monitors, the threat (referred to as shoulder surfing) may be significant. For other types of systems, such as mobile devices with small displays, the threat may be less significant and is balanced against the increased likelihood of typographic input errors due to small keyboards. Thus, the means for obscuring authentication feedback is selected accordingly. Obscuring authentication feedback includes displaying asterisks when users type passwords into input devices or displaying feedback for a very limited time before obscuring it.

     - -

    the feedback of authentication information is obscured during the authentication process to protect the information from possible exploitation and use by unauthorized individuals.

    @@ -21021,6 +15999,7 @@     Cryptographic Module Authentication + @@ -21034,30 +16013,12 @@ -

    Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication.

    Authentication mechanisms may be required within a cryptographic module to authenticate an operator accessing the module and to verify that the operator is authorized to assume the requested role and perform services within that role.

     - - - -

    mechanisms for authentication to a cryptographic module are implemented that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication.

    @@ -21095,6 +16056,7 @@     Identification and Authentication (Non-organizational Users) + @@ -21125,22 +16087,12 @@ -

    Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users.

    Non-organizational users include system users other than organizational users explicitly covered by IA-2 . Non-organizational users are uniquely identified and authenticated for accesses other than those explicitly identified and documented in AC-14 . Identification and authentication of non-organizational users accessing federal systems may be required to protect federal, proprietary, or privacy-related information (with exceptions noted for national security systems). Organizations consider many factors—including security, privacy, scalability, and practicality—when balancing the need to ensure ease of use for access to federal information and systems with the need to protect and adequately mitigate risk.

     - -

    non-organizational users or processes acting on behalf of non-organizational users are uniquely identified and authenticated.

    @@ -21179,6 +16131,7 @@     Acceptance of PIV Credentials from Other Agencies + @@ -21188,22 +16141,12 @@ -

    Accept and electronically verify Personal Identity Verification-compliant credentials from other federal agencies.

    Acceptance of Personal Identity Verification (PIV) credentials from other federal agencies applies to both logical and physical access control systems. PIV credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidelines. The adequacy and reliability of PIV card issuers are addressed and authorized using SP 800-79-2.

     - - @@ -21255,6 +16198,7 @@     Acceptance of External Authenticators + @@ -21264,16 +16208,10 @@ -

    Accept only external authenticators that are NIST-compliant; and

     -

    Document and maintain a list of accepted external authenticators.

     @@ -21284,29 +16222,11 @@ - -

    only external authenticators that are NIST-compliant are accepted;

     - - - @@ -21367,6 +16287,7 @@

    identity management profiles are defined;

    + @@ -21375,30 +16296,12 @@ value="system"/> -

    Conform to the following profiles for identity management .

    Organizations define profiles for identity management based on open identity management standards. To ensure that open identity management standards are viable, robust, reliable, sustainable, and interoperable as documented, the Federal Government assesses and scopes the standards and technology implementations against applicable laws, executive orders, directives, policies, regulations, standards, and guidelines.

     - - - -

    there is conformance with for identity management.

    @@ -21444,6 +16347,7 @@

    circumstances or situations requiring re-authentication are defined;

    + @@ -21460,9 +16364,6 @@ -

    Require users to re-authenticate when .

    IA-11 Additional FedRAMP Requirements and Guidance @@ -21483,21 +16384,6 @@

    In addition to the re-authentication requirements associated with device locks, organizations may require re-authentication of individuals in certain situations, including when roles, authenticators or credentials change, when security categories of systems change, when the execution of privileged functions occurs, after a fixed time period, or periodically.

     - - - -

    users are required to re-authenticate when .

    @@ -21537,6 +16423,7 @@     Identity Proofing + @@ -21558,23 +16445,14 @@ -

    Identity proof users that require accounts for logical access to systems based on appropriate identity assurance level requirements as specified in applicable standards and guidelines;

     -

    Resolve user identities to a unique individual; and

     -

    Collect, validate, and verify identity evidence.

     @@ -21592,53 +16470,16 @@ - - - -

    users who require accounts for logical access to systems based on appropriate identity assurance level requirements as specified in applicable standards and guidelines are identity proofed;

     - - -

    user identities are resolved to a unique individual;

     - - - @@ -21691,6 +16532,7 @@ Identity Evidence + @@ -21699,26 +16541,12 @@ value="organization"/> -

    Require evidence of individual identification be presented to the registration authority.

    Identity evidence, such as documentary evidence or a combination of documents and biometrics, reduces the likelihood of individuals using fraudulent identification to establish an identity or at least increases the work factor of potential adversaries. The forms of acceptable evidence are consistent with the risks to the systems, roles, and privileges associated with the user’s account.

     - - -

    evidence of individual identification is presented to the registration authority.

    @@ -21760,6 +16588,7 @@

    methods of validation and verification of identity evidence are defined;

    + @@ -21768,30 +16597,12 @@ value="organization"/> -

    Require that the presented identity evidence be validated and verified through .

    Validation and verification of identity evidence increases the assurance that accounts and identifiers are being established for the correct user and authenticators are being bound to that user. Validation refers to the process of confirming that the evidence is genuine and authentic, and the data contained in the evidence is correct, current, and related to an individual. Verification confirms and establishes a linkage between the claimed identity and the actual existence of the user presenting the evidence. Acceptable methods for validating and verifying identity evidence are consistent with the risks to the systems, roles, and privileges associated with the users account.

     - - - -

    the presented identity evidence is validated and verified through .

    @@ -21833,6 +16644,7 @@ notice of proofing + @@ -21842,9 +16654,6 @@ -

    Require that a be delivered through an out-of-band channel to verify the users address (physical or digital) of record.

    IA-12 (5) Additional FedRAMP Requirements and Guidance @@ -21858,17 +16667,6 @@

    To make it more difficult for adversaries to pose as legitimate users during the identity proofing process, organizations can use out-of-band methods to ensure that the individual associated with an address of record is the same individual that participated in the registration. Confirmation can take the form of a temporary enrollment code or a notice of proofing. The delivery address for these artifacts is obtained from records and not self-asserted by the user. The address can include a physical or digital address. A home address is an example of a physical address. Email addresses and telephone numbers are examples of digital addresses.

     - - -

    a is delivered through an out-of-band channel to verify the user’s address (physical or digital) of record.

    @@ -21975,6 +16773,7 @@

    events that would require the incident response procedures to be reviewed and updated are defined;

    + @@ -21997,13 +16796,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -22025,20 +16817,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the incident response policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current incident response:

    @@ -22059,57 +16841,21 @@ - - -

    an incident response policy is developed and documented;

     - - -

    the incident response policy is disseminated to ;

     - -

    incident response procedures to facilitate the implementation of the incident response policy and associated incident response controls are developed and documented;

     - -

    the incident response procedures are disseminated to ;

    @@ -22117,13 +16863,6 @@ - - @@ -22163,13 +16902,6 @@ - -

    the incident response policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

    @@ -22179,17 +16911,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the incident response policy and procedures;

    @@ -22197,17 +16918,6 @@ - - - @@ -22222,17 +16932,6 @@ - - - @@ -22310,6 +17009,7 @@

    events that initiate a review of the incident response training content are defined;

    + @@ -22331,9 +17031,6 @@ -

    Provide incident response training to system users consistent with assigned roles and responsibilities:

    @@ -22351,9 +17048,6 @@     -

    Review and update incident response training content and following .

     @@ -22366,49 +17060,16 @@ - - -

    incident response training is provided to system users consistent with assigned roles and responsibilities within of assuming an incident response role or responsibility or acquiring system access;

     - - -

    incident response training is provided to system users consistent with assigned roles and responsibilities when required by system changes;

     - - -

    incident response training is provided to system users consistent with assigned roles and responsibilities thereafter;

    @@ -22418,33 +17079,11 @@ - - -

    incident response training content is reviewed and updated ;

     - - -

    incident response training content is reviewed and updated following .

    @@ -22497,7 +17136,7 @@

    tests used to test the effectiveness of the incident response capability for the system are defined;

    - + @@ -22517,9 +17156,6 @@ -

    Test the effectiveness of the incident response capability for the system using the following tests: .

    IR-3-2 Additional FedRAMP Requirements and Guidance @@ -22533,17 +17169,6 @@

    Organizations test incident response capabilities to determine their effectiveness and identify potential weaknesses or deficiencies. Incident response testing includes the use of checklists, walk-through or tabletop exercises, and simulations (parallel or full interrupt). Incident response testing can include a determination of the effects on organizational operations and assets and individuals due to incident response. The use of qualitative and quantitative data aids in determining the effectiveness of incident response processes.

     - - -

    the effectiveness of the incident response capability for the system is tested using .

    @@ -22576,6 +17201,7 @@     Coordination with Related Plans + @@ -22587,26 +17213,12 @@ value="true"/> -

    Coordinate incident response testing with organizational elements responsible for related plans.

    Organizational plans related to incident response testing include business continuity plans, disaster recovery plans, continuity of operations plans, contingency plans, crisis communications plans, critical infrastructure plans, and occupant emergency plans.

     - - -

    incident response testing is coordinated with organizational elements responsible for related plans.

    @@ -22645,7 +17257,7 @@     Incident Handling - + @@ -22685,30 +17297,18 @@ -

    Implement an incident handling capability for incidents that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery;

     -

    Coordinate incident handling activities with contingency planning activities;

     -

    Incorporate lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implement the resulting changes accordingly; and

     -

    Ensure the rigor, intensity, scope, and results of incident handling activities are comparable and predictable across the organization.

     @@ -22732,33 +17332,11 @@ - - -

    an incident handling capability for incidents is implemented that is consistent with the incident response plan;

     - - -

    the incident handling capability for incidents includes preparation;

    @@ -22786,17 +17364,6 @@     - - -

    incident handling activities are coordinated with contingency planning activities;

    @@ -22804,33 +17371,11 @@ - - -

    lessons learned from ongoing incident handling activities are incorporated into incident response procedures, training, and testing;

     - - -

    the changes resulting from the incorporated lessons learned are implemented accordingly;

    @@ -22838,17 +17383,6 @@     - - - @@ -22912,7 +17446,7 @@

    automated mechanisms used to support the incident handling process are defined;

    - + @@ -22921,26 +17455,12 @@ value="organization"/> -

    Support the incident handling process using .

    Automated mechanisms that support incident handling processes include online incident management systems and tools that support the collection of live response data, full network packet capture, and forensic analysis.

     - - -

    the incident handling process is supported using .

    @@ -22979,6 +17499,7 @@     Incident Monitoring + @@ -23002,26 +17523,12 @@ -

    Track and document incidents.

    Documenting incidents includes maintaining records about each incident, the status of the incident, and other pertinent information necessary for forensics as well as evaluating incident details, trends, and handling. Incident information can be obtained from a variety of sources, including network monitoring, incident reports, incident response teams, user complaints, supply chain partners, audit monitoring, physical access monitoring, and user and administrator reports. IR-4 provides information on the types of incidents that are appropriate for monitoring.

     - - - @@ -23084,6 +17591,7 @@

    authorities to whom incident information is to be reported are defined;

    + @@ -23102,16 +17610,10 @@ -

    Require personnel to report suspected incidents to the organizational incident response capability within ; and

     -

    Report incident information to .

     @@ -23129,33 +17631,11 @@ - - -

    personnel is/are required to report suspected incidents to the organizational incident response capability within ;

     - - -

    incident information is reported to .

    @@ -23202,6 +17682,7 @@

    automated mechanisms used for reporting incidents are defined;

    + @@ -23211,30 +17692,12 @@ -

    Report incidents using .

    The recipients of incident reports are specified in IR-6b . Automated reporting mechanisms include email, posting on websites (with automatic updates), and automated incident response tools and programs.

     - - - -

    incidents are reported using .

    @@ -23272,6 +17735,7 @@     Supply Chain Coordination + @@ -23281,26 +17745,12 @@ -

    Provide incident information to the provider of the product or service and other organizations involved in the supply chain or supply chain governance for systems or system components related to the incident.

    Organizations involved in supply chain activities include product developers, system integrators, manufacturers, packagers, assemblers, distributors, vendors, and resellers. Entities that provide supply chain governance include the Federal Acquisition Security Council (FASC). Supply chain incidents include compromises or breaches that involve information technology products, system components, development processes or personnel, distribution processes, or warehousing facilities. Organizations determine the appropriate information to share and consider the value gained from informing external organizations about supply chain incidents, including the ability to improve processes or to identify the root cause of an incident.

     - - -

    incident information is provided to the provider of the product or service and other organizations involved in the supply chain or supply chain governance for systems or system components related to the incident.

    @@ -23344,6 +17794,7 @@     Incident Response Assistance + @@ -23362,9 +17813,6 @@ -

    Provide an incident response support resource, integral to the organizational incident response capability, that offers advice and assistance to users of the system for the handling and reporting of incidents.

     @@ -23373,33 +17821,11 @@ - - -

    an incident response support resource, integral to the organizational incident response capability, is provided;

     - - -

    the incident response support resource offers advice and assistance to users of the system for the response and reporting of incidents.

    @@ -23443,6 +17869,7 @@

    automated mechanisms used to increase the availability of incident response information and support are defined;

    + @@ -23451,30 +17878,12 @@ value="organization"/> -

    Increase the availability of incident response information and support using .

    Automated mechanisms can provide a push or pull capability for users to obtain incident response assistance. For example, individuals may have access to a website to query the assistance capability, or the assistance capability can proactively send incident response information to users (general distribution or targeted) as part of increasing understanding of current response capabilities and support.

     - - - -

    the availability of incident response information and support is increased using .

    @@ -23574,6 +17983,7 @@

    organizational elements to which changes to the incident response plan are communicated are defined;

    + @@ -23596,9 +18006,6 @@ -

    Develop an incident response plan that:

    @@ -23644,30 +18051,18 @@     -

    Distribute copies of the incident response plan to ;

     -

    Update the incident response plan to address system and organizational changes or problems encountered during plan implementation, execution, or testing;

     -

    Communicate incident response plan changes to ; and

     -

    Protect the incident response plan from unauthorized disclosure and modification.

     @@ -23691,122 +18086,52 @@ - -

    an incident response plan is developed that provides the organization with a roadmap for implementing its incident response capability;

     - -

    an incident response plan is developed that describes the structure and organization of the incident response capability;

     - -

    an incident response plan is developed that provides a high-level approach for how the incident response capability fits into the overall organization;

     - -

    an incident response plan is developed that meets the unique requirements of the organization with regard to mission, size, structure, and functions;

     - -

    an incident response plan is developed that defines reportable incidents;

     - -

    an incident response plan is developed that provides metrics for measuring the incident response capability within the organization;

     - -

    an incident response plan is developed that defines the resources and management support needed to effectively maintain and mature an incident response capability;

     - -

    an incident response plan is developed that addresses the sharing of incident information;

     - -

    an incident response plan is developed that is reviewed and approved by ;

     - -

    an incident response plan is developed that explicitly designates responsibility for incident response to .

    @@ -23814,13 +18139,6 @@     - - @@ -23835,33 +18153,11 @@ - - -

    the incident response plan is updated to address system and organizational changes or problems encountered during plan implementation, execution, or testing;

     - - - @@ -23876,13 +18172,6 @@ - - @@ -23947,6 +18236,7 @@

    actions to be performed are defined;

    + @@ -23964,51 +18254,30 @@

    Respond to information spills by:

    -

    Assigning with responsibility for responding to information spills;

     -

    Identifying the specific information involved in the system contamination;

     -

    Alerting of the information spill using a method of communication not associated with the spill;

     -

    Isolating the contaminated system or system component;

     -

    Eradicating the information from the contaminated system or component;

     -

    Identifying other systems or system components that may have been subsequently contaminated; and

     -

    Performing the following additional actions: .

     @@ -24019,115 +18288,38 @@ - - -

    is/are assigned the responsibility to respond to information spills;

     - - -

    the specific information involved in the system contamination is identified in response to information spills;

     - - -

    is/are alerted of the information spill using a method of communication not associated with the spill;

     - - -

    the contaminated system or system component is isolated in response to information spills;

     - - -

    the information is eradicated from the contaminated system or component in response to information spills;

     - - -

    other systems or system components that may have been subsequently contaminated are identified in response to information spills;

     - - -

    are performed in response to information spills.

    @@ -24178,6 +18370,7 @@

    frequency at which to provide information spillage response training is defined;

    + @@ -24190,22 +18383,12 @@ -

    Provide information spillage response training .

    Organizations establish requirements for responding to information spillage incidents in incident response plans. Incident response training on a regular basis helps to ensure that organizational personnel understand their individual responsibilities and what specific actions to take when spillage incidents occur.

     - -

    information spillage response training is provided .

    @@ -24241,6 +18424,7 @@

    procedures to be implemented to ensure that organizational personnel impacted by information spills can continue to carry out assigned tasks while contaminated systems are undergoing corrective actions are defined;

    + @@ -24249,22 +18433,12 @@ value="organization"/> -

    Implement the following procedures to ensure that organizational personnel impacted by information spills can continue to carry out assigned tasks while contaminated systems are undergoing corrective actions: .

    Corrective actions for systems contaminated due to information spillages may be time-consuming. Personnel may not have access to the contaminated systems while corrective actions are being taken, which may potentially affect their ability to conduct organizational business.

     - -

    are implemented to ensure that organizational personnel impacted by information spills can continue to carry out assigned tasks while contaminated systems are undergoing corrective actions.

    @@ -24306,6 +18480,7 @@

    controls employed for personnel exposed to information not within assigned access authorizations are defined;

    + @@ -24314,22 +18489,12 @@ value="organization"/> -

    Employ the following controls for personnel exposed to information not within assigned access authorizations: .

    Controls include ensuring that personnel who are exposed to spilled information are made aware of the laws, executive orders, directives, regulations, policies, standards, and guidelines regarding the information and the restrictions imposed based on exposure to such information.

     - -

    are employed for personnel exposed to information not within assigned access authorizations.

    @@ -24438,6 +18603,7 @@

    events that would require the maintenance procedures to be reviewed and updated are defined;

    + @@ -24457,13 +18623,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -24485,20 +18644,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the maintenance policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current maintenance:

    @@ -24519,57 +18668,21 @@ - - -

    a maintenance policy is developed and documented;

     - - -

    the maintenance policy is disseminated to ;

     - -

    maintenance procedures to facilitate the implementation of the maintenance policy and associated maintenance controls are developed and documented;

     - -

    the maintenance procedures are disseminated to ;

    @@ -24577,13 +18690,6 @@ - - @@ -24623,13 +18729,6 @@ - -

    the maintenance policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

    @@ -24639,17 +18738,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the maintenance policy and procedures;

    @@ -24657,17 +18745,6 @@ - - - @@ -24682,17 +18759,6 @@ - - - @@ -24750,6 +18816,7 @@

    information to be included in organizational maintenance records is defined;

    + @@ -24772,44 +18839,26 @@ -

    Schedule, document, and review records of maintenance, repair, and replacement on system components in accordance with manufacturer or vendor specifications and/or organizational requirements;

     -

    Approve and monitor all maintenance activities, whether performed on site or remotely and whether the system or system components are serviced on site or removed to another location;

     -

    Require that explicitly approve the removal of the system or system components from organizational facilities for off-site maintenance, repair, or replacement;

     -

    Sanitize equipment to remove the following information from associated media prior to removal from organizational facilities for off-site maintenance, repair, or replacement: ;

     -

    Check all potentially impacted controls to verify that the controls are still functioning properly following maintenance, repair, or replacement actions; and

     -

    Include the following information in organizational maintenance records: .

     @@ -24820,21 +18869,6 @@ - - - - @@ -24854,17 +18888,6 @@ - - - @@ -24879,58 +18902,22 @@ - - -

    is/are required to explicitly approve the removal of the system or system components from organizational facilities for off-site maintenance, repair, or replacement;

     - - -

    equipment is sanitized to remove from associated media prior to removal from organizational facilities for off-site maintenance, repair, or replacement;

     - -

    all potentially impacted controls are checked to verify that the controls are still functioning properly following maintenance, repair, or replacement actions;

     - -

    is included in organizational maintenance records.

    @@ -24986,6 +18973,7 @@

    frequency at which to review previously approved system maintenance tools is defined;

    + @@ -24997,16 +18985,10 @@ -

    Approve, control, and monitor the use of system maintenance tools; and

     -

    Review previously approved system maintenance tools .

     @@ -25019,21 +19001,6 @@ - - - - @@ -25053,21 +19020,6 @@ - - - -

    previously approved system maintenance tools are reviewed .

    @@ -25104,6 +19056,7 @@     Inspect Tools + @@ -25113,30 +19066,12 @@ -

    Inspect the maintenance tools used by maintenance personnel for improper or unauthorized modifications.

    Maintenance tools can be directly brought into a facility by maintenance personnel or downloaded from a vendor’s website. If, upon inspection of the maintenance tools, organizations determine that the tools have been modified in an improper manner or the tools contain malicious code, the incident is handled consistent with organizational policies and procedures for incident handling.

     - - - -

    maintenance tools used by maintenance personnel are inspected for improper or unauthorized modifications.

    @@ -25173,7 +19108,7 @@     Inspect Media - + @@ -25183,30 +19118,12 @@ -

    Check media containing diagnostic and test programs for malicious code before the media are used in the system.

    If, upon inspection of media containing maintenance, diagnostic, and test programs, organizations determine that the media contains malicious code, the incident is handled consistent with organizational incident handling policies and procedures.

     - - - -

    media containing diagnostic and test programs are checked for malicious code before the media are used in the system.

    @@ -25253,6 +19170,7 @@

    personnel or roles who can authorize removal of equipment from the facility is/are defined;

    + @@ -25264,30 +19182,18 @@

    Prevent the removal of maintenance equipment containing organizational information by:

    -

    Verifying that there is no organizational information contained on the equipment;

     -

    Sanitizing or destroying the equipment;

     -

    Retaining the equipment within the facility; or

     -

    Obtaining an exemption from explicitly authorizing removal of the equipment from the facility.

     @@ -25296,21 +19202,6 @@

    Organizational information includes all information owned by organizations and any information provided to organizations for which the organizations serve as information stewards.

     - - - - @@ -25371,6 +19262,7 @@     Nonlocal Maintenance + @@ -25399,37 +19291,22 @@ -

    Approve and monitor nonlocal maintenance and diagnostic activities;

     -

    Allow the use of nonlocal maintenance and diagnostic tools only as consistent with organizational policy and documented in the security plan for the system;

     -

    Employ strong authentication in the establishment of nonlocal maintenance and diagnostic sessions;

     -

    Maintain records for nonlocal maintenance and diagnostic activities; and

     -

    Terminate session and network connections when nonlocal maintenance is completed.

     @@ -25440,17 +19317,6 @@ - - - @@ -25467,29 +19333,11 @@ - - -

    the use of nonlocal maintenance and diagnostic tools are allowed only as consistent with organizational policy;

     - -

    the use of nonlocal maintenance and diagnostic tools are documented in the security plan for the system;

    @@ -25497,45 +19345,16 @@     - - - -

    strong authentication is employed in the establishment of nonlocal maintenance and diagnostic sessions;

     - -

    records for nonlocal maintenance and diagnostic activities are maintained;

     - - @@ -25590,6 +19409,7 @@     Maintenance Personnel + @@ -25610,23 +19430,14 @@ -

    Establish a process for maintenance personnel authorization and maintain a list of authorized maintenance organizations or personnel;

     -

    Verify that non-escorted personnel performing maintenance on the system possess the required access authorizations; and

     -

    Designate organizational personnel with required access authorizations and technical competence to supervise the maintenance activities of personnel who do not possess the required access authorizations.

     @@ -25637,13 +19448,6 @@ - - @@ -25658,41 +19462,11 @@ - - - -

    non-escorted personnel performing maintenance on the system possess the required access authorizations;

     - - - -

    organizational personnel with required access authorizations and technical competence is/are designated to supervise the maintenance activities of personnel who do not possess the required access authorizations.

    @@ -25738,6 +19512,7 @@

    alternate controls to be developed and implemented in the event that a system component cannot be sanitized, removed, or disconnected from the system are defined;

    + @@ -25749,9 +19524,6 @@ -

    Implement procedures for the use of maintenance personnel that lack appropriate security clearances or are not U.S. citizens, that include the following requirements:

    @@ -25764,9 +19536,6 @@     -

    Develop and implement in the event a system component cannot be sanitized, removed, or disconnected from the system.

     @@ -25786,33 +19555,11 @@ - - -

    procedures for the use of maintenance personnel who lack appropriate security clearances or are not U.S. citizens are implemented and include approved organizational personnel who are fully cleared, have appropriate access authorizations, and are technically qualified escorting and supervising maintenance personnel without the needed access authorization during the performance of maintenance and diagnostic activities;

     - - -

    procedures for the use of maintenance personnel who lack appropriate security clearances or are not U.S. citizens are implemented and include all volatile information storage components within the system being sanitized and all non-volatile storage media being removed or physically disconnected from the system and secured prior to initiating maintenance or diagnostic activities;

    @@ -25820,21 +19567,6 @@     - - - -

    are developed and implemented in the event that a system cannot be sanitized, removed, or disconnected from the system.

    @@ -25899,6 +19631,7 @@

    time period within which maintenance support and/or spare parts are to be obtained after a failure are defined;

    + @@ -25915,30 +19648,12 @@ -

    Obtain maintenance support and/or spare parts for within of failure.

    Organizations specify the system components that result in increased risk to organizational operations and assets, individuals, other organizations, or the Nation when the functionality provided by those components is not operational. Organizational actions to obtain maintenance support include having appropriate contracts in place.

     - - - -

    maintenance support and/or spare parts are obtained for within of failure.

    @@ -26046,6 +19761,7 @@

    events that would require media protection procedures to be reviewed and updated are defined;

    + @@ -26065,13 +19781,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -26093,20 +19802,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the media protection policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current media protection:

    @@ -26127,57 +19826,21 @@ - - -

    a media protection policy is developed and documented;

     - - -

    the media protection policy is disseminated to ;

     - -

    media protection procedures to facilitate the implementation of the media protection policy and associated media protection controls are developed and documented;

     - -

    the media protection procedures are disseminated to ;

    @@ -26185,13 +19848,6 @@ - - @@ -26231,13 +19887,6 @@ - -

    the media protection policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

    @@ -26247,17 +19896,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the media protection policy and procedures.

    @@ -26265,17 +19903,6 @@ - - - @@ -26290,17 +19917,6 @@ - - - @@ -26375,6 +19991,7 @@

    personnel or roles authorized to access non-digital media is/are defined;

    + @@ -26399,9 +20016,6 @@ -

    Restrict access to to .

     @@ -26410,41 +20024,11 @@ - - - -

    access to is restricted to ;

     - - - -

    access to is restricted to .

    @@ -26507,6 +20091,7 @@

    controlled areas where media is exempt from marking are defined;

    + @@ -26523,16 +20108,10 @@ -

    Mark system media indicating the distribution limitations, handling caveats, and applicable security markings (if any) of the information; and

     -

    Exempt from marking if the media remain within .

     @@ -26550,25 +20129,11 @@ - -

    system media is marked to indicate distribution limitations, handling caveats, and applicable security markings (if any) of the information;

     - -

    remain within .

    @@ -26660,6 +20225,7 @@

    controlled areas within which to securely store non-digital media are defined;

    + @@ -26690,16 +20256,10 @@ -

    Physically control and securely store within ; and

     -

    Protect system media types defined in MP-4a until the media are destroyed or sanitized using approved equipment, techniques, and procedures.

     @@ -26719,84 +20279,24 @@ - - - -

    are physically controlled;

     - - - -

    are physically controlled;

     - - - -

    are securely stored within ;

     - - - -

    are securely stored within ;

    @@ -26805,21 +20305,6 @@     - - - -

    system media types (defined in MP-04_ODP[01], MP-04_ODP[02], MP-04_ODP[03], MP-04_ODP[04]) are protected until the media are destroyed or sanitized using approved equipment, techniques, and procedures.

    @@ -26890,6 +20375,7 @@

    controls used to control system media outside of controlled areas are defined;

    + @@ -26913,30 +20399,18 @@ -

    Protect and control during transport outside of controlled areas using ;

     -

    Maintain accountability for system media during transport outside of controlled areas;

     -

    Document activities associated with the transport of system media; and

     -

    Restrict the activities associated with the transport of system media to authorized personnel.

     @@ -26954,21 +20428,6 @@ - - - - @@ -26985,33 +20444,11 @@ - - - -

    accountability for system media is maintained during transport outside of controlled areas;

     - -

    activities associated with the transport of system media are documented;

    @@ -27019,29 +20456,11 @@ - - -

    personnel authorized to conduct media transport activities is/are identified;

     - -

    activities associated with the transport of system media are restricted to identified authorized personnel.

    @@ -27132,6 +20551,7 @@

    sanitization techniques and procedures to be used for sanitization prior to release for reuse are defined;

    + @@ -27162,16 +20582,10 @@ -

    Sanitize prior to disposal, release out of organizational control, or release for reuse using ; and

     -

    Employ sanitization mechanisms with the strength and integrity commensurate with the security category or classification of the information.

     @@ -27182,21 +20596,6 @@ - - - - @@ -27219,21 +20618,6 @@ - - - -

    sanitization mechanisms with strength and integrity commensurate with the security category or classification of the information are employed.

    @@ -27303,6 +20687,7 @@

    controls to restrict or prohibit the use of specific types of system media on systems or system components are defined;

    + @@ -27319,17 +20704,11 @@ -

    the use of on using ; and

     -

    Prohibit the use of portable storage devices in organizational systems when such devices have no identifiable owner.

     @@ -27340,41 +20719,11 @@ - - - -

    the use of is on using ;

     - - - -

    the use of portable storage devices in organizational systems is prohibited when such devices have no identifiable owner.

    @@ -27486,6 +20835,7 @@

    events that would require the physical and environmental protection procedures to be reviewed and updated are defined;

    + @@ -27505,13 +20855,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -27533,20 +20876,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the physical and environmental protection policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current physical and environmental protection:

    @@ -27567,57 +20900,21 @@ - - -

    a physical and environmental protection policy is developed and documented;

     - - -

    the physical and environmental protection policy is disseminated to ;

     - -

    physical and environmental protection procedures to facilitate the implementation of the physical and environmental protection policy and associated physical and environmental protection controls are developed and documented;

     - -

    the physical and environmental protection procedures are disseminated to ;

    @@ -27625,13 +20922,6 @@ - - @@ -27671,13 +20961,6 @@ - -

    the physical and environmental protection policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

    @@ -27687,17 +20970,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the physical and environmental protection policy and procedures;

    @@ -27705,17 +20977,6 @@ - - - @@ -27730,17 +20991,6 @@ - - - @@ -27791,6 +21041,7 @@

    frequency at which to review the access list detailing authorized facility access by individuals is defined;

    + @@ -27817,30 +21068,18 @@ -

    Develop, approve, and maintain a list of individuals with authorized access to the facility where the system resides;

     -

    Issue authorization credentials for facility access;

     -

    Review the access list detailing authorized facility access by individuals ; and

     -

    Remove individuals from the facility access list when access is no longer required.

     @@ -27851,17 +21090,6 @@ - - - @@ -27881,37 +21109,16 @@ - -

    authorization credentials are issued for facility access;

     - -

    the access list detailing authorized facility access by individuals is reviewed ;

     - -

    individuals are removed from the facility access list when access is no longer required.

    @@ -28037,7 +21244,7 @@

    frequency at which to change keys is defined;

    - + @@ -28074,9 +21281,6 @@ -

    Enforce physical access authorizations at by:

    @@ -28089,44 +21293,26 @@     -

    Maintain physical access audit logs for ;

     -

    Control access to areas within the facility designated as publicly accessible by implementing the following controls: ;

     -

    Escort visitors and control visitor activity ;

     -

    Secure keys, combinations, and other physical access devices;

     -

    Inventory every ; and

     -

    Change combinations and keys and/or when keys are lost, combinations are compromised, or when individuals possessing the keys or combinations are transferred or terminated.

     @@ -28139,29 +21325,11 @@ - -

    physical access authorizations are enforced at by verifying individual access authorizations before granting access to the facility;

     - - -

    physical access authorizations are enforced at by controlling ingress and egress to the facility using ;

    @@ -28169,29 +21337,11 @@     - - -

    physical access audit logs are maintained for ;

     - -

    access to areas within the facility designated as publicly accessible are maintained by implementing ;

    @@ -28199,29 +21349,11 @@ - -

    visitors are escorted;

     - - -

    visitor activity is controlled ;

    @@ -28231,37 +21363,16 @@ - -

    keys are secured;

     - -

    combinations are secured;

     - -

    other physical access devices are secured;

    @@ -28269,17 +21380,6 @@     - - -

    are inventoried ;

    @@ -28288,25 +21388,11 @@ - -

    combinations are changed , when combinations are compromised, or when individuals possessing the combinations are transferred or terminated;

     - -

    keys are changed , when keys are lost, or when individuals possessing the keys are transferred or terminated.

    @@ -28364,6 +21450,7 @@

    security controls to be implemented to control physical access to system distribution and transmission lines within the organizational facility are defined;

    + @@ -28381,26 +21468,12 @@ -

    Control physical access to within organizational facilities using .

    Security controls applied to system distribution and transmission lines prevent accidental damage, disruption, and physical tampering. Such controls may also be necessary to prevent eavesdropping or modification of unencrypted transmissions. Security controls used to control physical access to system distribution and transmission lines include disconnected or locked spare jacks, locked wiring closets, protection of cabling by conduit or cable trays, and wiretapping sensors.

     - - -

    physical access to within organizational facilities is controlled using .

    @@ -28443,6 +21516,7 @@

    output devices that require physical access control to output are defined;

    + @@ -28455,22 +21529,12 @@ -

    Control physical access to output from to prevent unauthorized individuals from obtaining the output.

    Controlling physical access to output devices includes placing output devices in locked rooms or other secured areas with keypad or card reader access controls and allowing access to authorized individuals only, placing output devices in locations that can be monitored by personnel, installing monitor or screen filters, and using headphones. Examples of output devices include monitors, printers, scanners, audio devices, facsimile machines, and copiers.

     - -

    physical access to output from is controlled to prevent unauthorized individuals from obtaining the output.

    @@ -28525,6 +21589,7 @@

    events or potential indication of events requiring physical access logs to be reviewed are defined;

    + @@ -28544,23 +21609,14 @@ -

    Monitor physical access to the facility where the system resides to detect and respond to physical security incidents;

     -

    Review physical access logs and upon occurrence of ; and

     -

    Coordinate results of reviews and investigations with the organizational incident response capability.

     @@ -28571,17 +21627,6 @@ - - -

    physical access to the facility where the system resides is monitored to detect and respond to physical security incidents;

    @@ -28589,25 +21634,11 @@ - -

    physical access logs are reviewed ;

     - -

    physical access logs are reviewed upon occurrence of ;

    @@ -28617,33 +21648,11 @@ - - -

    results of reviews are coordinated with organizational incident response capabilities;

     - - -

    results of investigations are coordinated with organizational incident response capabilities.

    @@ -28685,6 +21694,7 @@     Intrusion Alarms and Surveillance Equipment + @@ -28696,22 +21706,12 @@ value="true"/> -

    Monitor physical access to the facility where the system resides using physical intrusion alarms and surveillance equipment.

    Physical intrusion alarms can be employed to alert security personnel when unauthorized access to the facility is attempted. Alarm systems work in conjunction with physical barriers, physical access control systems, and security guards by triggering a response when these other forms of security have been compromised or breached. Physical intrusion alarms can include different types of sensor devices, such as motion sensors, contact sensors, and broken glass sensors. Surveillance equipment includes video cameras installed at strategic locations throughout the facility.

     - - @@ -28791,6 +21791,7 @@

    personnel to whom visitor access records anomalies are reported to is/are defined;

    + @@ -28805,23 +21806,14 @@ -

    Maintain visitor access records to the facility where the system resides for ;

     -

    Review visitor access records ; and

     -

    Report anomalies in visitor access records to .

     @@ -28832,45 +21824,16 @@ - - -

    visitor access records for the facility where the system resides are maintained for ;

     - -

    visitor access records are reviewed ;

     - - -

    visitor access records anomalies are reported to .

    @@ -28911,6 +21874,7 @@     Power Equipment and Cabling + @@ -28919,22 +21883,12 @@ value="organization"/> -

    Protect power equipment and power cabling for the system from damage and destruction.

    Organizations determine the types of protection necessary for the power equipment and cabling employed at different locations that are both internal and external to organizational facilities and environments of operation. Types of power equipment and cabling include internal cabling and uninterruptable power sources in offices or data centers, generators and power cabling outside of buildings, and power sources for self-contained components such as satellites, vehicles, and other deployable systems.

     - - @@ -28994,6 +21948,7 @@

    location of emergency shutoff switches or devices by system or system component is defined;

    + @@ -29003,23 +21958,14 @@ -

    Provide the capability of shutting off power to in emergency situations;

     -

    Place emergency shutoff switches or devices in to facilitate access for authorized personnel; and

     -

    Protect emergency power shutoff capability from unauthorized activation.

     @@ -29030,45 +21976,16 @@ - - -

    the capability to shut off power to in emergency situations is provided;

     - -

    emergency shutoff switches or devices are placed in to facilitate access for authorized personnel;

     - - -

    the emergency power shutoff capability is protected from unauthorized activation.

    @@ -29112,6 +22029,7 @@ transition of the system to long-term alternate power + @@ -29122,26 +22040,12 @@ -

    Provide an uninterruptible power supply to facilitate in the event of a primary power source loss.

    An uninterruptible power supply (UPS) is an electrical system or mechanism that provides emergency power when there is a failure of the main power source. A UPS is typically used to protect computers, data centers, telecommunication equipment, or other electrical equipment where an unexpected power disruption could cause injuries, fatalities, serious mission or business disruption, or loss of data or information. A UPS differs from an emergency power system or backup generator in that the UPS provides near-instantaneous protection from unanticipated power interruptions from the main power source by providing energy stored in batteries, supercapacitors, or flywheels. The battery duration of a UPS is relatively short but provides sufficient time to start a standby power source, such as a backup generator, or properly shut down the system.

     - - -

    an uninterruptible power supply is provided to facilitate in the event of a primary power source loss.

    @@ -29178,6 +22082,7 @@     Emergency Lighting + @@ -29187,9 +22092,6 @@ -

    Employ and maintain automatic emergency lighting for the system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility.

     @@ -29198,49 +22100,21 @@ - -

    automatic emergency lighting that activates in the event of a power outage or disruption is employed for the system;

     - -

    automatic emergency lighting that activates in the event of a power outage or disruption is maintained for the system;

     - -

    automatic emergency lighting for the system covers emergency exits within the facility;

     - -

    automatic emergency lighting for the system covers evacuation routes within the facility.

    @@ -29278,6 +22152,7 @@     Fire Protection + @@ -29286,9 +22161,6 @@ value="organization"/> -

    Employ and maintain fire detection and suppression systems that are supported by an independent energy source.

     @@ -29297,97 +22169,31 @@ - - -

    fire detection systems are employed;

     - - -

    employed fire detection systems are supported by an independent energy source;

     - - -

    employed fire detection systems are maintained;

     - - -

    fire suppression systems are employed;

     - - -

    employed fire suppression systems are supported by an independent energy source;

     - - -

    employed fire suppression systems are maintained.

    @@ -29446,6 +22252,7 @@

    emergency responders to be notified in the event of a fire are defined;

    + @@ -29454,9 +22261,6 @@ value="organization"/> -

    Employ fire detection systems that activate automatically and notify and in the event of a fire.

     @@ -29465,45 +22269,16 @@ - -

    fire detection systems that activate automatically are employed in the event of a fire;

     - - -

    fire detection systems that notify automatically are employed in the event of a fire;

     - - -

    fire detection systems that notify automatically are employed in the event of a fire.

    @@ -29558,6 +22333,7 @@

    emergency responders to be notified in the event of a fire are defined;

    + @@ -29567,16 +22343,10 @@ -

    Employ fire suppression systems that activate automatically and notify and ; and

     -

    Employ an automatic fire suppression capability when the facility is not staffed on a continuous basis.

     @@ -29589,45 +22359,16 @@ - -

    fire suppression systems that activate automatically are employed;

     - - -

    fire suppression systems that notify automatically are employed;

     - - -

    fire suppression systems that notify automatically are employed;

    @@ -29635,17 +22376,6 @@     - - -

    an automatic fire suppression capability is employed when the facility is not staffed on a continuous basis.

    @@ -29727,6 +22457,7 @@

    frequency at which to monitor environmental control levels is defined;

    + @@ -29737,16 +22468,10 @@ -

    Maintain levels within the facility where the system resides at ; and

     -

    Monitor environmental control levels .

     @@ -29764,34 +22489,12 @@ - - -

    levels are maintained at within the facility where the system resides;

     - - -

    environmental control levels are monitored .

    @@ -29830,6 +22533,7 @@     Water Damage Protection + @@ -29839,9 +22543,6 @@ -

    Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel.

     @@ -29850,65 +22551,21 @@ - - -

    the system is protected from damage resulting from water leakage by providing master shutoff or isolation valves;

     - - -

    the master shutoff or isolation valves are accessible;

     - - -

    the master shutoff or isolation valves are working properly;

     - - -

    the master shutoff or isolation valves are known to key personnel.

    @@ -29968,6 +22625,7 @@

    types of system components to be authorized and controlled when exiting the facility are defined;

    + @@ -29986,16 +22644,10 @@ -

    Authorize and control entering and exiting the facility; and

     -

    Maintain records of the system components.

     @@ -30008,68 +22660,24 @@ - - -

    are authorized when entering the facility;

     - - -

    are controlled when entering the facility;

     - - -

    are authorized when exiting the facility;

     - - -

    are controlled when exiting the facility;

    @@ -30078,17 +22686,6 @@     - - -

    records of the system components are maintained.

    @@ -30138,6 +22735,7 @@

    controls to be employed at alternate work sites are defined;

    + @@ -30150,30 +22748,18 @@ -

    Determine and document the allowed for use by employees;

     -

    Employ the following controls at alternate work sites: ;

     -

    Assess the effectiveness of controls at alternate work sites; and

     -

    Provide a means for employees to communicate with information security and privacy personnel in case of incidents.

     @@ -30184,67 +22770,23 @@ - - -

    are determined and documented;

     - - -

    are employed at alternate work sites;

     - - -

    the effectiveness of controls at alternate work sites is assessed;

     - - -

    a means for employees to communicate with information security and privacy personnel in case of incidents is provided.

    @@ -30357,6 +22899,7 @@

    events that would require procedures to be reviewed and updated are defined;

    + @@ -30377,13 +22920,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -30405,20 +22941,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the planning policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current planning:

    @@ -30439,57 +22965,21 @@ - - -

    a planning policy is developed and documented.

     - - -

    the planning policy is disseminated to ;

     - -

    planning procedures to facilitate the implementation of the planning policy and associated planning controls are developed and documented;

     - -

    the planning procedures are disseminated to ;

    @@ -30497,13 +22987,6 @@ - - @@ -30543,13 +23026,6 @@ - -

    the planning policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

    @@ -30559,17 +23035,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the planning policy and procedures;

    @@ -30577,17 +23042,6 @@ - - - @@ -30602,17 +23056,6 @@ - - - @@ -30684,6 +23127,7 @@

    frequency to review system security and privacy plans is defined;

    + @@ -30737,9 +23181,6 @@ -

    Develop security and privacy plans for the system that:

    @@ -30804,30 +23245,18 @@     -

    Distribute copies of the plans and communicate subsequent changes to the plans to ;

     -

    Review the plans ;

     -

    Update the plans to address changes to the system and environment of operation or problems identified during plan implementation or control assessments; and

     -

    Protect the plans from unauthorized disclosure and modification.

     @@ -30845,77 +23274,11 @@ - - - - - - - - -

    a security plan for the system is developed that is consistent with the organization’s enterprise architecture;

     - - - - - - - - -

    a privacy plan for the system is developed that is consistent with the organization’s enterprise architecture;

    @@ -30953,25 +23316,11 @@ - -

    a security plan for the system is developed that identifies the individuals that fulfill system roles and responsibilities;

     - -

    a privacy plan for the system is developed that identifies the individuals that fulfill system roles and responsibilities;

    @@ -30979,13 +23328,6 @@     - - @@ -31000,13 +23342,6 @@ - - @@ -31021,13 +23356,6 @@ - - @@ -31042,13 +23370,6 @@ - - @@ -31063,17 +23384,6 @@ - - - @@ -31090,25 +23400,11 @@ - -

    a security plan for the system is developed that provides an overview of the security requirements for the system;

     - -

    a privacy plan for the system is developed that provides an overview of the privacy requirements for the system;

    @@ -31116,13 +23412,6 @@     - - @@ -31139,25 +23428,11 @@ - -

    a security plan for the system is developed that describes the controls in place or planned for meeting the security requirements, including rationale for any tailoring decisions;

     - -

    a privacy plan for the system is developed that describes the controls in place or planned for meeting the privacy requirements, including rationale for any tailoring decisions;

    @@ -31167,33 +23442,11 @@ - - -

    a security plan for the system is developed that includes risk determinations for security architecture and design decisions;

     - - -

    a privacy plan for the system is developed that includes risk determinations for privacy architecture and design decisions;

    @@ -31203,33 +23456,11 @@ - - -

    a security plan for the system is developed that includes security-related activities affecting the system that require planning and coordination with ;

     - - -

    a privacy plan for the system is developed that includes privacy-related activities affecting the system that require planning and coordination with ;

    @@ -31239,33 +23470,11 @@ - - -

    a security plan for the system is developed that is reviewed and approved by the authorizing official or designated representative prior to plan implementation;

     - - -

    a privacy plan for the system is developed that is reviewed and approved by the authorizing official or designated representative prior to plan implementation.

    @@ -31275,17 +23484,6 @@     - - - @@ -31300,33 +23498,11 @@ - - -

    plans are reviewed ;

     - - - @@ -31346,17 +23522,6 @@ - - - @@ -31440,6 +23605,7 @@

    frequency for individuals to read and re-acknowledge the rules of behavior is defined (if selected);

    + @@ -31472,30 +23638,18 @@ -

    Establish and provide to individuals requiring access to the system, the rules that describe their responsibilities and expected behavior for information and system usage, security, and privacy;

     -

    Receive a documented acknowledgment from such individuals, indicating that they have read, understand, and agree to abide by the rules of behavior, before authorizing access to information and the system;

     -

    Review and update the rules of behavior ; and

     -

    Require individuals who have acknowledged a previous version of the rules of behavior to read and re-acknowledge .

     @@ -31506,17 +23660,6 @@ - - - @@ -31531,49 +23674,16 @@ - - -

    before authorizing access to information and the system, a documented acknowledgement from such individuals indicating that they have read, understand, and agree to abide by the rules of behavior is received;

     - - -

    rules of behavior are reviewed and updated ;

     - - -

    individuals who have acknowledged a previous version of the rules of behavior are required to read and reacknowledge .

    @@ -31612,6 +23722,7 @@     Social Media and External Site/Application Usage Restrictions + @@ -31627,23 +23738,14 @@

    Include in the rules of behavior, restrictions on:

    -

    Use of social media, social networking sites, and external sites/applications;

     -

    Posting organizational information on public websites; and

     -

    Use of organization-provided identifiers (e.g., email addresses) and authentication secrets (e.g., passwords) for creating accounts on external sites/applications.

     @@ -31654,49 +23756,16 @@ - - -

    the rules of behavior include restrictions on the use of social media, social networking sites, and external sites/applications;

     - - -

    the rules of behavior include restrictions on posting organizational information on public websites;

     - - -

    the rules of behavior include restrictions on the use of organization-provided identifiers (e.g., email addresses) and authentication secrets (e.g., passwords) for creating accounts on external sites/applications.

    @@ -31747,6 +23816,7 @@

    frequency for review and update to reflect changes in the enterprise architecture;

    + @@ -31774,9 +23844,6 @@ -

    Develop security and privacy architectures for the system that:

    @@ -31797,16 +23864,10 @@     -

    Review and update the architectures to reflect changes in the enterprise architecture; and

     -

    Reflect planned architecture changes in security and privacy plans, Concept of Operations (CONOPS), criticality analysis, organizational procedures, and procurements and acquisitions.

     @@ -31831,45 +23892,16 @@ - - -

    a security architecture for the system describes the requirements and approach to be taken for protecting the confidentiality, integrity, and availability of organizational information;

     - - -

    a privacy architecture describes the requirements and approach to be taken for processing personally identifiable information to minimize privacy risk to individuals;

     - - @@ -31884,13 +23916,6 @@ - - @@ -31907,17 +23932,6 @@ - - -

    changes in the enterprise architecture are reviewed and updated to reflect changes in the enterprise architecture;

    @@ -31925,97 +23939,31 @@ - - -

    planned architecture changes are reflected in the security plan;

     - - -

    planned architecture changes are reflected in the privacy plan;

     - - -

    planned architecture changes are reflected in the Concept of Operations (CONOPS);

     - - -

    planned architecture changes are reflected in criticality analysis;

     - - -

    planned architecture changes are reflected in organizational procedures;

     - - -

    planned architecture changes are reflected in procurements and acquisitions.

    @@ -32060,6 +24008,7 @@     Baseline Selection + @@ -32082,9 +24031,6 @@ -

    Select a control baseline for the system.

    PL-10 Additional FedRAMP Requirements and Guidance @@ -32098,13 +24044,6 @@

    Control baselines are predefined sets of controls specifically assembled to address the protection needs of a group, organization, or community of interest. Controls are chosen for baselines to either satisfy mandates imposed by laws, executive orders, directives, regulations, policies, standards, and guidelines or address threats common to all users of the baseline under the assumptions specific to the baseline. Baselines represent a starting point for the protection of individuals’ privacy, information, and information systems with subsequent tailoring actions to manage risk in accordance with mission, business, or other constraints (see PL-11 ). Federal control baselines are provided in SP 800-53B . The selection of a control baseline is determined by the needs of stakeholders. Stakeholder needs consider mission and business requirements as well as mandates imposed by applicable laws, executive orders, directives, policies, regulations, standards, and guidelines. For example, the control baselines in SP 800-53B are based on the requirements from FISMA and PRIVACT . The requirements, along with the NIST standards and guidelines implementing the legislation, direct organizations to select one of the control baselines after the reviewing the information types and the information that is processed, stored, and transmitted on the system; analyzing the potential adverse impact of the loss or compromise of the information or system on the organization’s operations and assets, individuals, other organizations, or the Nation; and considering the results from system and organizational risk assessments. CNSSI 1253 provides guidance on control baselines for national security systems.

     - -

    a control baseline for the system is selected.

    @@ -32146,6 +24085,7 @@     Baseline Tailoring + @@ -32168,26 +24108,12 @@ -

    Tailor the selected control baseline by applying specified tailoring actions.

    The concept of tailoring allows organizations to specialize or customize a set of baseline controls by applying a defined set of tailoring actions. Tailoring actions facilitate such specialization and customization by allowing organizations to develop security and privacy plans that reflect their specific mission and business functions, the environments where their systems operate, the threats and vulnerabilities that can affect their systems, and any other conditions or situations that can impact their mission or business success. Tailoring guidance is provided in SP 800-53B . Tailoring a control baseline is accomplished by identifying and designating common controls, applying scoping considerations, selecting compensating controls, assigning values to control parameters, supplementing the control baseline with additional controls as needed, and providing information for control implementation. The general tailoring actions in SP 800-53B can be supplemented with additional actions based on the needs of organizations. Tailoring actions can be applied to the baselines in SP 800-53B in accordance with the security and privacy requirements from FISMA, PRIVACT , and OMB A-130 . Alternatively, other communities of interest adopting different control baselines can apply the tailoring actions in SP 800-53B to specialize or customize the controls that represent the specific needs and concerns of those entities.

     - - -

    the selected control baseline is tailored by applying specified tailoring actions.

    @@ -32298,6 +24224,7 @@

    events that would require the personnel security procedures to be reviewed and updated are defined;

    + @@ -32316,13 +24243,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -32344,20 +24264,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the personnel security policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current personnel security:

    @@ -32378,57 +24288,21 @@ - - -

    a personnel security policy is developed and documented;

     - - -

    the personnel security policy is disseminated to ;

     - -

    personnel security procedures to facilitate the implementation of the personnel security policy and associated personnel security controls are developed and documented;

     - -

    the personnel security procedures are disseminated to ;

    @@ -32436,13 +24310,6 @@ - - @@ -32482,13 +24349,6 @@ - -

    the personnel security policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

    @@ -32498,17 +24358,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the personnel security policy and procedures;

    @@ -32516,17 +24365,6 @@ - - - @@ -32541,17 +24379,6 @@ - - - @@ -32604,6 +24431,7 @@

    the frequency at which to review and update position risk designations is defined;

    + @@ -32624,23 +24452,14 @@ -

    Assign a risk designation to all organizational positions;

     -

    Establish screening criteria for individuals filling those positions; and

     -

    Review and update position risk designations .

     @@ -32651,49 +24470,16 @@ - - -

    a risk designation is assigned to all organizational positions;

     - - -

    screening criteria are established for individuals filling organizational positions;

     - - -

    position risk designations are reviewed and updated .

    @@ -32753,6 +24539,7 @@

    the frequency of rescreening individuals where it is so indicated is defined;

    + @@ -32779,16 +24566,10 @@ -

    Screen individuals prior to authorizing access to the system; and

     -

    Rescreen individuals in accordance with .

     @@ -32799,17 +24580,6 @@ - - -

    individuals are screened prior to authorizing access to the system;

    @@ -32817,33 +24587,11 @@ - - -

    individuals are rescreened in accordance with ;

     - - -

    where rescreening is so indicated, individuals are rescreened .

    @@ -32884,13 +24632,14 @@ -

    personnel screening criteria - as required by specific information

    +

    personnel screening criteria – as required by specific information

    additional personnel screening criteria to be satisfied for individuals accessing a system processing, storing, or transmitting information requiring special protection are defined;

     + @@ -32901,16 +24650,10 @@

    Verify that individuals accessing a system processing, storing, or transmitting information requiring special protection:

    -

    Have valid access authorizations that are demonstrated by assigned official government duties; and

     -

    Satisfy .

     @@ -32921,33 +24664,11 @@ - - -

    individuals accessing a system processing, storing, or transmitting information requiring special protection have valid access authorizations that are demonstrated by assigned official government duties;

     - - -

    individuals accessing a system processing, storing, or transmitting information requiring special protection satisfy .

    @@ -33004,6 +24725,7 @@

    information security topics to be discussed when conducting exit interviews are defined;

    + @@ -33019,37 +24741,22 @@

    Upon termination of individual employment:

    -

    Disable system access within ;

     -

    Terminate or revoke any authenticators and credentials associated with the individual;

     -

    Conduct exit interviews that include a discussion of ;

     -

    Retrieve all security-related organizational system-related property; and

     -

    Retain access to organizational information and systems formerly controlled by terminated individual.

     @@ -33060,73 +24767,26 @@ - -

    upon termination of individual employment, system access is disabled within ;

     - -

    upon termination of individual employment, any authenticators and credentials are terminated or revoked;

     - - -

    upon termination of individual employment, exit interviews that include a discussion of are conducted;

     - - -

    upon termination of individual employment, all security-related organizational system-related property is retrieved;

     - - -

    upon termination of individual employment, access to organizational information and systems formerly controlled by the terminated individual are retained.

    @@ -33208,6 +24868,7 @@

    time period within which to notify organization-defined personnel or roles when individuals are reassigned or transferred to other positions within the organization is defined;

    + @@ -33222,30 +24883,18 @@ -

    Review and confirm ongoing operational need for current logical and physical access authorizations to systems and facilities when individuals are reassigned or transferred to other positions within the organization;

     -

    Initiate within ;

     -

    Modify access authorization as needed to correspond with any changes in operational need due to reassignment or transfer; and

     -

    Notify within .

     @@ -33256,62 +24905,22 @@ - - -

    the ongoing operational need for current logical and physical access authorizations to systems and facilities are reviewed and confirmed when individuals are reassigned or transferred to other positions within the organization;

     - - -

    are initiated within ;

     - -

    access authorization is modified as needed to correspond with any changes in operational need due to reassignment or transfer;

     - - -

    are notified within .

    @@ -33375,6 +24984,7 @@

    the frequency at which to re-sign access agreements to maintain access to organizational information is defined;

    + @@ -33396,23 +25006,14 @@ -

    Develop and document access agreements for organizational systems;

     -

    Review and update the access agreements ; and

     -

    Verify that individuals requiring access to organizational information and systems:

    @@ -33431,29 +25032,11 @@ - -

    access agreements are developed and documented for organizational systems;

     - - -

    the access agreements are reviewed and updated ;

    @@ -33461,33 +25044,11 @@ - - -

    individuals requiring access to organizational information and systems sign appropriate access agreements prior to being granted access;

     - - -

    individuals requiring access to organizational information and systems re-sign access agreements to maintain access to organizational systems when access agreements have been updated or .

    @@ -33554,6 +25115,7 @@

    time period within which third-party providers are required to notify organization-defined personnel or roles of any personnel transfers or terminations of external personnel who possess organizational credentials and/or badges or who have system privileges is defined;

    + @@ -33579,37 +25141,22 @@ -

    Establish personnel security requirements, including security roles and responsibilities for external providers;

     -

    Require external providers to comply with personnel security policies and procedures established by the organization;

     -

    Document personnel security requirements;

     -

    Require external providers to notify of any personnel transfers or terminations of external personnel who possess organizational credentials and/or badges, or who have system privileges within ; and

     -

    Monitor provider compliance with personnel security requirements.

     @@ -33620,77 +25167,26 @@ - - -

    personnel security requirements are established, including security roles and responsibilities for external providers;

     - - -

    external providers are required to comply with personnel security policies and procedures established by the organization;

     - -

    personnel security requirements are documented;

     - - -

    external providers are required to notify of any personnel transfers or terminations of external personnel who possess organizational credentials and/or badges or who have system privileges within ;

     - - -

    provider compliance with personnel security requirements is monitored.

    @@ -33755,6 +25251,7 @@

    the time period within which organization-defined personnel or roles must be notified when a formal employee sanctions process is initiated is defined;

    + @@ -33767,16 +25264,10 @@ -

    Employ a formal sanctions process for individuals failing to comply with established information security and privacy policies and procedures; and

     -

    Notify within when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction.

     @@ -33787,33 +25278,11 @@ - - -

    a formal sanctions process is employed for individuals failing to comply with established information security and privacy policies and procedures;

     - - -

    is/are notified within when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction.

    @@ -33857,6 +25326,7 @@     Position Descriptions + @@ -33865,22 +25335,12 @@ value="organization"/> -

    Incorporate security and privacy roles and responsibilities into organizational position descriptions.

    Specification of security and privacy roles in individual organizational position descriptions facilitates clarity in understanding the security or privacy responsibilities associated with the roles and the role-based security and privacy training requirements for the roles.

     - - @@ -33997,6 +25457,7 @@

    events that would require risk assessment procedures to be reviewed and updated are defined;

    + @@ -34016,13 +25477,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -34044,20 +25498,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the risk assessment policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current risk assessment:

    @@ -34078,57 +25522,21 @@ - - -

    a risk assessment policy is developed and documented;

     - - -

    the risk assessment policy is disseminated to ;

     - -

    risk assessment procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls are developed and documented;

     - -

    the risk assessment procedures are disseminated to ;

    @@ -34136,13 +25544,6 @@ - - @@ -34182,13 +25583,6 @@ - -

    the risk assessment policy is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines;

    @@ -34198,17 +25592,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the risk assessment policy and procedures;

    @@ -34216,17 +25599,6 @@ - - - @@ -34241,17 +25613,6 @@ - - - @@ -34290,6 +25651,7 @@     Security Categorization + @@ -34322,23 +25684,14 @@ -

    Categorize the system and information it processes, stores, and transmits;

     -

    Document the security categorization results, including supporting rationale, in the security plan for the system; and

     -

    Verify that the authorizing official or authorizing official designated representative reviews and approves the security categorization decision.

     @@ -34351,41 +25704,16 @@ - -

    the system and the information it processes, stores, and transmits are categorized;

     - -

    the security categorization results, including supporting rationale, are documented in the security plan for the system;

     - - -

    the authorizing official or authorizing official designated representative reviews and approves the security categorization decision.

    @@ -34471,6 +25799,7 @@

    the frequency to update the risk assessment is defined;

    + @@ -34515,9 +25844,6 @@ -

    Conduct a risk assessment, including:

    @@ -34534,37 +25860,22 @@     -

    Integrate risk assessment results and risk management decisions from the organization and mission or business process perspectives with system-level risk assessments;

     -

    Document risk assessment results in ;

     -

    Review risk assessment results ;

     -

    Disseminate risk assessment results to ; and

     -

    Update the risk assessment or when there are significant changes to the system, its environment of operation, or other conditions that may impact the security or privacy state of the system.

     @@ -34590,49 +25901,16 @@ - - -

    a risk assessment is conducted to identify threats to and vulnerabilities in the system;

     - - -

    a risk assessment is conducted to determine the likelihood and magnitude of harm from unauthorized access, use, disclosure, disruption, modification, or destruction of the system; the information it processes, stores, or transmits; and any related information;

     - - -

    a risk assessment is conducted to determine the likelihood and impact of adverse effects on individuals arising from the processing of personally identifiable information;

    @@ -34640,77 +25918,26 @@     - - -

    risk assessment results and risk management decisions from the organization and mission or business process perspectives are integrated with system-level risk assessments;

     - -

    risk assessment results are documented in ;

     - - -

    risk assessment results are reviewed ;

     - - -

    risk assessment results are disseminated to ;

     - - -

    the risk assessment is updated or when there are significant changes to the system, its environment of operation, or other conditions that may impact the security or privacy state of the system.

    @@ -34764,6 +25991,7 @@

    the frequency at which to update the supply chain risk assessment is defined;

    + @@ -34781,16 +26009,10 @@ -

    Assess supply chain risks associated with ; and

     -

    Update the supply chain risk assessment , when there are significant changes to the relevant supply chain, or when changes to the system, environments of operation, or other conditions may necessitate a change in the supply chain.

     @@ -34801,33 +26023,11 @@ - - -

    supply chain risks associated with are assessed;

     - - -

    the supply chain risk assessment is updated , when there are significant changes to the relevant supply chain, or when changes to the system, environments of operation, or other conditions may necessitate a change in the supply chain.

    @@ -34911,7 +26111,7 @@

    personnel or roles with whom information obtained from the vulnerability scanning process and control assessments is to be shared;

    - + @@ -34949,16 +26149,10 @@ -

    Monitor and scan for vulnerabilities in the system and hosted applications and when new vulnerabilities potentially affecting the system are identified and reported;

     -

    Employ vulnerability monitoring tools and techniques that facilitate interoperability among tools and automate parts of the vulnerability management process by using standards for:

    @@ -34975,30 +26169,18 @@     -

    Analyze vulnerability scan reports and results from vulnerability monitoring;

     -

    Remediate legitimate vulnerabilities in accordance with an organizational assessment of risk;

     -

    Share information obtained from the vulnerability monitoring process and control assessments with to help eliminate similar vulnerabilities in other systems; and

     -

    Employ vulnerability monitoring tools that include the capability to readily update the vulnerabilities to be scanned.

     @@ -35024,7 +26206,7 @@

    Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.

    Warning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.

    -

    Warnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a "warning" as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on "Tracking of Compliance Scans" in FAQs.

    +

    Warnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a “warning” as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on “Tracking of Compliance Scans” in FAQs.

         @@ -35037,17 +26219,6 @@ - - - @@ -35062,63 +26233,19 @@ - - -

    vulnerability monitoring tools and techniques are employed to facilitate interoperability among tools;

    - - -

    vulnerability monitoring tools and techniques are employed to automate parts of the vulnerability management process by using standards for enumerating platforms, software flaws, and improper configurations;

     - - -

    vulnerability monitoring tools and techniques are employed to facilitate interoperability among tools and to automate parts of the vulnerability management process by using standards for formatting checklists and test procedures;

     - - -

    vulnerability monitoring tools and techniques are employed to facilitate interoperability among tools and to automate parts of the vulnerability management process by using standards for measuring vulnerability impact;

    @@ -35126,65 +26253,21 @@     - - -

    vulnerability scan reports and results from vulnerability monitoring are analyzed;

     - - -

    legitimate vulnerabilities are remediated in accordance with an organizational assessment of risk;

     - - -

    information obtained from the vulnerability monitoring process and control assessments is shared with to help eliminate similar vulnerabilities in other systems;

     - - -

    vulnerability monitoring tools that include the capability to readily update the vulnerabilities to be scanned are employed.

    @@ -35247,7 +26330,7 @@

    the frequency for updating the system vulnerabilities to be scanned is defined (if selected);

    - + @@ -35260,26 +26343,12 @@ -

    Update the system vulnerabilities to be scanned .

    Due to the complexity of modern software, systems, and other factors, new vulnerabilities are discovered on a regular basis. It is important that newly discovered vulnerabilities are added to the list of vulnerabilities to be scanned to ensure that the organization can take steps to mitigate those vulnerabilities in a timely manner.

     - - -

    the system vulnerabilities to be scanned are updated .

    @@ -35318,7 +26387,7 @@     Breadth and Depth of Coverage - + @@ -35330,26 +26399,12 @@ value="true"/> -

    Define the breadth and depth of vulnerability scanning coverage.

    The breadth of vulnerability scanning coverage can be expressed as a percentage of components within the system, by the particular types of systems, by the criticality of systems, or by the number of vulnerabilities to be checked. Conversely, the depth of vulnerability scanning coverage can be expressed as the level of the system design that the organization intends to monitor (e.g., component, module, subsystem, element). Organizations can determine the sufficiency of vulnerability scanning coverage with regard to its risk tolerance and other factors. Scanning tools and how the tools are configured may affect the depth and coverage. Multiple scanning tools may be needed to achieve the desired depth and coverage. SP 800-53A provides additional information on the breadth and depth of coverage.

     - - -

    the breadth and depth of vulnerability scanning coverage are defined.

    @@ -35409,6 +26464,7 @@

    vulnerability scanning activities selected for privileged access authorization to system components are defined;

    + @@ -35420,26 +26476,12 @@ value="true"/> -

    Implement privileged access authorization to for .

    In certain situations, the nature of the vulnerability scanning may be more intrusive, or the system component that is the subject of the scanning may contain classified or controlled unclassified information, such as personally identifiable information. Privileged access authorization to selected system components facilitates more thorough vulnerability scanning and protects the sensitive nature of such scanning.

     - - -

    privileged access authorization is implemented to for .

    @@ -35485,6 +26527,7 @@     Public Disclosure Program + @@ -35496,26 +26539,12 @@ value="true"/> -

    Establish a public reporting channel for receiving reports of vulnerabilities in organizational systems and system components.

    The reporting channel is publicly discoverable and contains clear language authorizing good-faith research and the disclosure of vulnerabilities to the organization. The organization does not condition its authorization on an expectation of indefinite non-disclosure to the public by the reporting entity but may request a specific time period to properly remediate the vulnerability.

     - - -

    a public reporting channel is established for receiving reports of vulnerabilities in organizational systems and system components.

    @@ -35558,6 +26587,7 @@     Risk Response + @@ -35581,26 +26611,12 @@ -

    Respond to findings from security and privacy assessments, monitoring, and audits in accordance with organizational risk tolerance.

    Organizations have many options for responding to risk including mitigating risk by implementing new controls or strengthening existing controls, accepting risk with appropriate justification or rationale, sharing or transferring risk, or avoiding risk. The risk tolerance of the organization influences risk response decisions and actions. Risk response addresses the need to determine an appropriate response to risk before generating a plan of action and milestones entry. For example, the response may be to accept risk or reject risk, or it may be possible to mitigate the risk immediately so that a plan of action and milestones entry is not needed. However, if the risk response is to mitigate the risk, and the mitigation cannot be completed immediately, a plan of action and milestones entry is generated.

     - - - @@ -35668,6 +26684,7 @@

    decision points in the system development life cycle when a criticality analysis is to be performed are defined;

    + @@ -35687,9 +26704,6 @@ -

    Identify critical system components and functions by performing a criticality analysis for at .

     @@ -35698,17 +26712,6 @@

    Criticality analysis is performed when an architecture or design is being developed, modified, or upgraded. If such analysis is performed early in the system development life cycle, organizations may be able to modify the system design to reduce the critical nature of these components and functions, such as by adding redundancy or alternate paths into the system design. Criticality analysis can also influence the protection measures required by development contractors. In addition to criticality analysis for systems, system components, and system services, criticality analysis of information is an important consideration. Such analysis is conducted as part of security categorization in RA-2.

     - - -

    critical system components and functions are identified by performing a criticality analysis for at .

    @@ -35817,6 +26820,7 @@

    events that would require the system and services acquisition procedures to be reviewed and updated are defined;

    + @@ -35838,13 +26842,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -35866,20 +26863,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the system and services acquisition policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current system and services acquisition:

    @@ -35900,57 +26887,21 @@ - - -

    a system and services acquisition policy is developed and documented;

     - - -

    the system and services acquisition policy is disseminated to ;

     - -

    system and services acquisition procedures to facilitate the implementation of the system and services acquisition policy and associated system and services acquisition controls are developed and documented;

     - -

    the system and services acquisition procedures are disseminated to ;

    @@ -35958,13 +26909,6 @@ - - @@ -36004,13 +26948,6 @@ - -

    the system and services acquisition policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

    @@ -36020,17 +26957,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the system and services acquisition policy and procedures;

    @@ -36038,17 +26964,6 @@ - - - @@ -36063,17 +26978,6 @@ - - - @@ -36117,6 +27021,7 @@     Allocation of Resources + @@ -36137,23 +27042,14 @@ -

    Determine the high-level information security and privacy requirements for the system or system service in mission and business process planning;

     -

    Determine, document, and allocate the resources required to protect the system or system service as part of the organizational capital planning and investment control process; and

     -

    Establish a discrete line item for information security and privacy in organizational programming and budgeting documentation.

     @@ -36166,33 +27062,11 @@ - - -

    the high-level information security requirements for the system or system service are determined in mission and business process planning;

     - - -

    the high-level privacy requirements for the system or system service are determined in mission and business process planning;

    @@ -36202,33 +27076,11 @@ - - -

    the resources required to protect the system or system service are determined and documented as part of the organizational capital planning and investment control process;

     - - -

    the resources required to protect the system or system service are allocated as part of the organizational capital planning and investment control process;

    @@ -36238,33 +27090,11 @@ - - -

    a discrete line item for information security is established in organizational programming and budgeting documentation;

     - - -

    a discrete line item for privacy is established in organizational programming and budgeting documentation.

    @@ -36316,6 +27146,7 @@

    system development life cycle is defined;

    + @@ -36347,30 +27178,18 @@ -

    Acquire, develop, and manage the system using that incorporates information security and privacy considerations;

     -

    Define and document information security and privacy roles and responsibilities throughout the system development life cycle;

     -

    Identify individuals having information security and privacy roles and responsibilities; and

     -

    Integrate the organizational information security and privacy risk management process into system development life cycle activities.

     @@ -36384,33 +27203,11 @@ - - -

    the system is acquired, developed, and managed using that incorporates information security considerations;

     - - -

    the system is acquired, developed, and managed using that incorporates privacy considerations;

    @@ -36420,33 +27217,11 @@ - - -

    information security roles and responsibilities are defined and documented throughout the system development life cycle;

     - - -

    privacy roles and responsibilities are defined and documented throughout the system development life cycle;

    @@ -36456,33 +27231,11 @@ - - -

    individuals with information security roles and responsibilities are identified;

     - - -

    individuals with privacy roles and responsibilities are identified;

    @@ -36492,33 +27245,11 @@ - - -

    organizational information security risk management processes are integrated into system development life cycle activities;

     - - -

    organizational privacy risk management processes are integrated into system development life cycle activities.

    @@ -36582,6 +27313,7 @@

    contract language is defined (if selected);

    + @@ -36629,65 +27361,38 @@

    Include the following requirements, descriptions, and criteria, explicitly or by reference, using in the acquisition contract for the system, system component, or system service:

    -

    Security and privacy functional requirements;

     -

    Strength of mechanism requirements;

     -

    Security and privacy assurance requirements;

     -

    Controls needed to satisfy the security and privacy requirements.

     -

    Security and privacy documentation requirements;

     -

    Requirements for protecting security and privacy documentation;

     -

    Description of the system development environment and environment in which the system is intended to operate;

     -

    Allocation of responsibility or identification of parties responsible for information security, privacy, and supply chain risk management; and

     -

    Acceptance criteria.

     @@ -36714,77 +27419,11 @@ - - - - - - - - -

    security functional requirements, descriptions, and criteria are included explicitly or by reference using in the acquisition contract for the system, system component, or system service;

     - - - - - - - - -

    privacy functional requirements, descriptions, and criteria are included explicitly or by reference using in the acquisition contract for the system, system component, or system service;

    @@ -36792,17 +27431,6 @@     - - -

    strength of mechanism requirements, descriptions, and criteria are included explicitly or by reference using in the acquisition contract for the system, system component, or system service;

    @@ -36836,17 +27464,6 @@     - - - @@ -36861,17 +27478,6 @@ - - - @@ -36886,33 +27492,11 @@ - - -

    the description of the system development environment and environment in which the system is intended to operate, requirements, and criteria are included explicitly or by reference using in the acquisition contract for the system, system component, or system service;

     - - - @@ -36932,17 +27516,6 @@ - - -

    acceptance criteria requirements and descriptions are included explicitly or by reference using in the acquisition contract for the system, system component, or system service.

    @@ -36986,6 +27559,7 @@     Functional Properties of Controls + @@ -36997,26 +27571,12 @@ value="true"/> -

    Require the developer of the system, system component, or system service to provide a description of the functional properties of the controls to be implemented.

    Functional properties of security and privacy controls describe the functionality (i.e., security or privacy capability, functions, or mechanisms) visible at the interfaces of the controls and specifically exclude functionality and data structures internal to the operation of the controls.

     - - -

    the developer of the system, system component, or system service is required to provide a description of the functional properties of the controls to be implemented.

    @@ -37085,6 +27645,7 @@

    level of detail is defined;

    + @@ -37096,26 +27657,12 @@ value="true"/> -

    Require the developer of the system, system component, or system service to provide design and implementation information for the controls that includes: at .

    Organizations may require different levels of detail in the documentation for the design and implementation of controls in organizational systems, system components, or system services based on mission and business requirements, requirements for resiliency and trustworthiness, and requirements for analysis and testing. Systems can be partitioned into multiple subsystems. Each subsystem within the system can contain one or more modules. The high-level design for the system is expressed in terms of subsystems and the interfaces between subsystems providing security-relevant functionality. The low-level design for the system is expressed in terms of modules and the interfaces between modules providing security-relevant functionality. Design and implementation documentation can include manufacturer, version, serial number, verification hash signature, software libraries used, date of purchase or download, and the vendor or download source. Source code and hardware schematics are referred to as the implementation representation of the system.

     - - -

    the developer of the system, system component, or system service is required to provide design and implementation information for the controls that includes using at .

    @@ -37157,6 +27704,7 @@     Functions, Ports, Protocols, and Services in Use + @@ -37170,26 +27718,12 @@ -

    Require the developer of the system, system component, or system service to identify the functions, ports, protocols, and services intended for organizational use.

    The identification of functions, ports, protocols, and services early in the system development life cycle (e.g., during the initial requirements definition and design stages) allows organizations to influence the design of the system, system component, or system service. This early involvement in the system development life cycle helps organizations avoid or minimize the use of functions, ports, protocols, or services that pose unnecessarily high risks and understand the trade-offs involved in blocking specific ports, protocols, or services or requiring system service providers to do so. Early identification of functions, ports, protocols, and services avoids costly retrofitting of controls after the system, component, or system service has been implemented. SA-9 describes the requirements for external system services. Organizations identify which functions, ports, protocols, and services are provided from external sources.

     - - - @@ -37245,6 +27779,7 @@     Use of Approved PIV Products + @@ -37259,26 +27794,12 @@ -

    Employ only information technology products on the FIPS 201-approved products list for Personal Identity Verification (PIV) capability implemented within organizational systems.

    Products on the FIPS 201-approved products list meet NIST requirements for Personal Identity Verification (PIV) of Federal Employees and Contractors. PIV cards are used for multi-factor authentication in systems and organizations.

     - - -

    only information technology products on the FIPS 201-approved products list for the Personal Identity Verification (PIV) capability implemented within organizational systems are employed.

    @@ -37337,6 +27858,7 @@

    personnel or roles to distribute system documentation to is/are defined;

    + @@ -37368,9 +27890,6 @@ -

    Obtain or develop administrator documentation for the system, system component, or system service that describes:

    @@ -37387,9 +27906,6 @@     -

    Obtain or develop user documentation for the system, system component, or system service that describes:

    @@ -37406,16 +27922,10 @@     -

    Document attempts to obtain system, system component, or system service documentation when such documentation is either unavailable or nonexistent and take in response; and

     -

    Distribute documentation to .

     @@ -37428,17 +27938,6 @@ - - - @@ -37460,65 +27959,21 @@ - - -

    administrator documentation for the system, system component, or system service that describes the effective use of security functions and mechanisms is obtained or developed;

     - - -

    administrator documentation for the system, system component, or system service that describes the effective maintenance of security functions and mechanisms is obtained or developed;

     - - -

    administrator documentation for the system, system component, or system service that describes the effective use of privacy functions and mechanisms is obtained or developed;

     - - -

    administrator documentation for the system, system component, or system service that describes the effective maintenance of privacy functions and mechanisms is obtained or developed;

    @@ -37526,17 +27981,6 @@     - - - @@ -37557,65 +28001,21 @@ - - -

    user documentation for the system, system component, or system service that describes user-accessible security functions and mechanisms is obtained or developed;

     - - -

    user documentation for the system, system component, or system service that describes how to effectively use those (user-accessible security) functions and mechanisms is obtained or developed;

     - - -

    user documentation for the system, system component, or system service that describes user-accessible privacy functions and mechanisms is obtained or developed;

     - - -

    user documentation for the system, system component, or system service that describes how to effectively use those (user-accessible privacy) functions and mechanisms is obtained or developed;

    @@ -37625,33 +28025,11 @@ - - -

    user documentation for the system, system component, or system service that describes methods for user interaction, which enable individuals to use the system, component, or service in a more secure manner is obtained or developed;

     - - -

    user documentation for the system, system component, or system service that describes methods for user interaction, which enable individuals to use the system, component, or service to protect individual privacy is obtained or developed;

    @@ -37661,33 +28039,11 @@ - - -

    user documentation for the system, system component, or system service that describes user responsibilities for maintaining the security of the system, component, or service is obtained or developed;

     - - -

    user documentation for the system, system component, or system service that describes user responsibilities for maintaining the privacy of individuals is obtained or developed;

    @@ -37699,33 +28055,11 @@ - - -

    attempts to obtain system, system component, or system service documentation when such documentation is either unavailable or nonexistent is documented;

     - - -

    after attempts to obtain system, system component, or system service documentation when such documentation is either unavailable or nonexistent, are taken in response;

    @@ -37733,17 +28067,6 @@     - - -

    documentation is distributed to .

    @@ -37805,6 +28128,7 @@

    privacy engineering principles are defined;

    + @@ -37843,9 +28167,6 @@ -

    Apply the following systems security and privacy engineering principles in the specification, design, development, implementation, and modification of the system and system components: .

     @@ -37856,170 +28177,60 @@ - - -

    are applied in the specification of the system and system components;

     - - -

    are applied in the design of the system and system components;

     - - -

    are applied in the development of the system and system components;

     - - -

    are applied in the implementation of the system and system components;

     - - -

    are applied in the modification of the system and system components;

     - - -

    are applied in the specification of the system and system components;

     - - -

    are applied in the design of the system and system components;

     - - -

    are applied in the development of the system and system components;

     - - -

    are applied in the implementation of the system and system components;

     - - -

    are applied in the modification of the system and system components.

    @@ -38087,7 +28298,7 @@

    processes, methods, and techniques employed to monitor control compliance by external service providers are defined;

    - + @@ -38116,23 +28327,14 @@ -

    Require that providers of external system services comply with organizational security and privacy requirements and employ the following controls: ;

     -

    Define and document organizational oversight and user roles and responsibilities with regard to external system services; and

     -

    Employ the following processes, methods, and techniques to monitor control compliance by external service providers on an ongoing basis: .

     @@ -38145,45 +28347,16 @@ - - -

    providers of external system services comply with organizational security requirements;

     - - -

    providers of external system services comply with organizational privacy requirements;

     - -

    providers of external system services employ ;

    @@ -38193,25 +28366,11 @@ - -

    organizational oversight with regard to external system services are defined and documented;

     - -

    user roles and responsibilities with regard to external system services are defined and documented;

    @@ -38219,17 +28378,6 @@     - - -

    are employed to monitor control compliance by external service providers on an ongoing basis.

    @@ -38283,6 +28431,7 @@

    personnel or roles that approve the acquisition or outsourcing of dedicated information security services is/are defined;

    + @@ -38298,16 +28447,10 @@ -

    Conduct an organizational assessment of risk prior to the acquisition or outsourcing of information security services; and

     -

    Verify that the acquisition or outsourcing of dedicated information security services is approved by .

     @@ -38318,33 +28461,11 @@ - - -

    an organizational assessment of risk is conducted prior to the acquisition or outsourcing of information security services;

     - - -

    approve the acquisition or outsourcing of dedicated information security services.

    @@ -38403,6 +28524,7 @@

    external system services that require the identification of functions, ports, protocols, and other services are defined;

    + @@ -38416,26 +28538,12 @@ -

    Require providers of the following external system services to identify the functions, ports, protocols, and other services required for the use of such services: .

    Information from external service providers regarding the specific functions, ports, protocols, and services used in the provision of such services can be useful when the need arises to understand the trade-offs involved in restricting certain functions and services or blocking certain ports and protocols.

     - - -

    providers of are required to identify the functions, ports, protocols, and other services required for the use of such services.

    @@ -38494,6 +28602,7 @@

    requirements or conditions for restricting the location of are defined;

    + @@ -38507,26 +28616,12 @@ -

    Restrict the location of to based on .

    The location of information processing, information and data storage, or system services can have a direct impact on the ability of organizations to successfully execute their mission and business functions. The impact occurs when external providers control the location of processing, storage, or services. The criteria that external providers use for the selection of processing, storage, or service locations may be different from the criteria that organizations use. For example, organizations may desire that data or information storage locations be restricted to certain locations to help facilitate incident response activities in case of information security incidents or breaches. Incident response activities, including forensic analyses and after-the-fact investigations, may be adversely affected by the governing laws, policies, or protocols in the locations where processing and storage occur and/or the locations from which system services emanate.

     - - -

    based on , is/are restricted to .

    @@ -38598,6 +28693,7 @@

    personnel to whom security flaws and flaw resolutions within the system, component, or service are reported is/are defined;

    + @@ -38629,37 +28725,22 @@

    Require the developer of the system, system component, or system service to:

    -

    Perform configuration management during system, component, or service ;

     -

    Document, manage, and control the integrity of changes to ;

     -

    Implement only organization-approved changes to the system, component, or service;

     -

    Document approved changes to the system, component, or service and the potential security and privacy impacts of such changes; and

     -

    Track security flaws and flaw resolution within the system, component, or service and report findings to .

     @@ -38678,37 +28759,11 @@ - - -

    the developer of the system, system component, or system service is required to perform configuration management during system, component, or service ;

     - - - - @@ -38728,33 +28783,11 @@ - - -

    the developer of the system, system component, or system service is required to implement only organization-approved changes to the system, component, or service;

     - - - @@ -38774,17 +28807,6 @@ - - - @@ -38865,6 +28887,7 @@

    depth and coverage of testing/evaluation is defined;

    + @@ -38895,37 +28918,22 @@

    Require the developer of the system, system component, or system service, at all post-design stages of the system development life cycle, to:

    -

    Develop and implement a plan for ongoing security and privacy control assessments;

     -

    Perform testing/evaluation at ;

     -

    Produce evidence of the execution of the assessment plan and the results of the testing and evaluation;

     -

    Implement a verifiable flaw remediation process; and

     -

    Correct flaws identified during testing and evaluation.

     @@ -38939,81 +28947,21 @@ - - - -

    the developer of the system, system component, or system service is required at all post-design stages of the system development life cycle to develop a plan for ongoing security assessments;

     - - - -

    the developer of the system, system component, or system service is required at all post-design stages of the system development life cycle to implement a plan for ongoing security assessments;

     - - - -

    the developer of the system, system component, or system service is required at all post-design stages of the system development life cycle to develop a plan for privacy assessments;

     - - - -

    the developer of the system, system component, or system service is required at all post-design stages of the system development life cycle to implement a plan for ongoing privacy assessments;

    @@ -39021,33 +28969,11 @@     - - -

    the developer of the system, system component, or system service is required at all post-design stages of the system development life cycle to perform testing/evaluation at ;

     - - - @@ -39062,33 +28988,11 @@ - - -

    the developer of the system, system component, or system service is required at all post-design stages of the system development life cycle to implement a verifiable flaw remediation process;

     - - -

    the developer of the system, system component, or system service is required at all post-design stages of the system development life cycle to correct flaws identified during testing and evaluation.

    @@ -39139,7 +29043,7 @@     Static Code Analysis - + @@ -39151,9 +29055,6 @@ value="true"/> -

    Require the developer of the system, system component, or system service to employ static code analysis tools to identify common flaws and document the results of the analysis.

    SA-11(1) Additional FedRAMP Requirements @@ -39168,17 +29069,6 @@

    Static code analysis provides a technology and methodology for security reviews and includes checking for weaknesses in the code as well as for the incorporation of libraries or other included code with known vulnerabilities or that are out-of-date and not supported. Static code analysis can be used to identify vulnerabilities and enforce secure coding practices. It is most effective when used early in the development process, when each code change can automatically be scanned for potential weaknesses. Static code analysis can provide clear remediation guidance and identify defects for developers to fix. Evidence of the correct implementation of static analysis can include aggregate defect density for critical defect types, evidence that defects were inspected by developers or security professionals, and evidence that defects were remediated. A high density of ignored findings, commonly referred to as false positives, indicates a potential problem with the analysis process or the analysis tool. In such cases, organizations weigh the validity of the evidence against evidence from other sources.

     - - - @@ -39281,6 +29171,7 @@

    acceptance criteria to be met by produced evidence for vulnerability analyses are defined;

    + @@ -39297,30 +29188,18 @@

    Require the developer of the system, system component, or system service to perform threat modeling and vulnerability analyses during development and the subsequent testing and evaluation of the system, component, or service that:

    -

    Uses the following contextual information: ;

     -

    Employs the following tools and methods: ;

     -

    Conducts the modeling and analyses at the following level of rigor: ; and

     -

    Produces evidence that meets the following acceptance criteria: .

     @@ -39333,65 +29212,21 @@ - - -

    the developer of the system, system component, or system service is required to perform threat modeling during development of the system, component, or service that uses ;

     - - -

    the developer of the system, system component, or system service is required to perform vulnerability analyses during development of the system, component, or service that uses ;

     - - -

    the developer of the system, system component, or system service is required to perform threat modeling during the subsequent testing and evaluation of the system, component, or service that uses ;

     - - -

    the developer of the system, system component, or system service is required to perform vulnerability analyses during the subsequent testing and evaluation of the system, component, or service that uses ;

    @@ -39401,65 +29236,21 @@ - - -

    the developer of the system, system component, or system service is required to perform threat modeling during development of the system, component, or service that employs ;

     - - -

    the developer of the system, system component, or system service is required to perform threat modeling during the subsequent testing and evaluation of the system, component, or service that employs ;

     - - -

    the developer of the system, system component, or system service is required to perform vulnerability analyses during development of the system, component, or service that employs ;

     - - -

    the developer of the system, system component, or system service is required to perform vulnerability analyses during the subsequent testing and evaluation of the system, component, or service that employs ;

    @@ -39469,33 +29260,11 @@ - - -

    the developer of the system, system component, or system service is required to perform threat modeling at during development of the system, component, or service;

     - - -

    the developer of the system, system component, or system service is required to perform vulnerability analyses during the subsequent testing and evaluation of the system, component, or service that conducts modeling and analyses at ;

    @@ -39505,65 +29274,21 @@ - - -

    the developer of the system, system component, or system service is required to perform threat modeling during development of the system, component, or service that produces evidence that meets ;

     - - -

    the developer of the system, system component, or system service is required to perform threat modeling during the subsequent testing and evaluation of the system, component, or service that produces evidence that meets ;

     - - -

    the developer of the system, system component, or system service is required to perform vulnerability analyses during development of the system, component, or service that produces evidence that meets ;

     - - -

    the developer of the system, system component, or system service is required to perform vulnerability analyses during the subsequent testing and evaluation of the system, component, or service that produces evidence that meets .

    @@ -39646,6 +29371,7 @@

    privacy requirements to be satisfied by the process, standards, tools, tool options, and tool configurations are defined;

    + @@ -39670,9 +29396,6 @@ -

    Require the developer of the system, system component, or system service to follow a documented development process that:

    @@ -39693,9 +29416,6 @@     -

    Review the development process, standards, tools, tool options, and tool configurations to determine if the process, standards, tools, tool options and tool configurations selected and employed can satisfy the following security and privacy requirements: .

     @@ -39710,33 +29430,11 @@ - - -

    the developer of the system, system component, or system service is required to follow a documented development process that explicitly addresses security requirements;

     - - -

    the developer of the system, system component, or system service is required to follow a documented development process that explicitly addresses privacy requirements;

    @@ -39744,17 +29442,6 @@     - - - @@ -39769,17 +29456,6 @@ - - - @@ -39794,21 +29470,6 @@ - - - -

    the developer of the system, system component, or system service is required to follow a documented development process that documents, manages, and ensures the integrity of changes to the process and/or tools used in development;

    @@ -39818,33 +29479,11 @@ - - -

    the developer of the system, system component, or system service is required to follow a documented development process in which the development process, standards, tools, tool options, and tool configurations are reviewed to determine that the process, standards, tools, tool options, and tool configurations selected and employed satisfy ;

     - - -

    the developer of the system, system component, or system service is required to follow a documented development process in which the development process, standards, tools, tool options, and tool configurations are reviewed to determine that the process, standards, tools, tool options, and tool configurations selected and employed satisfy .

    @@ -39912,6 +29551,7 @@

    the depth of criticality analysis is defined;

    + @@ -39926,16 +29566,10 @@

    Require the developer of the system, system component, or system service to perform a criticality analysis:

    -

    At the following decision points in the system development life cycle: ; and

     -

    At the following level of rigor: .

     @@ -39944,17 +29578,6 @@

    Criticality analysis performed by the developer provides input to the criticality analysis performed by organizations. Developer input is essential to organizational criticality analysis because organizations may not have access to detailed design documentation for system components that are developed as commercial off-the-shelf products. Such design documentation includes functional specifications, high-level designs, low-level designs, source code, and hardware schematics. Criticality analysis is important for organizational systems that are designated as high value assets. High value assets can be moderate- or high-impact systems due to heightened adversarial interest or potential adverse effects on the federal enterprise. Developer input is especially important when organizations conduct supply chain criticality analyses.

     - - - @@ -40033,6 +29656,7 @@

    support from external providers is defined (if selected);

    + @@ -40046,16 +29670,10 @@ -

    Replace system components when support for the components is no longer available from the developer, vendor, or manufacturer; or

     -

    Provide the following options for alternative sources for continued support for unsupported components .

     @@ -40067,33 +29685,11 @@ - - -

    system components are replaced when support for the components is no longer available from the developer, vendor, or manufacturer;

     - - -

    provide options for alternative sources for continued support for unsupported components.

    @@ -40205,6 +29801,7 @@

    events that would require the system and communications protection procedures to be reviewed and updated are defined;

    + @@ -40223,13 +29820,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -40251,20 +29841,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the system and communications protection policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current system and communications protection:

    @@ -40285,57 +29865,21 @@ - - -

    a system and communications protection policy is developed and documented;

     - - -

    the system and communications protection policy is disseminated to ;

     - -

    system and communications protection procedures to facilitate the implementation of the system and communications protection policy and associated system and communications protection controls are developed and documented;

     - -

    the system and communications protection procedures are disseminated to ;

    @@ -40343,13 +29887,6 @@ - - @@ -40389,13 +29926,6 @@ - -

    the system and communications protection policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

    @@ -40405,17 +29935,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the system and communications protection policy and procedures;

    @@ -40423,17 +29942,6 @@ - - - @@ -40448,17 +29956,6 @@ - - - @@ -40500,6 +29997,7 @@     Separation of System and User Functionality + @@ -40518,26 +30016,12 @@ -

    Separate user functionality, including user interface services, from system management functionality.

    System management functionality includes functions that are necessary to administer databases, network components, workstations, or servers. These functions typically require privileged user access. The separation of user functions from system management functions is physical or logical. Organizations may separate system management functions from user functions by using different computers, instances of operating systems, central processing units, or network addresses; by employing virtualization techniques; or some combination of these or other methods. Separation of system management functions from user functions includes web administrative interfaces that employ separate authentication methods for users of any other system resources. Separation of system and user functions may include isolating administrative interfaces on different domains and with additional access controls. The separation of system and user functionality can be achieved by applying the systems security engineering design principles in SA-8 , including SA-8(1), SA-8(3), SA-8(4), SA-8(10), SA-8(12), SA-8(13), SA-8(14) , and SA-8(18).

     - - -

    user functionality, including user interface services, is separated from system management functionality.

    @@ -40574,6 +30058,7 @@     Information in Shared System Resources + @@ -40584,26 +30069,12 @@ -

    Prevent unauthorized and unintended information transfer via shared system resources.

    Preventing unauthorized and unintended information transfer via shared system resources stops information produced by the actions of prior users or roles (or the actions of processes acting on behalf of prior users or roles) from being available to current users or roles (or current processes acting on behalf of current users or roles) that obtain access to shared system resources after those resources have been released back to the system. Information in shared system resources also applies to encrypted representations of information. In other contexts, control of information in shared system resources is referred to as object reuse and residual information protection. Information in shared system resources does not address information remanence, which refers to the residual representation of data that has been nominally deleted; covert channels (including storage and timing channels), where shared system resources are manipulated to violate information flow restrictions; or components within systems for which there are only single users or roles.

     - - - @@ -40677,6 +30148,7 @@

    controls to achieve the denial-of-service objective by type of denial-of-service event are defined;

    + @@ -40691,17 +30163,11 @@ -

    the effects of the following types of denial-of-service events: ; and

     -

    Employ the following controls to achieve the denial-of-service objective: .

     @@ -40712,29 +30178,11 @@ - - -

    the effects of are ;

     - -

    are employed to achieve the denial-of-service protection objective.

    @@ -40783,7 +30231,7 @@ logically - + @@ -40823,23 +30271,14 @@ -

    Monitor and control communications at the external managed interfaces to the system and at key internal managed interfaces within the system;

     -

    Implement subnetworks for publicly accessible system components that are separated from internal organizational networks; and

     -

    Connect to external networks or systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security and privacy architecture.

     @@ -40859,65 +30298,21 @@ - - -

    communications at external managed interfaces to the system are monitored;

     - - -

    communications at external managed interfaces to the system are controlled;

     - - -

    communications at key internal managed interfaces within the system are monitored;

     - - -

    communications at key internal managed interfaces within the system are controlled;

    @@ -40925,41 +30320,11 @@     - - - -

    subnetworks for publicly accessible system components are separated from internal organizational networks;

     - - - -

    external networks or systems are only connected to through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security and privacy architecture.

    @@ -41001,7 +30366,7 @@     Access Points - + @@ -41010,30 +30375,12 @@ value="system"/> -

    Limit the number of external network connections to the system.

    Limiting the number of external network connections facilitates monitoring of inbound and outbound communications traffic. The Trusted Internet Connection DHS TIC initiative is an example of a federal guideline that requires limits on the number of external network connections. Limiting the number of external network connections to the system is important during transition periods from older to newer technologies (e.g., transitioning from IPv4 to IPv6 network protocols). Such transitions may require implementing the older and newer technologies simultaneously during the transition period and thus increase the number of access points to the system.

     - - - -

    the number of external network connections to the system is limited.

    @@ -41085,7 +30432,7 @@

    the frequency at which to review exceptions to traffic flow policy is defined;

    - + @@ -41100,58 +30447,34 @@ -

    Implement a managed interface for each external telecommunication service;

     -

    Establish a traffic flow policy for each managed interface;

     -

    Protect the confidentiality and integrity of the information being transmitted across each interface;

     -

    Document each exception to the traffic flow policy with a supporting mission or business need and duration of that need;

     -

    Review exceptions to the traffic flow policy and remove exceptions that are no longer supported by an explicit mission or business need;

     -

    Prevent unauthorized exchange of control plane traffic with external networks;

     -

    Publish information to enable remote networks to detect unauthorized control plane traffic from internal networks; and

     -

    Filter unauthorized control plane traffic from external networks.

     @@ -41162,53 +30485,16 @@ - - - -

    a managed interface is implemented for each external telecommunication service;

     - - -

    a traffic flow policy is established for each managed interface;

     - - - @@ -41223,33 +30509,11 @@ - - -

    each exception to the traffic flow policy is documented with a supporting mission or business need and duration of that need;

     - - - @@ -41264,61 +30528,16 @@ - - - -

    unauthorized exchanges of control plan traffic with external networks are prevented;

     - - - -

    information is published to enable remote networks to detect unauthorized control plane traffic from internal networks;

     - - - -

    unauthorized control plane traffic is filtered from external networks.

    @@ -41384,7 +30603,7 @@

    systems for which network communications traffic is denied by default and network communications traffic is allowed by exception are defined (if selected).

    - + @@ -41393,9 +30612,6 @@ value="system"/> -

    Deny network communications traffic by default and allow network communications traffic by exception .

    SC-7 (5) Additional FedRAMP Requirements and Guidance @@ -41409,21 +30625,6 @@

    Denying by default and allowing by exception applies to inbound and outbound network communications traffic. A deny-all, permit-by-exception network communications traffic policy ensures that only those system connections that are essential and approved are allowed. Deny by default, allow by exception also applies to a system that is connected to an external system.

     - - - - @@ -41476,7 +30677,7 @@

    safeguards to securely provision split tunneling are defined;

    - + @@ -41485,30 +30686,12 @@ value="system"/> -

    Prevent split tunneling for remote devices connecting to organizational systems unless the split tunnel is securely provisioned using .

    Split tunneling is the process of allowing a remote user or device to establish a non-remote connection with a system and simultaneously communicate via some other connection to a resource in an external network. This method of network access enables a user to access remote devices and simultaneously, access uncontrolled networks. Split tunneling might be desirable by remote users to communicate with local system resources, such as printers or file servers. However, split tunneling can facilitate unauthorized external connections, making the system vulnerable to attack and to exfiltration of organizational information. Split tunneling can be prevented by disabling configuration settings that allow such capability in remote devices and by preventing those configuration settings from being configurable by users. Prevention can also be achieved by the detection of split tunneling (or of configuration settings that allow split tunneling) in the remote device, and by prohibiting the connection if the remote device is using split tunneling. A virtual private network (VPN) can be used to securely provision a split tunnel. A securely provisioned VPN includes locking connectivity to exclusive, managed, and named environments, or to a specific set of pre-approved addresses, without user control.

     - - - -

    split tunneling is prevented for remote devices connecting to organizational systems unless the split tunnel is securely provisioned using .

    @@ -41566,7 +30749,7 @@

    external networks to which internal communications traffic is to be routed are defined;

    - + @@ -41576,30 +30759,12 @@ -

    Route to through authenticated proxy servers at managed interfaces.

    External networks are networks outside of organizational control. A proxy server is a server (i.e., system or application) that acts as an intermediary for clients requesting system resources from non-organizational or other organizational servers. System resources that may be requested include files, connections, web pages, or services. Client requests established through a connection to a proxy server are assessed to manage complexity and provide additional protection by limiting direct connectivity. Web content filtering devices are one of the most common proxy servers that provide access to the Internet. Proxy servers can support the logging of Transmission Control Protocol sessions and the blocking of specific Uniform Resource Locators, Internet Protocol addresses, and domain names. Web proxies can be configured with organization-defined lists of authorized and unauthorized websites. Note that proxy servers may inhibit the use of virtual private networks (VPNs) and create the potential for man-in-the-middle attacks (depending on the implementation).

     - - - -

    is routed to through authenticated proxy servers at managed interfaces.

    @@ -41657,7 +30822,7 @@

    system components where host-based boundary protection mechanisms are to be implemented are defined;

    - + @@ -41666,30 +30831,12 @@ value="system"/> -

    Implement at .

    Host-based boundary protection mechanisms include host-based firewalls. System components that employ host-based boundary protection mechanisms include servers, workstations, notebook computers, and mobile devices.

     - - - -

    are implemented at .

    @@ -41729,7 +30876,7 @@     Fail Secure - + @@ -41744,30 +30891,12 @@ -

    Prevent systems from entering unsecure states in the event of an operational failure of a boundary protection device.

    Fail secure is a condition achieved by employing mechanisms to ensure that in the event of operational failures of boundary protection devices at managed interfaces, systems do not enter into unsecure states where intended security properties no longer hold. Managed interfaces include routers, firewalls, and application gateways that reside on protected subnetworks (commonly referred to as demilitarized zones). Failures of boundary protection devices cannot lead to or cause information external to the devices to enter the devices nor can failures permit unauthorized information releases.

     - - - -

    systems are prevented from entering unsecure states in the event of an operational failure of a boundary protection device.

    @@ -41818,7 +30947,7 @@ integrity - + @@ -41849,9 +30978,6 @@ -

    Protect the of transmitted information.

    SC-8 Additional FedRAMP Requirements and Guidance @@ -41867,7 +30993,7 @@
  • Replication between availability zones
  • Transmission of backups to storage
  • From a load balancer to a compute instance
    • -
  • Flows from management tools required for their work - e.g. log collection, scanning, etc.
    • +
  • Flows from management tools required for their work – e.g. log collection, scanning, etc.

    • The following applies only when choosing SC-8 (5) in lieu of SC-8 (1).

    @@ -41881,7 +31007,7 @@

    Hardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).

    -

    Controlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS's Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS' recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).

    +

    Controlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS’s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS’ recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).

    Note: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.

    @@ -41898,21 +31024,6 @@

    Organizations that rely on commercial providers who offer transmission services as commodity services rather than as fully dedicated services may find it difficult to obtain the necessary assurances regarding the implementation of needed controls for transmission confidentiality and integrity. In such situations, organizations determine what types of confidentiality or integrity services are available in standard, commercial telecommunications service packages. If it is not feasible to obtain the necessary controls and assurances of control effectiveness through appropriate contracting vehicles, organizations can implement appropriate compensating controls.

     - - - -

    the of transmitted information is/are protected.

    @@ -41959,6 +31070,7 @@ detect changes to information + @@ -41969,9 +31081,6 @@ -

    Implement cryptographic mechanisms to during transmission.

    SC-8 (1) Additional FedRAMP Requirements and Guidance @@ -41998,21 +31107,6 @@

    Encryption protects information from unauthorized disclosure and modification during transmission. Cryptographic mechanisms that protect the confidentiality and integrity of information during transmission include TLS and IPSec. Cryptographic mechanisms used to protect information integrity include cryptographic hash functions that have applications in digital signatures, checksums, and message authentication codes.

     - - - -

    cryptographic mechanisms are implemented to during transmission.

    @@ -42063,6 +31157,7 @@

    a time period of inactivity after which the system terminates a network connection associated with a communication session is defined;

    + @@ -42072,30 +31167,12 @@ -

    Terminate the network connection associated with a communications session at the end of the session or after of inactivity.

    Network disconnect applies to internal and external networks. Terminating network connections associated with specific communications sessions includes de-allocating TCP/IP address or port pairs at the operating system level and de-allocating the networking assignments at the application level if multiple application sessions are using a single operating system-level network connection. Periods of inactivity may be established by organizations and include time periods by type of network access or for specific network accesses.

     - - - -

    the network connection associated with a communication session is terminated at the end of the session or after of inactivity.

    @@ -42144,7 +31221,7 @@

    requirements for key generation, distribution, storage, access, and destruction are defined;

    - + @@ -42176,7 +31253,6 @@ - @@ -42185,9 +31261,6 @@ -

    Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: .

    SC-12 Additional FedRAMP Requirements and Guidance @@ -42209,21 +31282,6 @@

    Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Organizations define key management requirements in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines and specify appropriate options, parameters, and levels. Organizations manage trust stores to ensure that only approved trust anchors are part of such trust stores. This includes certificates with visibility external to organizational systems and certificates related to the internal operations of systems. NIST CMVP and NIST CAVP provide additional information on validated cryptographic modules and algorithms that can be used in cryptographic key management and establishment.

     - - - - @@ -42287,7 +31345,7 @@

    types of cryptography for each specified cryptographic use are defined;

    - + @@ -42326,16 +31384,10 @@ -

    Determine the ; and

     -

    Implement the following types of cryptography required for each specified cryptographic use: .

     @@ -42386,38 +31438,12 @@ - - -

    are identified;

     - - - -

    for each specified cryptographic use (defined in SC-13_ODP[01]) are implemented.

    @@ -42471,6 +31497,7 @@

    exceptions where remote activation is to be allowed are defined;

    + @@ -42481,16 +31508,10 @@ -

    Prohibit remote activation of collaborative computing devices and applications with the following exceptions: ; and

     -

    Provide an explicit indication of use to users physically present at the devices.

     @@ -42508,37 +31529,11 @@ - - -

    remote activation of collaborative computing devices and applications is prohibited except ;

     - - - -

    an explicit indication of use is provided to users physically present at the devices.

    @@ -42586,6 +31581,7 @@

    a certificate policy for issuing public key certificates is defined;

    + @@ -42605,16 +31601,10 @@ -

    Issue public key certificates under an or obtain public key certificates from an approved service provider; and

     -

    Include only approved trust anchors in trust stores or certificate stores managed by the organization.

     @@ -42625,37 +31615,11 @@ - - -

    public key certificates are issued under , or public key certificates are obtained from an approved service provider;

     - - - -

    only approved trust anchors are included in trust stores or certificate stores managed by the organization.

    @@ -42694,6 +31658,7 @@     Mobile Code + @@ -42708,16 +31673,10 @@ -

    Define acceptable and unacceptable mobile code and mobile code technologies; and

     -

    Authorize, monitor, and control the use of mobile code within the system.

     @@ -42728,13 +31687,6 @@ - - @@ -42759,17 +31711,6 @@ - - - @@ -42827,6 +31768,7 @@     Secure Name/Address Resolution Service (Authoritative Source) + @@ -42844,16 +31786,10 @@ -

    Provide additional data origin authentication and integrity verification artifacts along with the authoritative name resolution data the system returns in response to external name/address resolution queries; and

     -

    Provide the means to indicate the security status of child zones and (if the child supports secure resolution services) to enable verification of a chain of trust among parent and child domains, when operating as part of a distributed, hierarchical namespace.

     @@ -42883,21 +31819,6 @@ - - - - @@ -42914,41 +31835,11 @@ - - - -

    the means to indicate the security status of child zones (and if the child supports secure resolution services) is provided when operating as part of a distributed, hierarchical namespace;

     - - - -

    the means to enable verification of a chain of trust among parent and child domains when operating as part of a distributed, hierarchical namespace is provided.

    @@ -42988,7 +31879,7 @@     Secure Name/Address Resolution Service (Recursive or Caching Resolver) - + @@ -42999,9 +31890,6 @@ -

    Request and perform data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources.

    SC-21 Additional FedRAMP Requirements and Guidance @@ -43037,21 +31925,6 @@

    Each client of name resolution services either performs this validation on its own or has authenticated channels to trusted validation providers. Systems that provide name and address resolution services for local clients include recursive resolving or caching domain name system (DNS) servers. DNS client resolvers either perform validation of DNSSEC signatures, or clients use authenticated channels to recursive resolvers that perform such validations. Systems that use technologies other than the DNS to map between host and service names and network addresses provide some other means to enable clients to verify the authenticity and integrity of response data.

     - - - - @@ -43107,6 +31980,7 @@     Architecture and Provisioning for Name/Address Resolution Service + @@ -43119,30 +31993,12 @@ -

    Ensure the systems that collectively provide name/address resolution service for an organization are fault-tolerant and implement internal and external role separation.

    Systems that provide name and address resolution services include domain name system (DNS) servers. To eliminate single points of failure in systems and enhance redundancy, organizations employ at least two authoritative domain name system servers—one configured as the primary server and the other configured as the secondary server. Additionally, organizations typically deploy the servers in two geographically separated network subnetworks (i.e., not located in the same physical facility). For role separation, DNS servers with internal roles only process name and address resolution requests from within organizations (i.e., from internal clients). DNS servers with external roles only process name and address resolution information requests from clients external to organizations (i.e., on external networks, including the Internet). Organizations specify clients that can access authoritative DNS servers in certain roles (e.g., by address ranges and explicit lists).

     - - - - @@ -43195,6 +32051,7 @@     Session Authenticity + @@ -43210,30 +32067,12 @@ -

    Protect the authenticity of communications sessions.

    Protecting session authenticity addresses communications protection at the session level, not at the packet level. Such protection establishes grounds for confidence at both ends of communications sessions in the ongoing identities of other parties and the validity of transmitted information. Authenticity protection includes protecting against man-in-the-middle attacks, session hijacking, and the insertion of false information into sessions.

     - - - -

    the authenticity of communication sessions is protected.

    @@ -43286,7 +32125,7 @@

    information at rest requiring protection is defined;

    - + @@ -43322,9 +32161,6 @@ -

    Protect the of the following information at rest: .

    SC-28 Additional FedRAMP Requirements and Guidance @@ -43346,21 +32182,6 @@

    Information at rest refers to the state of information when it is not in process or in transit and is located on system components. Such components include internal or external hard disk drives, storage area network devices, or databases. However, the focus of protecting information at rest is not on the type of storage device or frequency of access but rather on the state of the information. Information at rest addresses the confidentiality and integrity of information and covers user information and system information. System-related information that requires protection includes configurations or rule sets for firewalls, intrusion detection and prevention systems, filtering routers, and authentication information. Organizations may employ different mechanisms to achieve confidentiality and integrity protections, including the use of cryptographic mechanisms and file share scanning. Integrity protection can be achieved, for example, by implementing write-once-read-many (WORM) technologies. When adequate protection of information at rest cannot otherwise be achieved, organizations may employ other controls, including frequent scanning to identify malicious code at rest and secure offline storage in lieu of online storage.

     - - - -

    the of is/are protected.

    @@ -43414,6 +32235,7 @@

    system components or media requiring cryptographic protection is/are defined;

    + @@ -43425,9 +32247,6 @@ -

    Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of the following information at rest on : .

    SC-28 (1) Additional FedRAMP Requirements and Guidance @@ -43445,21 +32264,6 @@

    The selection of cryptographic mechanisms is based on the need to protect the confidentiality and integrity of organizational information. The strength of mechanism is commensurate with the security category or classification of the information. Organizations have the flexibility to encrypt information on system components or media or encrypt data structures, including files, records, or fields.

     - - - - @@ -43507,6 +32311,7 @@     Process Isolation + @@ -43526,30 +32331,12 @@ -

    Maintain a separate execution domain for each executing system process.

    Systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each system process has a distinct address space so that communication between processes is performed in a manner controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces. Process isolation technologies, including sandboxing or virtualization, logically separate software and firmware from other software, firmware, and data. Process isolation helps limit the access of potentially untrusted software to other system resources. The capability to maintain separate execution domains is available in commercial operating systems that employ multi-state processor technologies.

     - - - -

    a separate execution domain is maintained for each executing system process.

    @@ -43583,6 +32370,7 @@     System Time Synchronization + @@ -43595,30 +32383,12 @@ -

    Synchronize system clocks within and between systems and system components.

    Time synchronization of system clocks is essential for the correct execution of many system services, including identification and authentication processes that involve certificates and time-of-day restrictions as part of access control. Denial of service or failure to deny expired credentials may result without properly synchronized clocks within and between systems and system components. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. The granularity of time measurements refers to the degree of synchronization between system clocks and reference clocks, such as clocks synchronizing within hundreds of milliseconds or tens of milliseconds. Organizations may define different time granularities for system components. Time service can be critical to other security capabilities—such as access control and identification and authentication—depending on the nature of the mechanisms used to support the capabilities.

     - - - -

    system clocks are synchronized within and between systems and system components.

    @@ -43687,7 +32457,7 @@

    the time period to compare the internal system clocks with the authoritative time source is defined;

    - + @@ -43697,16 +32467,10 @@ -

    Compare the internal system clocks with ; and

     -

    Synchronize the internal system clocks to the authoritative time source when the time difference is greater than .

     @@ -43732,29 +32496,11 @@ - - -

    the internal system clocks are compared with ;

     - -

    the internal system clocks are synchronized with the authoritative time source when the time difference is greater than .

    @@ -43864,6 +32610,7 @@

    events that would require the system and information integrity procedures to be reviewed and updated are defined;

    + @@ -43882,13 +32629,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -43910,20 +32650,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the system and information integrity policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current system and information integrity:

    @@ -43944,57 +32674,21 @@ - - -

    a system and information integrity policy is developed and documented;

     - - -

    the system and information integrity policy is disseminated to ;

     - -

    system and information integrity procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls are developed and documented;

     - -

    the system and information integrity procedures are disseminated to ;

    @@ -44002,13 +32696,6 @@ - - @@ -44048,13 +32735,6 @@ - -

    the system and information integrity policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

    @@ -44064,17 +32744,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the system and information integrity policy and procedures;

    @@ -44082,17 +32751,6 @@ - - - @@ -44107,17 +32765,6 @@ - - - @@ -44168,6 +32815,7 @@

    time period within which to install security-relevant software updates after the release of the updates is defined;

    + @@ -44198,30 +32846,18 @@ -

    Identify, report, and correct system flaws;

     -

    Test software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation;

     -

    Install security-relevant software and firmware updates within of the release of the updates; and

     -

    Incorporate flaw remediation into the organizational configuration management process.

     @@ -44233,21 +32869,6 @@ - - - - @@ -44267,17 +32888,6 @@ - - - @@ -44302,17 +32912,6 @@ - - - @@ -44327,17 +32926,6 @@ - - -

    flaw remediation is incorporated into the organizational configuration management process.

    @@ -44401,6 +32989,7 @@

    the frequency at which to determine if applicable security-relevant software and firmware updates are installed on system components is defined;

    + @@ -44411,9 +33000,6 @@ -

    Determine if system components have applicable security-relevant software and firmware updates installed using .

     @@ -44421,21 +33007,6 @@

    Automated mechanisms can track and determine the status of known flaws for system components.

     - - - -

    system components have applicable security-relevant software and firmware updates installed using .

    @@ -44481,6 +33052,7 @@

    the benchmarks for taking corrective actions are defined;

    + @@ -44490,16 +33062,10 @@ -

    Measure the time between flaw identification and flaw remediation; and

     -

    Establish the following benchmarks for taking corrective actions: .

     @@ -44510,37 +33076,11 @@ - - - -

    the time between flaw identification and flaw remediation is measured;

     - - -

    for taking corrective actions have been established.

    @@ -44648,7 +33188,7 @@

    personnel or roles to be alerted when malicious code is detected is/are defined;

    - + @@ -44682,23 +33222,14 @@ -

    Implement malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code;

     -

    Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management policy and procedures;

     -

    Configure malicious code protection mechanisms to:

    @@ -44712,9 +33243,6 @@     -

    Address the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the system.

     @@ -44727,17 +33255,6 @@ - - - @@ -44754,17 +33271,6 @@ - - -

    malicious code protection mechanisms are updated automatically as new releases are available in accordance with organizational configuration management policy and procedures;

    @@ -44774,33 +33280,11 @@ - - -

    malicious code protection mechanisms are configured to perform periodic scans of the system ;

     - - -

    malicious code protection mechanisms are configured to perform real-time scans of files from external sources at as the files are downloaded, opened, or executed in accordance with organizational policy;

    @@ -44810,33 +33294,11 @@ - - -

    malicious code protection mechanisms are configured to in response to malicious code detection;

     - - -

    malicious code protection mechanisms are configured to send alerts to in response to malicious code detection;

    @@ -44846,17 +33308,6 @@     - - -

    the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the system are addressed.

    @@ -44944,6 +33395,7 @@

    a frequency for providing system monitoring to personnel or roles is defined (if selected);

    + @@ -45004,9 +33456,6 @@ -

    Monitor the system to detect:

    @@ -45019,16 +33468,10 @@     -

    Identify unauthorized use of the system through the following techniques and methods: ;

     -

    Invoke internal monitoring capabilities or deploy monitoring devices:

    @@ -45041,30 +33484,18 @@     -

    Analyze detected events and anomalies;

     -

    Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation;

     -

    Obtain legal opinion regarding system monitoring activities; and

     -

    Provide to .

    @@ -45086,41 +33517,11 @@ - - - -

    the system is monitored to detect attacks and indicators of potential attacks in accordance with ;

     - - - - @@ -45142,17 +33543,6 @@ - - -

    unauthorized use of the system is identified through ;

    @@ -45160,41 +33550,11 @@ - - - -

    internal monitoring capabilities are invoked or monitoring devices are deployed strategically within the system to collect organization-determined essential information;

     - - - -

    internal monitoring capabilities are invoked or monitoring devices are deployed at ad hoc locations within the system to track specific types of transactions of interest to the organization;

    @@ -45202,17 +33562,6 @@     - - - @@ -45227,53 +33576,16 @@ - - -

    the level of system monitoring activity is adjusted when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation;

     - - -

    a legal opinion regarding system monitoring activities is obtained;

     - - - -

    is provided to @@ -45319,7 +33631,7 @@ System-wide Intrusion Detection System - + @@ -45334,9 +33646,6 @@ value="true"/> -

    Connect and configure individual intrusion detection tools into a system-wide intrusion detection system.

     @@ -45345,33 +33654,11 @@ - - -

    individual intrusion detection tools are connected to a system-wide intrusion detection system;

     - - -

    individual intrusion detection tools are configured into a system-wide intrusion detection system.

    @@ -45415,7 +33702,7 @@     Automated Tools and Mechanisms for Real-time Analysis - + @@ -45429,30 +33716,12 @@ -

    Employ automated tools and mechanisms to support near real-time analysis of events.

    Automated tools and mechanisms include host-based, network-based, transport-based, or storage-based event monitoring tools and mechanisms or security information and event management (SIEM) technologies that provide real-time analysis of alerts and notifications generated by organizational systems. Automated monitoring techniques can create unintended privacy risks because automated controls may connect to external or otherwise unrelated systems. The matching of records between these systems may create linkages with unintended consequences. Organizations assess and document these risks in their privacy impact assessment and make determinations that are in alignment with their privacy program plan.

     - - - -

    automated tools and mechanisms are employed to support a near real-time analysis of events.

    @@ -45535,6 +33804,7 @@

    unusual or unauthorized activities or conditions that are to be monitored in outbound communications traffic are defined;

    + @@ -45547,16 +33817,10 @@ -

    Determine criteria for unusual or unauthorized activities or conditions for inbound and outbound communications traffic;

     -

    Monitor inbound and outbound communications traffic for .

     @@ -45567,17 +33831,6 @@ - - - @@ -45592,21 +33845,6 @@ - - - - @@ -45673,6 +33911,7 @@

    compromise indicators are defined;

    + @@ -45687,9 +33926,6 @@ -

    Alert when the following system-generated indications of compromise or potential compromise occur: .

    SI-4 (5) Additional FedRAMP Requirements and Guidance @@ -45703,21 +33939,6 @@

    Alerts may be generated from a variety of sources, including audit records or inputs from malicious code protection mechanisms, intrusion detection or prevention mechanisms, or boundary protection devices such as firewalls, gateways, and routers. Alerts can be automated and may be transmitted telephonically, by electronic mail messages, or by text messaging. Organizational personnel on the alert notification list can include system administrators, mission or business owners, system owners, information owners/stewards, senior agency information security officers, senior agency officials for privacy, system security officers, or privacy officers. In contrast to alerts generated by the system, alerts generated by organizations in SI-4(12) focus on information sources external to the system, such as suspicious activity reports and reports on potential insider threats.

     - - - -

    are alerted when system-generated occur.

    @@ -45765,7 +33986,7 @@     Correlate Monitoring Information - + @@ -45781,26 +34002,12 @@ -

    Correlate information from monitoring tools and mechanisms employed throughout the system.

    Correlating information from different system monitoring tools and mechanisms can provide a more comprehensive view of system activity. Correlating system monitoring tools and mechanisms that typically work in isolation—including malicious code protection software, host monitoring, and network monitoring—can provide an organization-wide monitoring view and may reveal otherwise unseen attack patterns. Understanding the capabilities and limitations of diverse monitoring tools and mechanisms and how to maximize the use of information generated by those tools and mechanisms can help organizations develop, operate, and maintain effective monitoring programs. The correlation of monitoring information is especially important during the transition from older to newer technologies (e.g., transitioning from IPv4 to IPv6 network protocols).

     - - -

    information from monitoring tools and mechanisms employed throughout the system is correlated.

    @@ -45850,6 +34057,7 @@

    interior points within the system where communications traffic is to be analyzed are defined;

    + @@ -45864,26 +34072,12 @@ value="true"/> -

    Analyze outbound communications traffic at external interfaces to the system and at the following interior points to detect covert exfiltration of information: .

    Organization-defined interior points include subnetworks and subsystems. Covert means that can be used to exfiltrate information include steganography.

     - - - @@ -45949,7 +34143,7 @@

    system components where host-based monitoring is to be implemented are defined;

    - + @@ -45963,30 +34157,12 @@ -

    Implement the following host-based monitoring mechanisms at : .

    Host-based monitoring collects information about the host (or system in which it resides). System components in which host-based monitoring can be implemented include servers, notebook computers, and mobile devices. Organizations may consider employing host-based monitoring mechanisms from multiple product developers or vendors.

     - - - -

    are implemented on .

    @@ -46079,6 +34255,7 @@

    external organizations to whom security alerts, advisories, and directives are to be disseminated are defined (if selected);

    + @@ -46094,30 +34271,18 @@ -

    Receive system security alerts, advisories, and directives from on an ongoing basis;

     -

    Generate internal security alerts, advisories, and directives as deemed necessary;

     -

    Disseminate security alerts, advisories, and directives to: ; and

     -

    Implement security directives in accordance with established time frames, or notify the issuing organization of the degree of noncompliance.

     @@ -46133,73 +34298,21 @@ - - - -

    system security alerts, advisories, and directives are received from on an ongoing basis;

     - - -

    internal security alerts, advisories, and directives are generated as deemed necessary;

     - - - -

    security alerts, advisories, and directives are disseminated to ;

     - - -

    security directives are implemented in accordance with established time frames or if the issuing organization is notified of the degree of noncompliance.

    @@ -46315,7 +34428,7 @@

    alternative action(s) to be performed when anomalies are discovered are defined (if selected);

    - + @@ -46332,30 +34445,18 @@ -

    Verify the correct operation of ;

     -

    Perform the verification of the functions specified in SI-6a ;

     -

    Alert to failed security and privacy verification tests; and

     -

    when anomalies are discovered.

    @@ -46367,17 +34468,6 @@ - - - @@ -46394,17 +34484,6 @@ - - - @@ -46421,17 +34500,6 @@ - - - @@ -46448,17 +34516,6 @@ - - -

    is/are initiated when anomalies are discovered.

    @@ -46547,7 +34604,7 @@

    actions to be taken when unauthorized changes to information are detected are defined;

    - + @@ -46592,16 +34649,10 @@ -

    Employ integrity verification tools to detect unauthorized changes to the following software, firmware, and information: ; and

     -

    Take the following actions when unauthorized changes to the software, firmware, and information are detected: .

     @@ -46612,17 +34663,6 @@ - - - @@ -46642,17 +34682,6 @@ - - - @@ -46825,7 +34854,7 @@

    frequency with which to perform an integrity check (of information) is defined (if selected);

    - + @@ -46837,9 +34866,6 @@ value="true"/> -

    Perform an integrity check of .

     @@ -46847,21 +34873,6 @@

    Security-relevant events include the identification of new threats to which organizational systems are susceptible and the installation of new hardware, software, or firmware. Transitional states include system startup, restart, shutdown, and abort.

     - - - - @@ -46921,6 +34932,7 @@

    security-relevant changes to the system are defined;

    + @@ -46937,26 +34949,12 @@ -

    Incorporate the detection of the following unauthorized changes into the organizational incident response capability: .

    Integrating detection and response helps to ensure that detected events are tracked, monitored, corrected, and available for historical purposes. Maintaining historical records is important for being able to identify and discern adversary actions over an extended time period and for possible legal actions. Security-relevant changes include unauthorized changes to established configuration settings or the unauthorized elevation of system privileges.

     - - -

    the detection of are incorporated into the organizational incident response capability.

    @@ -46999,6 +34997,7 @@     Spam Protection + @@ -47015,16 +35014,10 @@ -

    Employ spam protection mechanisms at system entry and exit points to detect and act on unsolicited messages; and

     -

    Update spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.

     @@ -47047,17 +35040,6 @@ - - - @@ -47082,17 +35064,6 @@ - - -

    spam protection mechanisms are updated when new releases are available in accordance with organizational configuration management policies and procedures.

    @@ -47142,6 +35113,7 @@

    the frequency at which to automatically update spam protection mechanisms is defined;

    + @@ -47150,26 +35122,12 @@ value="system"/> -

    Automatically update spam protection mechanisms .

    Using automated mechanisms to update spam protection mechanisms helps to ensure that updates occur on a regular basis and provide the latest content and protection capabilities.

     - - -

    spam protection mechanisms are automatically updated .

    @@ -47218,7 +35176,7 @@

    information inputs to the system requiring validity checks are defined;

    - + @@ -47230,9 +35188,6 @@ value="true"/> -

    Check the validity of the following information inputs: .

    SI-10 Additional FedRAMP Requirements and Guidance @@ -47247,13 +35202,6 @@ abc, or %K% are invalid inputs and are not accepted as input to the system. Valid inputs are likely to vary from field to field within a software application. Applications typically follow well-defined protocols that use structured messages (i.e., commands or queries) to communicate between software modules or system components. Structured messages can contain raw or unstructured data interspersed with metadata or control information. If software applications use attacker-supplied inputs to construct structured messages without properly encoding such messages, then the attacker could insert malicious commands or special characters that can cause the data to be interpreted as control information or metadata. Consequently, the module or component that receives the corrupted output will perform the wrong operations or otherwise interpret the data incorrectly. Prescreening inputs prior to passing them to interpreters prevents the content from being unintentionally interpreted as commands. Input validation ensures accurate and correct inputs and prevents attacks such as cross-site scripting and a variety of injection attacks.

     - -

    the validity of the is checked.

    @@ -47307,6 +35255,7 @@

    personnel or roles to whom error messages are to be revealed is/are defined;

    + @@ -47320,16 +35269,10 @@ -

    Generate error messages that provide information necessary for corrective actions without revealing information that could be exploited; and

     -

    Reveal error messages only to .

     @@ -47340,25 +35283,11 @@ - -

    error messages that provide the information necessary for corrective actions are generated without revealing information that could be exploited;

     - -

    error messages are revealed only to .

    @@ -47402,6 +35331,7 @@     Information Management and Retention + @@ -47442,26 +35372,12 @@ -

    Manage and retain information within the system and information output from the system in accordance with applicable laws, executive orders, directives, regulations, policies, standards, guidelines and operational requirements.

    Information management and retention requirements cover the full life cycle of information, in some cases extending beyond system disposal. Information to be retained may also include policies, procedures, plans, reports, data output from control implementation, and other types of administrative information. The National Archives and Records Administration (NARA) provides federal policy and guidance on records retention and schedules. If organizations have a records management office, consider coordinating with records management personnel. Records produced from the output of implemented controls that may require management and retention include, but are not limited to: All XX-1, AC-6(9), AT-4, AU-12, CA-2, CA-3, CA-5, CA-6, CA-7, CA-8, CA-9, CM-2, CM-3, CM-4, CM-6, CM-8, CM-9, CM-12, CM-13, CP-2, IR-6, IR-8, MA-2, MA-4, PE-2, PE-8, PE-16, PE-17, PL-2, PL-4, PL-7, PL-8, PM-5, PM-8, PM-9, PM-18, PM-21, PM-27, PM-28, PM-30, PM-31, PS-2, PS-6, PS-7, PT-2, PT-3, PT-7, RA-2, RA-3, RA-5, RA-8, SA-4, SA-5, SA-8, SA-10, SI-4, SR-2, SR-4, SR-8.

     - - - @@ -47533,6 +35449,7 @@

    controls to be implemented to protect the system memory from unauthorized code execution are defined;

    + @@ -47546,26 +35463,12 @@ -

    Implement the following controls to protect the system memory from unauthorized code execution: .

    Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Controls employed to protect memory include data execution prevention and address space layout randomization. Data execution prevention controls can either be hardware-enforced or software-enforced with hardware enforcement providing the greater strength of mechanism.

     - - -

    are implemented to protect the system memory from unauthorized code execution.

    @@ -47681,6 +35584,7 @@

    events that require the supply chain risk management procedures to be reviewed and updated are defined;

    + @@ -47705,13 +35609,6 @@ - - -

    This response must address all control sub-statement requirements.

    -     -

    Develop, document, and disseminate to :

    @@ -47733,20 +35630,10 @@     -

    Designate an to manage the development, documentation, and dissemination of the supply chain risk management policy and procedures; and

     - - -

    This response must address all control sub-statement requirements.

    -     -

    Review and update the current supply chain risk management:

    @@ -47767,57 +35654,21 @@ - - -

    a supply chain risk management policy is developed and documented;

     - - -

    the supply chain risk management policy is disseminated to ;

     - -

    supply chain risk management procedures to facilitate the implementation of the supply chain risk management policy and the associated supply chain risk management controls are developed and documented;

     - -

    the supply chain risk management procedures are disseminated to .

    @@ -47825,13 +35676,6 @@ - - @@ -47872,13 +35716,6 @@ - -

    the supply chain risk management policy is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines;

    @@ -47888,17 +35725,6 @@     - - -

    the is designated to manage the development, documentation, and dissemination of the supply chain risk management policy and procedures;

    @@ -47906,17 +35732,6 @@ - - - @@ -47931,17 +35746,6 @@ - - - @@ -48000,6 +35804,7 @@

    the frequency at which to review and update the supply chain risk management plan is defined;

    + @@ -48035,23 +35840,14 @@ -

    Develop a plan for managing supply chain risks associated with the research and development, design, manufacturing, acquisition, delivery, integration, operations and maintenance, and disposal of the following systems, system components or system services: ;

     -

    Review and update the supply chain risk management plan or as required, to address threat, organizational or environmental changes; and

     -

    Protect the supply chain risk management plan from unauthorized disclosure and modification.

     @@ -48065,113 +35861,46 @@ - - -

    a plan for managing supply chain risks is developed;

     - -

    the supply chain risk management plan addresses risks associated with the research and development of ;

     - -

    the supply chain risk management plan addresses risks associated with the design of ;

     - -

    the supply chain risk management plan addresses risks associated with the manufacturing of ;

     - -

    the supply chain risk management plan addresses risks associated with the acquisition of ;

     - -

    the supply chain risk management plan addresses risks associated with the delivery of ;

     - -

    the supply chain risk management plan addresses risks associated with the integration of ;

     - -

    the supply chain risk management plan addresses risks associated with the operation and maintenance of ;

     - -

    the supply chain risk management plan addresses risks associated with the disposal of ;

    @@ -48179,33 +35908,11 @@     - - -

    the supply chain risk management plan is reviewed and updated or as required to address threat, organizational, or environmental changes;

     - - - @@ -48280,6 +35987,7 @@

    supply chain risk management activities are defined;

    + @@ -48291,26 +35999,12 @@ value="true"/> -

    Establish a supply chain risk management team consisting of to lead and support the following SCRM activities: .

    To implement supply chain risk management plans, organizations establish a coordinated, team-based approach to identify and assess supply chain risks and manage these risks by using programmatic and technical mitigation techniques. The team approach enables organizations to conduct an analysis of their supply chain, communicate with internal and external partners or stakeholders, and gain broad consensus regarding the appropriate resources for SCRM. The SCRM team consists of organizational personnel with diverse roles and responsibilities for leading and supporting SCRM activities, including risk executive, information technology, contracting, information security, privacy, mission or business, legal, supply chain and logistics, acquisition, business continuity, and other relevant functions. Members of the SCRM team are involved in various aspects of the SDLC and, collectively, have an awareness of and provide expertise in acquisition processes, legal practices, vulnerabilities, threats, and attack vectors, as well as an understanding of the technical aspects and dependencies of systems. The SCRM team can be an extension of the security and privacy risk management processes or be included as part of an organizational risk management team.

     - - -

    a supply chain risk management team consisting of is established to lead and support .

    @@ -48379,6 +36073,7 @@

    the document identifying the selected and implemented supply chain processes and controls is defined (if selected);

    + @@ -48423,23 +36118,14 @@ -

    Establish a process or processes to identify and address weaknesses or deficiencies in the supply chain elements and processes of in coordination with ;

     -

    Employ the following controls to protect against supply chain risks to the system, system component, or system service and to limit the harm or consequences from supply chain-related events: ; and

     -

    Document the selected and implemented supply chain processes and controls in .

     @@ -48459,33 +36145,11 @@ - - -

    a process or processes is/are established to identify and address weaknesses or deficiencies in the supply chain elements and processes of ;

     - - -

    the process or processes to identify and address weaknesses or deficiencies in the supply chain elements and processes of is/are coordinated with ;

    @@ -48493,34 +36157,12 @@     - - -

    are employed to protect against supply chain risks to the system, system component, or system service and to limit the harm or consequences from supply chain-related events;

     - - -

    the selected and implemented supply chain processes and controls are documented in .

    @@ -48574,6 +36216,7 @@

    acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks are defined;

    + @@ -48606,30 +36249,12 @@ -

    Employ the following acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks: .

    The use of the acquisition process provides an important vehicle to protect the supply chain. There are many useful tools and techniques available, including obscuring the end use of a system or system component, using blind or filtered buys, requiring tamper-evident packaging, or using trusted or controlled distribution. The results from a supply chain risk assessment can guide and inform the strategies, tools, and methods that are most applicable to the situation. Tools and techniques may provide protections against unauthorized production, theft, tampering, insertion of counterfeits, insertion of malicious software or backdoors, and poor development practices throughout the system development life cycle. Organizations also consider providing incentives for suppliers who implement controls, promote transparency into their processes and security and privacy practices, provide contract language that addresses the prohibition of tainted or counterfeit components, and restrict purchases from untrustworthy suppliers. Organizations consider providing training, education, and awareness programs for personnel regarding supply chain risk, available mitigation strategies, and when the programs should be employed. Methods for reviewing and protecting development plans, documentation, and evidence are commensurate with the security and privacy requirements of the organization. Contracts may specify documentation protection requirements.

     - - - - @@ -48703,6 +36328,7 @@

    the frequency at which to assess and review the supply chain-related risks associated with suppliers or contractors and the systems, system components, or system services they provide is defined;

    + @@ -48728,9 +36354,6 @@ -

    Assess and review the supply chain-related risks associated with suppliers or contractors and the system, system component, or system service they provide .

    SR-6 Additional FedRAMP Requirements and Guidance @@ -48744,17 +36367,6 @@

    An assessment and review of supplier risk includes security and supply chain risk management processes, foreign ownership, control or influence (FOCI), and the ability of the supplier to effectively assess subordinate second-tier and third-tier suppliers and contractors. The reviews may be conducted by the organization or by an independent third party. The reviews consider documented processes, documented controls, all-source intelligence, and publicly available information related to the supplier or contractor. Organizations can use open-source information to monitor for indications of stolen information, poor development and quality control practices, information spillage, or counterfeits. In some cases, it may be appropriate or required to share assessment and review results with other organizations in accordance with any applicable rules, policies, or inter-organizational agreements or contracts.

     - - -

    the supply chain-related risks associated with suppliers or contractors and the systems, system components, or system services they provide are assessed and reviewed .

    @@ -48813,6 +36425,7 @@

    information for which agreements and procedures are to be established are defined (if selected);

    + @@ -48833,9 +36446,6 @@ -

    Establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the .

    SR-8 Additional FedRAMP Requirements and Guidance @@ -48849,17 +36459,6 @@

    The establishment of agreements and procedures facilitates communications among supply chain entities. Early notification of compromises and potential compromises in the supply chain that can potentially adversely affect or have adversely affected organizational systems or system components is essential for organizations to effectively respond to such incidents. The results of assessments or audits may include open-source information that contributed to a decision or result and could be used to help the supply chain entity resolve a concern or improve its processes.

     - - -

    agreements and procedures are established with entities involved in the supply chain for the system, system components, or system service for .

    @@ -48926,6 +36525,7 @@

    indications of the need for an inspection of systems or system components are defined (if selected);

    + @@ -48946,26 +36546,12 @@ -

    Inspect the following systems or system components to detect tampering: .

    The inspection of systems or systems components for tamper resistance and detection addresses physical and logical tampering and is applied to systems and system components removed from organization-controlled areas. Indications of a need for inspection include changes in packaging, specifications, factory location, or entity in which the part is purchased, and when individuals return from travel to high-risk locations.

     - - -

    are inspected to detect tampering.

    @@ -49032,6 +36618,7 @@

    personnel or roles to whom counterfeit system components are to be reported is/are defined (if selected);

    + @@ -49049,16 +36636,10 @@ -

    Develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and

     -

    Report counterfeit system components to .

     @@ -49078,65 +36659,21 @@ - - -

    an anti-counterfeit policy is developed and implemented;

     - - -

    anti-counterfeit procedures are developed and implemented;

     - - -

    the anti-counterfeit procedures include the means to detect counterfeit components entering the system;

     - - -

    the anti-counterfeit procedures include the means to prevent counterfeit components from entering the system;

    @@ -49144,17 +36681,6 @@     - - -

    counterfeit system components are reported to .

    @@ -49209,6 +36735,7 @@

    personnel or roles requiring training to detect counterfeit system components (including hardware, software, and firmware) is/are defined;

    + @@ -49221,26 +36748,12 @@ -

    Train to detect counterfeit system components (including hardware, software, and firmware).

    None.

     - - -

    are trained to detect counterfeit system components (including hardware, software, and firmware).

    @@ -49294,6 +36807,7 @@

    system components requiring configuration control are defined;

    + @@ -49309,26 +36823,12 @@ -

    Maintain configuration control over the following system components awaiting service or repair and serviced or repaired components awaiting return to service: .

    None.

     - - - @@ -49390,6 +36890,7 @@

    techniques and methods for disposing of data, documentation, tools, or system components are defined;

    + @@ -49401,26 +36902,12 @@ value="true"/> -

    Dispose of using the following techniques and methods: .

    Data, documentation, tools, or system components can be disposed of at any time during the system development life cycle (not only in the disposal or retirement phase of the life cycle). For example, disposal can occur during research and development, design, prototyping, or operations/maintenance and include methods such as disk cleaning, removal of cryptographic keys, partial reuse of components. Opportunities for compromise during disposal affect physical and logical data, including system documentation in paper-based or digital files; shipping and delivery documentation; memory sticks with software code; or complete routers or servers that include permanent media, which contain sensitive or proprietary information. Additionally, proper disposal of system components helps to prevent such components from entering the gray market.

     - - -

    are disposed of using .

    diff --git a/dist/content/rev5/baselines/xml/FedRAMP_rev5_MODERATE-baseline_profile.xml b/dist/content/rev5/baselines/xml/FedRAMP_rev5_MODERATE-baseline_profile.xml index e0f6c1eaa..a421bb876 100644 --- a/dist/content/rev5/baselines/xml/FedRAMP_rev5_MODERATE-baseline_profile.xml +++ b/dist/content/rev5/baselines/xml/FedRAMP_rev5_MODERATE-baseline_profile.xml @@ -1,11 +1,11 @@ - + FedRAMP Rev 5 Moderate Baseline 2023-08-31T00:00:00Z - 2024-01-11T23:40:17Z - 5.1.1+fedramp-20240111-0 + 2023-12-18T15:21:26Z + 5.1.1+20231218-1 1.1.1 Document creator @@ -1495,7 +1495,7 @@ -

    personnel screening criteria - as required by specific information

    +

    personnel screening criteria – as required by specific information

         @@ -2070,427 +2070,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2510,54 +2089,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2570,54 +2101,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2629,17 +2112,6 @@     - - - - - - - - - - - @@ -2656,140 +2128,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2800,64 +2140,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2869,60 +2151,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2934,22 +2164,6 @@     - - - - - - - - - - - - - - - - @@ -2973,45 +2187,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3031,22 +2206,6 @@     - - - - - - - - - - - - - - - - @@ -3055,354 +2214,20 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - AU-2 Additional FedRAMP Requirements and Guidance - - -

    Coordination between service provider and consumer shall be documented and accepted by the JAB/AO.

    -     - - -

    Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO.

    -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -     - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + AU-2 Additional FedRAMP Requirements and Guidance + + +

    Coordination between service provider and consumer shall be documented and accepted by the JAB/AO.

    +     + + +

    Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO.

    +     +     @@ -3415,51 +2240,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3472,33 +2252,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3522,179 +2275,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     @@ -3706,61 +2288,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3772,53 +2299,10 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3834,22 +2318,6 @@     - - - - - - - - - - - - - - - - @@ -3861,50 +2329,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -3925,115 +2349,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4045,29 +2362,11 @@     - - - - - - - - - - - - - - - - - - - CA-8(2) Additional FedRAMP Requirements and Guidance + CM-2 Additional FedRAMP Requirements and Guidance

    See the FedRAMP Documents page> Penetration Test Guidance

    @@ -4075,232 +2374,19 @@     - - - - - - - - - - -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - CM-2 Additional FedRAMP Requirements and Guidance - - -

    Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F.

    -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + CM-2 Additional FedRAMP Requirements and Guidance + + +

    Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F.

    +     +     @@ -4318,155 +2404,9 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4482,57 +2422,11 @@     -

    Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP's Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.

    +

    Compliance checks are used to evaluate configuration settings and provide general insight into the overall effectiveness of configuration management activities. CSPs and 3PAOs typically combine compliance check findings into a single CM-6 finding, which is acceptable. However, for initial assessments, annual assessments, and significant change requests, FedRAMP requires a clear understanding, on a per-control basis, where risks exist. Therefore, 3PAOs must also analyze compliance check findings as part of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are then documented in the CSP’s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable.

    During monthly continuous monitoring, new findings from CSP compliance checks may be combined into a single CM-6 POA&M item. CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests.

         - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4544,47 +2438,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4595,46 +2450,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4646,73 +2463,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4721,55 +2473,6 @@

    FedRAMP does not provide a template for the Configuration Management Plan. However, NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems, provides guidelines for the implementation of CM controls as well as a sample CMP outline in Appendix D of the Guide

     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4782,40 +2485,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -4828,94 +2497,9 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - @@ -4931,134 +2515,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5071,37 +2527,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5118,109 +2543,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5232,39 +2554,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5276,39 +2565,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5320,45 +2576,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5382,54 +2599,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5441,94 +2612,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - @@ -5547,28 +2632,10 @@ -

    "Phishing-resistant" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system.

    +

    "Phishing-resistant" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system.

         - - - - - - - - - - - - - - - - - - @@ -5588,16 +2655,6 @@     - - - - - - - - - - @@ -5617,28 +2674,6 @@     - - - - - - - - - - - - - - - - - - - - - - @@ -5654,25 +2689,6 @@     - - - - - - - - - - - - - - - - - - - @@ -5684,89 +2700,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5782,86 +2717,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5873,7 +2728,7 @@     -

    For cases where technology doesn't allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.

    +

    For cases where technology doesn’t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters.

    For emergency use accounts, these rules should be enforced: must have a minimum length of 14 characters, must support all printable ASCII characters, and passwords must be changed if used.

     @@ -5882,98 +2737,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -5985,13 +2748,6 @@     - - - - - - - @@ -6013,15 +2769,6 @@     - - - - - - - - - @@ -6034,31 +2781,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - @@ -6074,172 +2796,9 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -6251,27 +2810,6 @@     - - - - - - - - - - - - - - - - - - - - - @@ -6279,7 +2817,7 @@ IR-4 Additional FedRAMP Requirements and Guidance -

    The FISMA definition of "incident" shall be used: "An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies."

    +

    The FISMA definition of "incident" shall be used: "An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies."

     @@ -6287,76 +2825,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -6368,71 +2838,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -6448,410 +2855,10 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -6862,114 +2869,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - @@ -6980,20 +2881,6 @@     - - - - - - - - - - - - - - @@ -7005,42 +2892,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -7052,43 +2903,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -7098,239 +2912,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -7341,1701 +2922,95 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + PL-8 Additional FedRAMP Requirements and Guidance + + +

    Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F.

    +     +     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + PL-10 Additional FedRAMP Requirements and Guidance + + +

    Select the appropriate FedRAMP Baseline

    +     +     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + RA-3 Additional FedRAMP Requirements and Guidance + + +

    Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F.

    +     + + +

    Include all Authorizing Officials; for JAB authorizations to include FedRAMP.

    +     +     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - PL-8 Additional FedRAMP Requirements and Guidance - - -

    Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F.

    -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -     - - - - - PL-10 Additional FedRAMP Requirements and Guidance - - -

    Select the appropriate FedRAMP Baseline

    -     -     -     - - - - - - - -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - RA-3 Additional FedRAMP Requirements and Guidance - - -

    Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F.

    -     - - -

    Include all Authorizing Officials; for JAB authorizations to include FedRAMP.

    -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -     - - - - - - - - - - - - - - - - - - - - - - - - RA-5 Additional FedRAMP Requirements and Guidance - - -

    See the FedRAMP Documents page> Vulnerability Scanning Requirements https://www.FedRAMP.gov/documents/

    -     - - -

    an accredited independent assessor scans operating systems/infrastructure, web applications, and databases once annually.

    -     - - -

    If a vulnerability is listed among the CISA Known Exploited Vulnerability (KEV) Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) the KEV remediation date supersedes the FedRAMP parameter requirement.

    -     - - -

    to include all Authorizing Officials; for JAB authorizations to include FedRAMP

    -     - - -

    Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.

    -

    Warning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.

    -

    Warnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a "warning" as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on "Tracking of Compliance Scans" in FAQs.

    -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + RA-5 Additional FedRAMP Requirements and Guidance + + +

    See the FedRAMP Documents page> Vulnerability Scanning Requirements https://www.FedRAMP.gov/documents/

    +     + + +

    an accredited independent assessor scans operating systems/infrastructure, web applications, and databases once annually.

    +     + + +

    If a vulnerability is listed among the CISA Known Exploited Vulnerability (KEV) Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) the KEV remediation date supersedes the FedRAMP parameter requirement.

    +     + + +

    to include all Authorizing Officials; for JAB authorizations to include FedRAMP

    +     + + +

    Informational findings from a scanner are detailed as a returned result that holds no vulnerability risk or severity and for FedRAMP does not require an entry onto the POA&M or entry onto the RET during any assessment phase.

    +

    Warning findings, on the other hand, are given a risk rating (low, moderate, high or critical) by the scanning solution and should be treated like any other finding with a risk or severity rating for tracking purposes onto either the POA&M or RET depending on when the findings originated (during assessments or during monthly continuous monitoring). If a warning is received during scanning, but further validation turns up no actual issue then this item should be categorized as a false positive. If this situation presents itself during an assessment phase (initial assessment, annual assessment or any SCR), follow guidance on how to report false positives in the Security Assessment Report (SAR). If this situation happens during monthly continuous monitoring, a deviation request will need to be submitted per the FedRAMP Vulnerability Deviation Request Form.

    +

    Warnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a “warning” as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching on “Tracking of Compliance Scans” in FAQs.

    +     +     + + + + + + + @@ -9051,93 +3026,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -9150,47 +3038,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -9203,649 +3050,22 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SC-7 Additional FedRAMP Requirements and Guidance - -

    SC-7 (b) should be met by subnet isolation. A subnetwork (subnet) is a physically or logically segmented section of a larger network defined at TCP/IP Layer 3, to both minimize traffic and, important for a FedRAMP Authorization, add a crucial layer of network isolation. Subnets are distinct from VLANs (Layer 2), security groups, and VPCs and are specifically required to satisfy SC-7 part b and other controls. See the FedRAMP Subnets White Paper (https://www.fedramp.gov/assets/resources/documents/FedRAMP_subnets_white_paper.pdf) for additional information.

    -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +

    SC-7 (b) should be met by subnet isolation. A subnetwork (subnet) is a physically or logically segmented section of a larger network defined at TCP/IP Layer 3, to both minimize traffic and, important for a FedRAMP Authorization, add a crucial layer of network isolation. Subnets are distinct from VLANs (Layer 2), security groups, and VPCs and are specifically required to satisfy SC-7 part b and other controls. See the FedRAMP Subnets White Paper (https://www.fedramp.gov/assets/resources/documents/FedRAMP_subnets_white_paper.pdf) for additional information.

    +     +     + @@ -9856,46 +3076,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -9904,7 +3084,7 @@

    For each instance of data in transit, confidentiality AND integrity should be through cryptography as specified in SC-8 (1), physical means as specified in SC-8 (5), or in combination.

    -

    +

    For clarity, this control applies to all data in transit. Examples include the following data flows:

    • Crossing the system boundary
      • @@ -9913,9 +3093,9 @@
    • Replication between availability zones
    • Transmission of backups to storage
    • From a load balancer to a compute instance
      • -
    • Flows from management tools required for their work - e.g. log collection, scanning, etc.
      • +
    • Flows from management tools required for their work – e.g. log collection, scanning, etc.
    -

    +

    The following applies only when choosing SC-8 (5) in lieu of SC-8 (1).

    FedRAMP-Defined Assignment / Selection Parameters

    SC-8 (5)-1 [a hardened or alarmed carrier Protective Distribution System (PDS) when outside of Controlled Access Area (CAA)]

    @@ -9924,33 +3104,21 @@

    SC-8 (5) applies when physical protection has been selected as the method to protect confidentiality and integrity. For physical protection, data in transit must be in either a Controlled Access Area (CAA), or a Hardened or alarmed PDS.

    -

    +

    Hardened or alarmed PDS: Shall be as defined in SECTION X - CATEGORY 2 PDS INSTALLATION GUIDANCE of CNSSI No.7003, titled PROTECTED DISTRIBUTION SYSTEMS (PDS). Per the CNSSI No. 7003 Section VIII, PDS must originate and terminate in a Controlled Access Area (CAA).

    -

    -

    Controlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS's Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS' recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).

    -

    +

    +

    Controlled Access Area (CAA): Data will be considered physically protected, and in a CAA if it meets Section 2.3 of the DHS’s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 of the DHS’ recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3).

    +

    Note: When selecting SC-8 (5), the above SC-8(5), and the above referenced PE controls must be added to the SSP.

    -

    +

    CNSSI No.7003 can be accessed here:

    https://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf

    -

    +

    DHS Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies can be accessed here:

    https://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf

         - - - - - - - - - - - -     @@ -9962,7 +3130,7 @@     -

    See M-22-09, including "Agencies encrypt all DNS requests and HTTP traffic within their environment"

    +

    See M-22-09, including "Agencies encrypt all DNS requests and HTTP traffic within their environment"

    SC-8 (1) applies when encryption has been selected as the method to protect confidentiality and integrity. Otherwise refer to SC-8 (5). SC-8 (1) is strongly encouraged.

     @@ -9975,15 +3143,6 @@     - - - - - - - - - @@ -10003,18 +3162,6 @@     - - - - - - - - - - - - @@ -10031,7 +3178,7 @@
  • Generation of one time passwords (OTPs) for MFA
  • Protocols such as TLS, SSH, and HTTPS
    • -

    +

    The requirement for FIPS 140 validation, as well as timelines for acceptance of FIPS 140-2, and 140-3 can be found at the NIST Cryptographic Module Validation Program (CMVP).

    https://csrc.nist.gov/projects/cryptographic-module-validation-program

     @@ -10061,26 +3208,6 @@     - - - - - - - - - - - - - - - - - - - - @@ -10092,23 +3219,6 @@     - - - - - - - - - - - - - - - - - @@ -10132,30 +3242,6 @@     - - - - - - - - - - - - - - - - - - - - - - - - @@ -10189,18 +3275,6 @@     - - - - - - - - - - - - @@ -10220,18 +3294,6 @@     - - - - - - - - - - - - @@ -10247,15 +3309,6 @@     - - - - - - - - - @@ -10276,238 +3329,11 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -10519,167 +3345,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -10690,15 +3357,6 @@     - - - - - - - - - @@ -10711,126 +3369,10 @@

    Service Providers must address the CISA Emergency and Binding Operational Directives applicable to their cloud service offering per FedRAMP guidance. This includes listing the applicable directives and stating compliance status.

     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -10846,22 +3388,6 @@     - - - - - - - - - - - - - - - - @@ -10874,194 +3400,10 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    This response must address all control sub-statement requirements.

     -     -     - - - - - -

    This response must address all control sub-statement requirements.

     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -11073,48 +3415,8 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -11126,14 +3428,6 @@     - - - - - - - - @@ -11146,14 +3440,6 @@     - - - - - - - - @@ -11169,38 +3455,16 @@     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + @@ -11215,9 +3479,9 @@ - NIST Special Publication (SP) 800-53 + NIST Special Publication (SP) 800-53 revision 5 - + diff --git a/dist/content/rev5/baselines/yaml/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.yaml b/dist/content/rev5/baselines/yaml/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.yaml index 500b2a16d..0e5927834 100644 --- a/dist/content/rev5/baselines/yaml/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.yaml +++ b/dist/content/rev5/baselines/yaml/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.yaml @@ -1,11 +1,11 @@ --- catalog: - uuid: 552b6976-bcf9-4e3e-b078-e05cfefe86c3 + uuid: 68275f5d-6150-4f90-aa61-b0479aabe6f0 metadata: title: FedRAMP Rev 5 High Baseline published: 2023-08-31T00:00:00Z - last-modified: 2024-01-19T14:49:42.881594-05:00 - version: 5.1.1+fedramp-20240111-0 + last-modified: 2024-02-06T11:17:03.015838-05:00 + version: 5.1.1+20231218-1 oscal-version: 1.1.1 links: - href: FedRAMP_rev5_HIGH-baseline_profile.yaml @@ -120,6 +120,9 @@ catalog: - prose: events that would require procedures to be reviewed and updated are defined; props: + - name: label + value: AC-01 + class: zero-padded - name: label value: AC-1 - name: label @@ -163,11 +166,6 @@ catalog: - id: ac-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -207,9 +205,6 @@ catalog: - id: ac-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ac-01_odp.04 }} to manage\ @@ -218,11 +213,6 @@ catalog: - id: ac-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current access control:" @@ -282,17 +272,6 @@ catalog: - id: ac-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-01a.[01] class: sp800-53a @@ -303,17 +282,6 @@ catalog: - id: ac-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-01a.[02] class: sp800-53a @@ -325,13 +293,6 @@ catalog: - id: ac-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-01a.[03] class: sp800-53a @@ -344,13 +305,6 @@ catalog: - id: ac-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-01a.[04] class: sp800-53a @@ -369,13 +323,6 @@ catalog: - id: ac-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-01a.01(a) class: sp800-53a @@ -464,13 +411,6 @@ catalog: - id: ac-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-01a.01(b) class: sp800-53a @@ -490,17 +430,6 @@ catalog: - id: ac-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-01b. class: sp800-53a @@ -520,17 +449,6 @@ catalog: - id: ac-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-01c.01 class: sp800-53a @@ -563,17 +481,6 @@ catalog: - id: ac-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-01c.02 class: sp800-53a @@ -709,9 +616,9 @@ catalog: guidelines: - prose: the frequency of account review is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02 + class: zero-padded - name: label value: AC-2 - name: label @@ -792,9 +699,6 @@ catalog: - id: ac-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Define and document the types of accounts allowed and specifically @@ -802,18 +706,12 @@ catalog: - id: ac-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Assign account managers; - id: ac-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Require {{ insert: param, ac-02_odp.01 }} for group and\ @@ -821,9 +719,6 @@ catalog: - id: ac-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Specify:" @@ -850,9 +745,6 @@ catalog: - id: ac-2_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: "Require approvals by {{ insert: param, ac-02_odp.03 }} for\ @@ -860,9 +752,6 @@ catalog: - id: ac-2_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Create, enable, modify, disable, and remove accounts in\ @@ -870,18 +759,12 @@ catalog: - id: ac-2_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: Monitor the use of accounts; - id: ac-2_smt.h name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: h. prose: "Notify account managers and {{ insert: param, ac-02_odp.05\ @@ -911,9 +794,6 @@ catalog: - id: ac-2_smt.i name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: i. prose: "Authorize access to the system based on:" @@ -939,9 +819,6 @@ catalog: - id: ac-2_smt.j name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: j. prose: "Review accounts for compliance with account management requirements\ @@ -949,9 +826,6 @@ catalog: - id: ac-2_smt.k name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: k. prose: Establish and implement a process for changing shared or @@ -960,9 +834,6 @@ catalog: - id: ac-2_smt.l name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: l. prose: Align account management processes with personnel termination @@ -1036,13 +907,6 @@ catalog: - id: ac-2_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-02a.[01] class: sp800-53a @@ -1054,13 +918,6 @@ catalog: - id: ac-2_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-02a.[02] class: sp800-53a @@ -1075,17 +932,6 @@ catalog: - id: ac-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-02b. class: sp800-53a @@ -1096,17 +942,6 @@ catalog: - id: ac-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-02c. class: sp800-53a @@ -1118,13 +953,6 @@ catalog: - id: ac-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-02d. class: sp800-53a @@ -1187,17 +1015,6 @@ catalog: - id: ac-2_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02e. class: sp800-53a @@ -1209,17 +1026,6 @@ catalog: - id: ac-2_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02f. class: sp800-53a @@ -1285,17 +1091,6 @@ catalog: - id: ac-2_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02g. class: sp800-53a @@ -1306,17 +1101,6 @@ catalog: - id: ac-2_obj.h name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02h. class: sp800-53a @@ -1370,17 +1154,6 @@ catalog: - id: ac-2_obj.i.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02i.01 class: sp800-53a @@ -1392,17 +1165,6 @@ catalog: - id: ac-2_obj.i.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02i.02 class: sp800-53a @@ -1414,17 +1176,6 @@ catalog: - id: ac-2_obj.i.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02i.03 class: sp800-53a @@ -1439,17 +1190,6 @@ catalog: - id: ac-2_obj.j name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02j. class: sp800-53a @@ -1468,17 +1208,6 @@ catalog: - id: ac-2_obj.k-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02k.[01] class: sp800-53a @@ -1491,17 +1220,6 @@ catalog: - id: ac-2_obj.k-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02k.[02] class: sp800-53a @@ -1517,17 +1235,6 @@ catalog: - id: ac-2_obj.l name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-02l. class: sp800-53a @@ -1673,9 +1380,9 @@ catalog: - prose: "automated mechanisms used to support the management\ \ of system accounts are defined; " props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02(01) + class: zero-padded - name: label value: AC-2(1) - name: label @@ -1692,10 +1399,6 @@ catalog: parts: - id: ac-2.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Support the management of system accounts using {{ insert:\ \ param, ac-02.01_odp }}." - id: ac-2.1_gdn @@ -1710,17 +1413,6 @@ catalog: - id: ac-2.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(01) class: sp800-53a @@ -1816,9 +1508,9 @@ catalog: - prose: the time period after which to automatically remove or disable temporary or emergency accounts is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02(02) + class: zero-padded - name: label value: AC-2(2) - name: label @@ -1835,10 +1527,6 @@ catalog: parts: - id: ac-2.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Automatically {{ insert: param, ac-02.02_odp.01 }} temporary\ \ and emergency accounts after {{ insert: param, ac-02.02_odp.02\ \ }}." @@ -1852,13 +1540,6 @@ catalog: - id: ac-2.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(02) class: sp800-53a @@ -1963,9 +1644,9 @@ catalog: - prose: time period for account inactivity before disabling is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02(03) + class: zero-padded - name: label value: AC-2(3) - name: label @@ -1988,36 +1669,24 @@ catalog: - id: ac-2.3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Have expired; - id: ac-2.3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Are no longer associated with a user or individual; - id: ac-2.3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: Are in violation of organizational policy; or - id: ac-2.3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (d) prose: "Have been inactive for {{ insert: param, ac-02.03_odp.02\ @@ -2065,17 +1734,6 @@ catalog: - id: ac-2.3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(03)(a) class: sp800-53a @@ -2087,17 +1745,6 @@ catalog: - id: ac-2.3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(03)(b) class: sp800-53a @@ -2110,17 +1757,6 @@ catalog: - id: ac-2.3_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(03)(c) class: sp800-53a @@ -2133,17 +1769,6 @@ catalog: - id: ac-2.3_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(03)(d) class: sp800-53a @@ -2235,9 +1860,9 @@ catalog: class: SP800-53-enhancement title: Automated Audit Actions props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02(04) + class: zero-padded - name: label value: AC-2(4) - name: label @@ -2258,31 +1883,16 @@ catalog: parts: - id: ac-2.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Automatically audit account creation, modification, enabling, disabling, and removal actions. - id: ac-2.4_gdn name: guidance prose: Account management audit records are defined in accordance - with [AU-2](#au-2) and reviewed, analyzed, and reported in accordance - with [AU-6](#au-6). + with [AU-02](#au-2) and reviewed, analyzed, and reported in accordance + with [AU-06](#au-6). - id: ac-2.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(04) class: sp800-53a @@ -2422,9 +2032,9 @@ catalog: - prose: the time period of expected inactivity or description of when to log out is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02(05) + class: zero-padded - name: label value: AC-2(5) - name: label @@ -2446,10 +2056,6 @@ catalog: parts: - id: ac-2.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Require that users log out when {{ insert: param, ac-02.05_odp\ \ }}." parts: @@ -2472,17 +2078,6 @@ catalog: - id: ac-2.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(05) class: sp800-53a @@ -2558,9 +2153,9 @@ catalog: - a role-based access scheme - an attribute-based access scheme props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02(07) + class: zero-padded - name: label value: AC-2(7) - name: label @@ -2581,9 +2176,6 @@ catalog: - id: ac-2.7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Establish and administer privileged user accounts in\ @@ -2591,27 +2183,18 @@ catalog: - id: ac-2.7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Monitor privileged role or attribute assignments; - id: ac-2.7_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: Monitor changes to roles or attributes; and - id: ac-2.7_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (d) prose: Revoke access when privileged role or attribute assignments @@ -2637,17 +2220,6 @@ catalog: - id: ac-2.7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(07)(a) class: sp800-53a @@ -2659,17 +2231,6 @@ catalog: - id: ac-2.7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(07)(b) class: sp800-53a @@ -2680,17 +2241,6 @@ catalog: - id: ac-2.7_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(07)(c) class: sp800-53a @@ -2701,17 +2251,6 @@ catalog: - id: ac-2.7_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(07)(d) class: sp800-53a @@ -2816,9 +2355,9 @@ catalog: - prose: conditions for establishing shared and group accounts are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02(09) + class: zero-padded - name: label value: AC-2(9) - name: label @@ -2835,10 +2374,6 @@ catalog: parts: - id: ac-2.9_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Only permit the use of shared and group accounts that meet\ \ {{ insert: param, ac-02.09_odp }}." parts: @@ -2860,17 +2395,6 @@ catalog: - id: ac-2.9_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-02(09) class: sp800-53a @@ -2961,9 +2485,9 @@ catalog: - prose: system accounts subject to enforcement of circumstances and/or usage conditions are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02(11) + class: zero-padded - name: label value: AC-2(11) - name: label @@ -2980,10 +2504,6 @@ catalog: parts: - id: ac-2.11_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Enforce {{ insert: param, ac-02.11_odp.01 }} for {{ insert:\ \ param, ac-02.11_odp.02 }}." - id: ac-2.11_gdn @@ -2999,17 +2519,6 @@ catalog: - id: ac-2.11_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(11) class: sp800-53a @@ -3105,9 +2614,9 @@ catalog: guidelines: - prose: personnel or roles to report atypical usage is/are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02(12) + class: zero-padded - name: label value: AC-2(12) - name: label @@ -3141,9 +2650,6 @@ catalog: - id: ac-2.12_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Monitor system accounts for {{ insert: param, ac-02.12_odp.01\ @@ -3151,9 +2657,6 @@ catalog: - id: ac-2.12_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Report atypical usage of system accounts to {{ insert:\ @@ -3197,17 +2700,6 @@ catalog: - id: ac-2.12_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(12)(a) class: sp800-53a @@ -3219,17 +2711,6 @@ catalog: - id: ac-2.12_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(12)(b) class: sp800-53a @@ -3332,9 +2813,9 @@ catalog: guidelines: - prose: significant risks leading to disabling accounts are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02(13) + class: zero-padded - name: label value: AC-2(13) - name: label @@ -3355,10 +2836,6 @@ catalog: parts: - id: ac-2.13_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Disable accounts of individuals within {{ insert: param,\ \ ac-02.13_odp.01 }} of discovery of {{ insert: param, ac-02.13_odp.02\ \ }}." @@ -3376,17 +2853,6 @@ catalog: - id: ac-2.13_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(13) class: sp800-53a @@ -3470,9 +2936,9 @@ catalog: class: SP800-53 title: Access Enforcement props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-03 + class: zero-padded - name: label value: AC-3 - name: label @@ -3591,10 +3057,6 @@ catalog: parts: - id: ac-3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. @@ -3614,17 +3076,6 @@ catalog: - id: ac-3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-03 class: sp800-53a @@ -3709,6 +3160,9 @@ catalog: - prose: information flow control policies within the system and between connected systems are defined; props: + - name: label + value: AC-04 + class: zero-padded - name: label value: AC-4 - name: label @@ -3765,10 +3219,6 @@ catalog: parts: - id: ac-4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Enforce approved authorizations for controlling the flow of\ \ information within the system and between connected systems based\ \ on {{ insert: param, ac-04_odp }}." @@ -3825,17 +3275,6 @@ catalog: - id: ac-4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-04 class: sp800-53a @@ -3946,6 +3385,9 @@ catalog: prevent encrypted information from bypassing information flow control mechanisms is defined (if selected); props: + - name: label + value: AC-04(04) + class: zero-padded - name: label value: AC-4(4) - name: label @@ -3964,10 +3406,6 @@ catalog: parts: - id: ac-4.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Prevent encrypted information from bypassing {{ insert:\ \ param, ac-04.04_odp.01 }} by {{ insert: param, ac-04.04_odp.02\ \ }}." @@ -3993,17 +3431,6 @@ catalog: - id: ac-4.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-04(04) class: sp800-53a @@ -4100,6 +3527,9 @@ catalog: guidelines: - prose: required separations by types of information are defined; props: + - name: label + value: AC-04(21) + class: zero-padded - name: label value: AC-4(21) - name: label @@ -4121,10 +3551,6 @@ catalog: parts: - id: ac-4.21_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Separate information flows logically or physically using\ \ {{ insert: param, ac-4.21_prm_1 }} to accomplish {{ insert:\ \ param, ac-04.21_odp.03 }}." @@ -4140,17 +3566,6 @@ catalog: - id: ac-4.21_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-04(21) class: sp800-53a @@ -4269,6 +3684,9 @@ catalog: guidelines: - prose: duties of individuals requiring separation are defined; props: + - name: label + value: AC-05 + class: zero-padded - name: label value: AC-5 - name: label @@ -4319,18 +3737,12 @@ catalog: - id: ac-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Identify and document {{ insert: param, ac-05_odp }} ; and" - id: ac-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Define system access authorizations to support separation @@ -4371,13 +3783,6 @@ catalog: - id: ac-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-05a. class: sp800-53a @@ -4388,13 +3793,6 @@ catalog: - id: ac-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-05b. class: sp800-53a @@ -4478,9 +3876,9 @@ catalog: class: SP800-53 title: Least Privilege props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-06 + class: zero-padded - name: label value: AC-6 - name: label @@ -4519,10 +3917,6 @@ catalog: parts: - id: ac-6_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks. @@ -4539,17 +3933,6 @@ catalog: - id: ac-6_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-06 class: sp800-53a @@ -4655,6 +4038,9 @@ catalog: - prose: security-relevant information for authorized access is defined; props: + - name: label + value: AC-06(01) + class: zero-padded - name: label value: AC-6(1) - name: label @@ -4687,18 +4073,12 @@ catalog: - id: ac-6.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: " {{ insert: param, ac-6.1_prm_2 }} ; and" - id: ac-6.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: " {{ insert: param, ac-06.01_odp.05 }}." @@ -4723,17 +4103,6 @@ catalog: - id: ac-6.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-06(01)(a) class: sp800-53a @@ -4777,17 +4146,6 @@ catalog: - id: ac-6.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-06(01)(b) class: sp800-53a @@ -4878,9 +4236,9 @@ catalog: the access to which requires users to use non-privileged accounts to access non-security functions, are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-06(02) + class: zero-padded - name: label value: AC-6(2) - name: label @@ -4905,10 +4263,6 @@ catalog: parts: - id: ac-6.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Require that users of system accounts (or roles) with access\ \ to {{ insert: param, ac-06.02_odp }} use non-privileged accounts\ \ or roles, when accessing nonsecurity functions." @@ -4942,17 +4296,6 @@ catalog: - id: ac-6.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-06(02) class: sp800-53a @@ -5044,9 +4387,9 @@ catalog: - prose: compelling operational needs necessitating network access to privileged commands are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-06(03) + class: zero-padded - name: label value: AC-6(3) - name: label @@ -5069,10 +4412,6 @@ catalog: parts: - id: ac-6.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Authorize network access to {{ insert: param, ac-06.03_odp.01\ \ }} only for {{ insert: param, ac-06.03_odp.02 }} and document\ \ the rationale for such access in the security plan for the system." @@ -5091,17 +4430,6 @@ catalog: - id: ac-6.3_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-06(03)[01] class: sp800-53a @@ -5114,13 +4442,6 @@ catalog: - id: ac-6.3_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-06(03)[02] class: sp800-53a @@ -5204,9 +4525,9 @@ catalog: - prose: personnel or roles to which privileged accounts on the system are to be restricted is/are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-06(05) + class: zero-padded - name: label value: AC-6(5) - name: label @@ -5229,10 +4550,6 @@ catalog: parts: - id: ac-6.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Restrict privileged accounts on the system to {{ insert:\ \ param, ac-06.05_odp }}." - id: ac-6.5_gdn @@ -5250,17 +4567,6 @@ catalog: - id: ac-6.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-06(05) class: sp800-53a @@ -5355,6 +4661,9 @@ catalog: - prose: roles or classes of users to which privileges are assigned are defined; props: + - name: label + value: AC-06(07) + class: zero-padded - name: label value: AC-6(7) - name: label @@ -5377,9 +4686,6 @@ catalog: - id: ac-6.7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Review {{ insert: param, ac-06.07_odp.01 }} the privileges\ @@ -5388,9 +4694,6 @@ catalog: - id: ac-6.7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Reassign or remove privileges, if necessary, to correctly @@ -5414,17 +4717,6 @@ catalog: - id: ac-6.7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-06(07)(a) class: sp800-53a @@ -5437,17 +4729,6 @@ catalog: - id: ac-6.7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-06(07)(b) class: sp800-53a @@ -5547,9 +4828,9 @@ catalog: - prose: software to be prevented from executing at higher privilege levels than users executing the software is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-06(08) + class: zero-padded - name: label value: AC-6(8) - name: label @@ -5566,10 +4847,6 @@ catalog: parts: - id: ac-6.8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Prevent the following software from executing at higher\ \ privilege levels than users executing the software: {{ insert:\ \ param, ac-06.08_odp }}." @@ -5585,17 +4862,6 @@ catalog: - id: ac-6.8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-06(08) class: sp800-53a @@ -5680,6 +4946,9 @@ catalog: class: SP800-53-enhancement title: Log Use of Privileged Functions props: + - name: label + value: AC-06(09) + class: zero-padded - name: label value: AC-6(9) - name: label @@ -5702,10 +4971,6 @@ catalog: parts: - id: ac-6.9_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Log the execution of privileged functions. - id: ac-6.9_gdn name: guidance @@ -5719,17 +4984,6 @@ catalog: - id: ac-6.9_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-06(09) class: sp800-53a @@ -5815,9 +5069,9 @@ catalog: class: SP800-53-enhancement title: Prohibit Non-privileged Users from Executing Privileged Functions props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-06(10) + class: zero-padded - name: label value: AC-6(10) - name: label @@ -5834,10 +5088,6 @@ catalog: parts: - id: ac-6.10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Prevent non-privileged users from executing privileged functions. - id: ac-6.10_gdn name: guidance @@ -5854,17 +5104,6 @@ catalog: - id: ac-6.10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-06(10) class: sp800-53a @@ -5980,6 +5219,9 @@ catalog: - prose: other action to be taken when the maximum number of unsuccessful attempts is exceeded is defined (if selected); props: + - name: label + value: AC-07 + class: zero-padded - name: label value: AC-7 - name: label @@ -6012,9 +5254,6 @@ catalog: - id: ac-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Enforce a limit of {{ insert: param, ac-07_odp.01 }} consecutive\ @@ -6023,9 +5262,6 @@ catalog: - id: ac-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Automatically {{ insert: param, ac-07_odp.03 }} when the\ @@ -6078,17 +5314,6 @@ catalog: - id: ac-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-07a. class: sp800-53a @@ -6101,17 +5326,6 @@ catalog: - id: ac-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-07b. class: sp800-53a @@ -6201,6 +5415,9 @@ catalog: - prose: conditions for system use to be displayed by the system before granting further access are defined; props: + - name: label + value: AC-08 + class: zero-padded - name: label value: AC-8 - name: label @@ -6228,9 +5445,6 @@ catalog: - id: ac-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Display {{ insert: param, ac-08_odp.01 }} to users before\ @@ -6268,9 +5482,6 @@ catalog: - id: ac-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Retain the notification message or banner on the screen until @@ -6279,9 +5490,6 @@ catalog: - id: ac-8_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "For publicly accessible systems:" @@ -6375,17 +5583,6 @@ catalog: - id: ac-8_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-08a. class: sp800-53a @@ -6397,13 +5594,6 @@ catalog: - id: ac-8_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-08a.01 class: sp800-53a @@ -6415,13 +5605,6 @@ catalog: - id: ac-8_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-08a.02 class: sp800-53a @@ -6433,13 +5616,6 @@ catalog: - id: ac-8_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-08a.03 class: sp800-53a @@ -6452,13 +5628,6 @@ catalog: - id: ac-8_obj.a.4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-08a.04 class: sp800-53a @@ -6473,17 +5642,6 @@ catalog: - id: ac-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-08b. class: sp800-53a @@ -6496,13 +5654,6 @@ catalog: - id: ac-8_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-08c. class: sp800-53a @@ -6652,6 +5803,9 @@ catalog: - prose: the number of concurrent sessions to be allowed for each account and/or account type is defined; props: + - name: label + value: AC-10 + class: zero-padded - name: label value: AC-10 - name: label @@ -6668,10 +5822,6 @@ catalog: parts: - id: ac-10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Limit the number of concurrent sessions for each {{ insert:\ \ param, ac-10_odp.01 }} to {{ insert: param, ac-10_odp.02 }}." - id: ac-10_gdn @@ -6687,17 +5837,6 @@ catalog: - id: ac-10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-10 class: sp800-53a @@ -6783,6 +5922,9 @@ catalog: - prose: time period of inactivity after which a device lock is initiated is defined (if selected); props: + - name: label + value: AC-11 + class: zero-padded - name: label value: AC-11 - name: label @@ -6809,9 +5951,6 @@ catalog: - id: ac-11_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Prevent further access to the system by {{ insert: param,\ @@ -6819,9 +5958,6 @@ catalog: - id: ac-11_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Retain the device lock until the user reestablishes access @@ -6849,17 +5985,6 @@ catalog: - id: ac-11_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-11a. class: sp800-53a @@ -6871,17 +5996,6 @@ catalog: - id: ac-11_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-11b. class: sp800-53a @@ -6957,6 +6071,9 @@ catalog: class: SP800-53-enhancement title: Pattern-hiding Displays props: + - name: label + value: AC-11(01) + class: zero-padded - name: label value: AC-11(1) - name: label @@ -6973,10 +6090,6 @@ catalog: parts: - id: ac-11.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Conceal, via the device lock, information previously visible on the display with a publicly viewable image. - id: ac-11.1_gdn @@ -6989,17 +6102,6 @@ catalog: - id: ac-11.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-11(01) class: sp800-53a @@ -7080,6 +6182,9 @@ catalog: - prose: conditions or trigger events requiring session disconnect are defined; props: + - name: label + value: AC-12 + class: zero-padded - name: label value: AC-12 - name: label @@ -7100,10 +6205,6 @@ catalog: parts: - id: ac-12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Automatically terminate a user session after {{ insert: param,\ \ ac-12_odp }}." - id: ac-12_gdn @@ -7125,17 +6226,6 @@ catalog: - id: ac-12_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-12 class: sp800-53a @@ -7219,6 +6309,9 @@ catalog: - prose: user actions that can be performed on the system without identification or authentication are defined; props: + - name: label + value: AC-14 + class: zero-padded - name: label value: AC-14 - name: label @@ -7243,9 +6336,6 @@ catalog: - id: ac-14_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Identify {{ insert: param, ac-14_odp }} that can be performed\ @@ -7254,9 +6344,6 @@ catalog: - id: ac-14_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Document and provide supporting rationale in the security @@ -7293,17 +6380,6 @@ catalog: - id: ac-14_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-14a. class: sp800-53a @@ -7316,13 +6392,6 @@ catalog: - id: ac-14_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-14b. class: sp800-53a @@ -7412,6 +6481,9 @@ catalog: class: SP800-53 title: Remote Access props: + - name: label + value: AC-17 + class: zero-padded - name: label value: AC-17 - name: label @@ -7480,9 +6552,6 @@ catalog: - id: ac-17_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish and document usage restrictions, configuration/connection @@ -7491,9 +6560,6 @@ catalog: - id: ac-17_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Authorize each type of remote access to the system prior @@ -7531,17 +6597,6 @@ catalog: - id: ac-17_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-17a. class: sp800-53a @@ -7585,17 +6640,6 @@ catalog: - id: ac-17_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-17b. class: sp800-53a @@ -7679,6 +6723,9 @@ catalog: class: SP800-53-enhancement title: Monitoring and Control props: + - name: label + value: AC-17(01) + class: zero-padded - name: label value: AC-17(1) - name: label @@ -7706,10 +6753,6 @@ catalog: parts: - id: ac-17.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ automated mechanisms to monitor and control remote access methods. - id: ac-17.1_gdn @@ -7724,17 +6767,6 @@ catalog: - id: ac-17.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-17(01) class: sp800-53a @@ -7834,9 +6866,9 @@ catalog: class: SP800-53-enhancement title: Protection of Confidentiality and Integrity Using Encryption props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-17(02) + class: zero-padded - name: label value: AC-17(2) - name: label @@ -7859,10 +6891,6 @@ catalog: parts: - id: ac-17.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Implement cryptographic mechanisms to protect the confidentiality and integrity of remote access sessions. - id: ac-17.2_gdn @@ -7875,17 +6903,6 @@ catalog: - id: ac-17.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-17(02) class: sp800-53a @@ -7964,6 +6981,9 @@ catalog: class: SP800-53-enhancement title: Managed Access Control Points props: + - name: label + value: AC-17(03) + class: zero-padded - name: label value: AC-17(3) - name: label @@ -7982,10 +7002,6 @@ catalog: parts: - id: ac-17.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Route remote accesses through authorized and managed network access control points. - id: ac-17.3_gdn @@ -7997,17 +7013,6 @@ catalog: - id: ac-17.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-17(03) class: sp800-53a @@ -8096,6 +7101,9 @@ catalog: - prose: needs requiring access to security-relevant information via remote access are defined; props: + - name: label + value: AC-17(04) + class: zero-padded - name: label value: AC-17(4) - name: label @@ -8122,9 +7130,6 @@ catalog: - id: ac-17.4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Authorize the execution of privileged commands and access\ @@ -8134,9 +7139,6 @@ catalog: - id: ac-17.4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Document the rationale for remote access in the security @@ -8166,17 +7168,6 @@ catalog: - id: ac-17.4_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-17(04)(a)[01] class: sp800-53a @@ -8189,17 +7180,6 @@ catalog: - id: ac-17.4_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-17(04)(a)[02] class: sp800-53a @@ -8212,17 +7192,6 @@ catalog: - id: ac-17.4_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-17(04)(a)[03] class: sp800-53a @@ -8235,17 +7204,6 @@ catalog: - id: ac-17.4_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-17(04)(a)[04] class: sp800-53a @@ -8261,13 +7219,6 @@ catalog: - id: ac-17.4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-17(04)(b) class: sp800-53a @@ -8342,6 +7293,9 @@ catalog: class: SP800-53 title: Wireless Access props: + - name: label + value: AC-18 + class: zero-padded - name: label value: AC-18 - name: label @@ -8390,9 +7344,6 @@ catalog: - id: ac-18_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish configuration requirements, connection requirements, @@ -8401,9 +7352,6 @@ catalog: - id: ac-18_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Authorize each type of wireless access to the system prior @@ -8424,17 +7372,6 @@ catalog: - id: ac-18_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-18a. class: sp800-53a @@ -8478,17 +7415,6 @@ catalog: - id: ac-18_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-18b. class: sp800-53a @@ -8579,6 +7505,9 @@ catalog: - users - devices props: + - name: label + value: AC-18(01) + class: zero-padded - name: label value: AC-18(1) - name: label @@ -8601,10 +7530,6 @@ catalog: parts: - id: ac-18.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Protect wireless access to the system using authentication\ \ of {{ insert: param, ac-18.01_odp }} and encryption." - id: ac-18.1_gdn @@ -8624,17 +7549,6 @@ catalog: - id: ac-18.1_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-18(01)[01] class: sp800-53a @@ -8646,17 +7560,6 @@ catalog: - id: ac-18.1_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-18(01)[02] class: sp800-53a @@ -8735,6 +7638,9 @@ catalog: class: SP800-53-enhancement title: Disable Wireless Networking props: + - name: label + value: AC-18(03) + class: zero-padded - name: label value: AC-18(3) - name: label @@ -8754,10 +7660,6 @@ catalog: parts: - id: ac-18.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Disable, when not intended for use, wireless networking capabilities embedded within system components prior to issuance and deployment. - id: ac-18.3_gdn @@ -8771,17 +7673,6 @@ catalog: - id: ac-18.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-18(03) class: sp800-53a @@ -8856,6 +7747,9 @@ catalog: class: SP800-53-enhancement title: Restrict Configurations by Users props: + - name: label + value: AC-18(04) + class: zero-padded - name: label value: AC-18(4) - name: label @@ -8876,10 +7770,6 @@ catalog: parts: - id: ac-18.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Identify and explicitly authorize users allowed to independently configure wireless networking capabilities. - id: ac-18.4_gdn @@ -8891,17 +7781,6 @@ catalog: - id: ac-18.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-18(04) class: sp800-53a @@ -8996,6 +7875,9 @@ catalog: class: SP800-53-enhancement title: Antennas and Transmission Power Levels props: + - name: label + value: AC-18(05) + class: zero-padded - name: label value: AC-18(5) - name: label @@ -9014,10 +7896,6 @@ catalog: parts: - id: ac-18.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Select radio antennas and calibrate transmission power levels to reduce the probability that signals from wireless access points can be received outside of organization-controlled boundaries. @@ -9045,17 +7923,6 @@ catalog: - id: ac-18.5_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-18(05)[01] class: sp800-53a @@ -9068,17 +7935,6 @@ catalog: - id: ac-18.5_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-18(05)[02] class: sp800-53a @@ -9164,6 +8020,9 @@ catalog: class: SP800-53 title: Access Control for Mobile Devices props: + - name: label + value: AC-19 + class: zero-padded - name: label value: AC-19 - name: label @@ -9230,9 +8089,6 @@ catalog: - id: ac-19_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish configuration requirements, connection requirements, @@ -9242,9 +8098,6 @@ catalog: - id: ac-19_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Authorize the connection of mobile devices to organizational @@ -9304,17 +8157,6 @@ catalog: - id: ac-19_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-19a. class: sp800-53a @@ -9361,17 +8203,6 @@ catalog: - id: ac-19_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-19b. class: sp800-53a @@ -9474,6 +8305,9 @@ catalog: guidelines: - prose: mobile devices on which to employ encryption are defined; props: + - name: label + value: AC-19(05) + class: zero-padded - name: label value: AC-19(5) - name: label @@ -9496,10 +8330,6 @@ catalog: parts: - id: ac-19.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Employ {{ insert: param, ac-19.05_odp.01 }} to protect the\ \ confidentiality and integrity of information on {{ insert: param,\ \ ac-19.05_odp.02 }}." @@ -9512,17 +8342,6 @@ catalog: - id: ac-19.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-19(05) class: sp800-53a @@ -9627,6 +8446,9 @@ catalog: guidelines: - prose: types of external systems prohibited from use are defined; props: + - name: label + value: AC-20 + class: zero-padded - name: label value: AC-20 - name: label @@ -9669,9 +8491,6 @@ catalog: - id: ac-20_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: " {{ insert: param, ac-20_odp.01 }} , consistent with the\ @@ -9695,9 +8514,6 @@ catalog: - id: ac-20_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Prohibit the use of {{ insert: param, ac-20_odp.04 }}." @@ -9789,17 +8605,6 @@ catalog: - id: ac-20_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-20a. class: sp800-53a @@ -9839,17 +8644,6 @@ catalog: - id: ac-20_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-20b. class: sp800-53a @@ -9935,6 +8729,9 @@ catalog: class: SP800-53-enhancement title: Limits on Authorized Use props: + - name: label + value: AC-20(01) + class: zero-padded - name: label value: AC-20(1) - name: label @@ -9960,9 +8757,6 @@ catalog: - id: ac-20.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Verification of the implementation of controls on the @@ -9971,9 +8765,6 @@ catalog: - id: ac-20.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Retention of approved system connection or processing @@ -9999,17 +8790,6 @@ catalog: - id: ac-20.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-20(01)(a) class: sp800-53a @@ -10025,17 +8805,6 @@ catalog: - id: ac-20.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-20(01)(b) class: sp800-53a @@ -10112,6 +8881,9 @@ catalog: storage devices by authorized individuals on external systems are defined; props: + - name: label + value: AC-20(02) + class: zero-padded - name: label value: AC-20(2) - name: label @@ -10132,10 +8904,6 @@ catalog: parts: - id: ac-20.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Restrict the use of organization-controlled portable storage\ \ devices by authorized individuals on external systems using\ \ {{ insert: param, ac-20.02_odp }}." @@ -10147,17 +8915,6 @@ catalog: - id: ac-20.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-20(02) class: sp800-53a @@ -10251,6 +9008,9 @@ catalog: in making information-sharing and collaboration decisions are defined; props: + - name: label + value: AC-21 + class: zero-padded - name: label value: AC-21 - name: label @@ -10289,9 +9049,6 @@ catalog: - id: ac-21_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Enable authorized users to determine whether access authorizations\ @@ -10301,9 +9058,6 @@ catalog: - id: ac-21_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Employ {{ insert: param, ac-21_odp.02 }} to assist users\ @@ -10334,17 +9088,6 @@ catalog: - id: ac-21_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-21a. class: sp800-53a @@ -10358,17 +9101,6 @@ catalog: - id: ac-21_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-21b. class: sp800-53a @@ -10482,6 +9214,9 @@ catalog: - prose: the frequency at which to review the content on the publicly accessible system for non-public information is defined; props: + - name: label + value: AC-22 + class: zero-padded - name: label value: AC-22 - name: label @@ -10510,9 +9245,6 @@ catalog: - id: ac-22_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Designate individuals authorized to make information publicly @@ -10520,9 +9252,6 @@ catalog: - id: ac-22_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Train authorized individuals to ensure that publicly accessible @@ -10530,9 +9259,6 @@ catalog: - id: ac-22_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Review the proposed content of information prior to posting @@ -10541,9 +9267,6 @@ catalog: - id: ac-22_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Review the content on the publicly accessible system for\ @@ -10575,17 +9298,6 @@ catalog: - id: ac-22_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-22a. class: sp800-53a @@ -10597,17 +9309,6 @@ catalog: - id: ac-22_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-22b. class: sp800-53a @@ -10619,17 +9320,6 @@ catalog: - id: ac-22_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-22c. class: sp800-53a @@ -10642,17 +9332,6 @@ catalog: - id: ac-22_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-22d. class: sp800-53a @@ -10816,6 +9495,9 @@ catalog: - prose: events that would require procedures to be reviewed and updated are defined; props: + - name: label + value: AT-01 + class: zero-padded - name: label value: AT-1 - name: label @@ -10855,11 +9537,6 @@ catalog: - id: at-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -10900,9 +9577,6 @@ catalog: - id: at-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, at-01_odp.04 }} to manage\ @@ -10911,11 +9585,6 @@ catalog: - id: at-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current awareness and training:" @@ -10975,17 +9644,6 @@ catalog: - id: at-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-01a.[01] class: sp800-53a @@ -10996,17 +9654,6 @@ catalog: - id: at-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-01a.[02] class: sp800-53a @@ -11018,13 +9665,6 @@ catalog: - id: at-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AT-01a.[03] class: sp800-53a @@ -11037,13 +9677,6 @@ catalog: - id: at-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AT-01a.[04] class: sp800-53a @@ -11062,13 +9695,6 @@ catalog: - id: at-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AT-01a.01(a) class: sp800-53a @@ -11157,13 +9783,6 @@ catalog: - id: at-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AT-01a.01(b) class: sp800-53a @@ -11183,17 +9802,6 @@ catalog: - id: at-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-01b. class: sp800-53a @@ -11213,17 +9821,6 @@ catalog: - id: at-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-01c.01 class: sp800-53a @@ -11257,17 +9854,6 @@ catalog: - id: at-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-01c.02 class: sp800-53a @@ -11392,6 +9978,9 @@ catalog: - prose: events that would require literacy training and awareness content to be updated are defined; props: + - name: label + value: AT-02 + class: zero-padded - name: label value: AT-2 - name: label @@ -11457,9 +10046,6 @@ catalog: - id: at-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Provide security and privacy literacy training to system\ @@ -11482,9 +10068,6 @@ catalog: - id: at-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Employ the following techniques to increase the security\ @@ -11493,9 +10076,6 @@ catalog: - id: at-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Update literacy training and awareness content {{ insert:\ @@ -11504,9 +10084,6 @@ catalog: - id: at-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Incorporate lessons learned from internal or external security @@ -11568,17 +10145,6 @@ catalog: - id: at-2_obj.a.1-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02a.01[01] class: sp800-53a @@ -11591,17 +10157,6 @@ catalog: - id: at-2_obj.a.1-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02a.01[02] class: sp800-53a @@ -11614,17 +10169,6 @@ catalog: - id: at-2_obj.a.1-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02a.01[03] class: sp800-53a @@ -11637,17 +10181,6 @@ catalog: - id: at-2_obj.a.1-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02a.01[04] class: sp800-53a @@ -11663,17 +10196,6 @@ catalog: - id: at-2_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02a.02 class: sp800-53a @@ -11713,13 +10235,6 @@ catalog: - id: at-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AT-02b. class: sp800-53a @@ -11731,17 +10246,6 @@ catalog: - id: at-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02c. class: sp800-53a @@ -11774,17 +10278,6 @@ catalog: - id: at-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02d. class: sp800-53a @@ -11873,6 +10366,9 @@ catalog: class: SP800-53-enhancement title: Insider Threat props: + - name: label + value: AT-02(02) + class: zero-padded - name: label value: AT-2(2) - name: label @@ -11894,10 +10390,6 @@ catalog: parts: - id: at-2.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Provide literacy training on recognizing and reporting potential indicators of insider threat. - id: at-2.2_gdn @@ -11919,17 +10411,6 @@ catalog: - id: at-2.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02(02) class: sp800-53a @@ -12016,6 +10497,9 @@ catalog: class: SP800-53-enhancement title: Social Engineering and Mining props: + - name: label + value: AT-02(03) + class: zero-padded - name: label value: AT-2(3) - name: label @@ -12035,10 +10519,6 @@ catalog: parts: - id: at-2.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Provide literacy training on recognizing and reporting potential and actual instances of social engineering and social mining. - id: at-2.3_gdn @@ -12057,17 +10537,6 @@ catalog: - id: at-2.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02(03) class: sp800-53a @@ -12209,6 +10678,9 @@ catalog: - prose: events that require role-based training content to be updated are defined; props: + - name: label + value: AT-03 + class: zero-padded - name: label value: AT-3 - name: label @@ -12280,9 +10752,6 @@ catalog: - id: at-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Provide role-based security and privacy training to personnel\ @@ -12306,9 +10775,6 @@ catalog: - id: at-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Update role-based training content {{ insert: param, at-03_odp.04\ @@ -12316,9 +10782,6 @@ catalog: - id: at-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Incorporate lessons learned from internal or external security @@ -12383,17 +10846,6 @@ catalog: - id: at-3_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-03a.01 class: sp800-53a @@ -12452,17 +10904,6 @@ catalog: - id: at-3_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-03a.02 class: sp800-53a @@ -12500,13 +10941,6 @@ catalog: - id: at-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AT-03b. class: sp800-53a @@ -12539,17 +10973,6 @@ catalog: - id: at-3_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-03c. class: sp800-53a @@ -12641,6 +11064,9 @@ catalog: - prose: time period for retaining individual training records is defined; props: + - name: label + value: AT-04 + class: zero-padded - name: label value: AT-4 - name: label @@ -12676,9 +11102,6 @@ catalog: - id: at-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Document and monitor information security and privacy training @@ -12687,9 +11110,6 @@ catalog: - id: at-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Retain individual training records for {{ insert: param,\ @@ -12710,17 +11130,6 @@ catalog: - id: at-4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-04a. class: sp800-53a @@ -12755,13 +11164,6 @@ catalog: - id: at-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AT-04b. class: sp800-53a @@ -12881,6 +11283,9 @@ catalog: - prose: events that would require audit and accountability procedures to be reviewed and updated are defined; props: + - name: label + value: AU-01 + class: zero-padded - name: label value: AU-1 - name: label @@ -12916,11 +11321,6 @@ catalog: - id: au-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -12961,9 +11361,6 @@ catalog: - id: au-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, au-01_odp.04 }} to manage\ @@ -12972,11 +11369,6 @@ catalog: - id: au-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current audit and accountability:" @@ -13036,17 +11428,6 @@ catalog: - id: au-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-01a.[01] class: sp800-53a @@ -13057,17 +11438,6 @@ catalog: - id: au-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-01a.[02] class: sp800-53a @@ -13079,13 +11449,6 @@ catalog: - id: au-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AU-01a.[03] class: sp800-53a @@ -13099,13 +11462,6 @@ catalog: - id: au-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AU-01a.[04] class: sp800-53a @@ -13124,13 +11480,6 @@ catalog: - id: au-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AU-01a.01(a) class: sp800-53a @@ -13220,13 +11569,6 @@ catalog: - id: au-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AU-01a.01(b) class: sp800-53a @@ -13246,17 +11588,6 @@ catalog: - id: au-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-01b. class: sp800-53a @@ -13276,17 +11607,6 @@ catalog: - id: au-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-01c.01 class: sp800-53a @@ -13320,17 +11640,6 @@ catalog: - id: au-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-01c.02 class: sp800-53a @@ -13448,9 +11757,9 @@ catalog: - prose: the frequency of event types selected for logging are reviewed and updated; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-02 + class: zero-padded - name: label value: AU-2 - name: label @@ -13541,9 +11850,6 @@ catalog: - id: au-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Identify the types of events that the system is capable\ @@ -13552,9 +11858,6 @@ catalog: - id: au-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Coordinate the event logging function with other organizational @@ -13563,9 +11866,6 @@ catalog: - id: au-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Specify the following event types for logging within the\ @@ -13573,9 +11873,6 @@ catalog: - id: au-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Provide a rationale for why the event types selected for @@ -13584,9 +11881,6 @@ catalog: - id: au-2_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: "Review and update the event types selected for logging {{\ @@ -13671,17 +11965,6 @@ catalog: - id: au-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-02a. class: sp800-53a @@ -13693,17 +11976,6 @@ catalog: - id: au-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-02b. class: sp800-53a @@ -13723,17 +11995,6 @@ catalog: - id: au-2_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-02c.[01] class: sp800-53a @@ -13745,13 +12006,6 @@ catalog: - id: au-2_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-02c.[02] class: sp800-53a @@ -13766,17 +12020,6 @@ catalog: - id: au-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-02d. class: sp800-53a @@ -13789,13 +12032,6 @@ catalog: - id: au-2_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-02e. class: sp800-53a @@ -13873,9 +12109,9 @@ catalog: class: SP800-53 title: Content of Audit Records props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-03 + class: zero-padded - name: label value: AU-3 - name: label @@ -13918,54 +12154,36 @@ catalog: - id: au-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: What type of event occurred; - id: au-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: When the event occurred; - id: au-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Where the event occurred; - id: au-3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Source of the event; - id: au-3_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Outcome of the event; and - id: au-3_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: Identity of any individuals, subjects, or objects/entities @@ -13987,17 +12205,6 @@ catalog: - id: au-3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-03 class: sp800-53a @@ -14154,9 +12361,9 @@ catalog: - prose: additional information to be included in audit records is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-03(01) + class: zero-padded - name: label value: AU-3(1) - name: label @@ -14173,10 +12380,6 @@ catalog: parts: - id: au-3.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Generate audit records containing the following additional\ \ information: {{ insert: param, au-03.01_odp }}." parts: @@ -14209,17 +12412,6 @@ catalog: - id: au-3.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-03(01) class: sp800-53a @@ -14310,9 +12502,9 @@ catalog: guidelines: - prose: audit log retention requirements are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-04 + class: zero-padded - name: label value: AU-4 - name: label @@ -14348,10 +12540,6 @@ catalog: parts: - id: au-4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Allocate audit log storage capacity to accommodate {{ insert:\ \ param, au-04_odp }}." - id: au-4_gdn @@ -14364,17 +12552,6 @@ catalog: - id: au-4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-04 class: sp800-53a @@ -14472,9 +12649,9 @@ catalog: - prose: additional actions to be taken in the event of an audit logging process failure are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-05 + class: zero-padded - name: label value: AU-5 - name: label @@ -14511,9 +12688,6 @@ catalog: - id: au-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Alert {{ insert: param, au-05_odp.01 }} within {{ insert:\ @@ -14522,9 +12696,6 @@ catalog: - id: au-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Take the following additional actions: {{ insert: param,\ @@ -14556,17 +12727,6 @@ catalog: - id: au-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-05a. class: sp800-53a @@ -14579,17 +12739,6 @@ catalog: - id: au-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-05b. class: sp800-53a @@ -14702,9 +12851,9 @@ catalog: - prose: percentage of repository maximum audit log storage capacity is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-05(01) + class: zero-padded - name: label value: AU-5(1) - name: label @@ -14721,10 +12870,6 @@ catalog: parts: - id: au-5.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Provide a warning to {{ insert: param, au-05.01_odp.01 }}\ \ within {{ insert: param, au-05.01_odp.02 }} when allocated audit\ \ log storage volume reaches {{ insert: param, au-05.01_odp.03\ @@ -14737,17 +12882,6 @@ catalog: - id: au-5.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-05(01) class: sp800-53a @@ -14854,9 +12988,9 @@ catalog: - prose: audit logging failure events requiring real-time alerts are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-05(02) + class: zero-padded - name: label value: AU-5(2) - name: label @@ -14873,10 +13007,6 @@ catalog: parts: - id: au-5.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Provide an alert within {{ insert: param, au-05.02_odp.01\ \ }} to {{ insert: param, au-05.02_odp.02 }} when the following\ \ audit failure events occur: {{ insert: param, au-05.02_odp.03\ @@ -14890,17 +13020,6 @@ catalog: - id: au-5.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-05(02) class: sp800-53a @@ -14989,9 +13108,9 @@ catalog: - prose: personnel or roles to receive findings from reviews and analyses of system records is/are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-06 + class: zero-padded - name: label value: AU-6 - name: label @@ -15077,9 +13196,6 @@ catalog: - id: au-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Review and analyze system audit records {{ insert: param,\ @@ -15089,18 +13205,12 @@ catalog: - id: au-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Report findings to {{ insert: param, au-06_odp.03 }} ; and" - id: au-6_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Adjust the level of audit record review, analysis, and reporting @@ -15149,17 +13259,6 @@ catalog: - id: au-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-06a. class: sp800-53a @@ -15173,17 +13272,6 @@ catalog: - id: au-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-06b. class: sp800-53a @@ -15195,17 +13283,6 @@ catalog: - id: au-6_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-06c. class: sp800-53a @@ -15280,9 +13357,9 @@ catalog: - prose: automated mechanisms used for integrating audit record review, analysis, and reporting processes are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-06(01) + class: zero-padded - name: label value: AU-6(1) - name: label @@ -15304,10 +13381,6 @@ catalog: parts: - id: au-6.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Integrate audit record review, analysis, and reporting processes\ \ using {{ insert: param, au-06.01_odp }}." - id: au-6.1_gdn @@ -15319,17 +13392,6 @@ catalog: - id: au-6.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-06(01) class: sp800-53a @@ -15411,9 +13473,9 @@ catalog: class: SP800-53-enhancement title: Correlate Audit Record Repositories props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-06(03) + class: zero-padded - name: label value: AU-6(3) - name: label @@ -15437,10 +13499,6 @@ catalog: parts: - id: au-6.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Analyze and correlate audit records across different repositories to gain organization-wide situational awareness. - id: au-6.3_gdn @@ -15452,17 +13510,6 @@ catalog: - id: au-6.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-06(03) class: sp800-53a @@ -15540,9 +13587,9 @@ catalog: class: SP800-53-enhancement title: Central Review and Analysis props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-06(04) + class: zero-padded - name: label value: AU-6(4) - name: label @@ -15566,10 +13613,6 @@ catalog: parts: - id: au-6.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Provide and implement the capability to centrally review and analyze audit records from multiple components within the system. @@ -15580,17 +13623,6 @@ catalog: - id: au-6.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-06(04) class: sp800-53a @@ -15710,9 +13742,9 @@ catalog: - prose: data/information collected from other sources to be analyzed is defined (if selected); props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-06(05) + class: zero-padded - name: label value: AU-6(5) - name: label @@ -15736,10 +13768,6 @@ catalog: parts: - id: au-6.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Integrate analysis of audit records with analysis of {{\ \ insert: param, au-06.05_odp.01 }} to further enhance the ability\ \ to identify inappropriate or unusual activity." @@ -15767,17 +13795,6 @@ catalog: - id: au-6.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-06(05) class: sp800-53a @@ -15858,9 +13875,9 @@ catalog: class: SP800-53-enhancement title: Correlation with Physical Monitoring props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-06(06) + class: zero-padded - name: label value: AU-6(6) - name: label @@ -15880,10 +13897,6 @@ catalog: parts: - id: au-6.6_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Correlate information from audit records with information obtained from monitoring physical access to further enhance the ability to identify suspicious, inappropriate, unusual, or malevolent @@ -15912,17 +13925,6 @@ catalog: - id: au-6.6_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-06(06) class: sp800-53a @@ -16021,9 +14023,9 @@ catalog: - role - user props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-06(07) + class: zero-padded - name: label value: AU-6(7) - name: label @@ -16043,10 +14045,6 @@ catalog: parts: - id: au-6.7_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Specify the permitted actions for each {{ insert: param,\ \ au-06.07_odp }} associated with the review, analysis, and reporting\ \ of audit record information." @@ -16062,17 +14060,6 @@ catalog: - id: au-6.7_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-06(07) class: sp800-53a @@ -16143,6 +14130,9 @@ catalog: class: SP800-53 title: Audit Record Reduction and Report Generation props: + - name: label + value: AU-07 + class: zero-padded - name: label value: AU-7 - name: label @@ -16192,9 +14182,6 @@ catalog: - id: au-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Supports on-demand audit record review, analysis, and reporting @@ -16202,9 +14189,6 @@ catalog: - id: au-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Does not alter the original content or time ordering of audit @@ -16232,21 +14216,6 @@ catalog: - id: au-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-07a. class: sp800-53a @@ -16283,17 +14252,6 @@ catalog: - id: au-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-07b. class: sp800-53a @@ -16398,6 +14356,9 @@ catalog: - prose: fields within audit records that can be processed, sorted, or searched are defined; props: + - name: label + value: AU-07(01) + class: zero-padded - name: label value: AU-7(1) - name: label @@ -16417,10 +14378,6 @@ catalog: parts: - id: au-7.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Provide and implement the capability to process, sort, and\ \ search audit records for events of interest based on the following\ \ content: {{ insert: param, au-07.01_odp }}." @@ -16436,17 +14393,6 @@ catalog: - id: au-7.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-07(01) class: sp800-53a @@ -16563,9 +14509,9 @@ catalog: - prose: granularity of time measurement for audit record timestamps is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-08 + class: zero-padded - name: label value: AU-8 - name: label @@ -16592,9 +14538,6 @@ catalog: - id: au-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Use internal system clocks to generate time stamps for audit @@ -16602,9 +14545,6 @@ catalog: - id: au-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Record time stamps for audit records that meet {{ insert:\ @@ -16633,17 +14573,6 @@ catalog: - id: au-8_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-08a. class: sp800-53a @@ -16655,17 +14584,6 @@ catalog: - id: au-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-08b. class: sp800-53a @@ -16749,6 +14667,9 @@ catalog: access, modification, or deletion of audit information is/are defined; props: + - name: label + value: AU-09 + class: zero-padded - name: label value: AU-9 - name: label @@ -16801,9 +14722,6 @@ catalog: - id: au-9_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Protect audit information and audit logging tools from unauthorized @@ -16811,9 +14729,6 @@ catalog: - id: au-9_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Alert {{ insert: param, au-09_odp }} upon detection of unauthorized\ @@ -16839,17 +14754,6 @@ catalog: - id: au-9_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-09a. class: sp800-53a @@ -16861,17 +14765,6 @@ catalog: - id: au-9_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-09b. class: sp800-53a @@ -16963,6 +14856,9 @@ catalog: - prose: the frequency of storing audit records in a repository is defined; props: + - name: label + value: AU-09(02) + class: zero-padded - name: label value: AU-9(2) - name: label @@ -16983,10 +14879,6 @@ catalog: parts: - id: au-9.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Store audit records {{ insert: param, au-09.02_odp }} in\ \ a repository that is part of a physically different system or\ \ system component than the system or component being audited." @@ -17004,17 +14896,6 @@ catalog: - id: au-9.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-09(02) class: sp800-53a @@ -17101,6 +14982,9 @@ catalog: class: SP800-53-enhancement title: Cryptographic Protection props: + - name: label + value: AU-09(03) + class: zero-padded - name: label value: AU-9(3) - name: label @@ -17123,10 +15007,6 @@ catalog: parts: - id: au-9.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Implement cryptographic mechanisms to protect the integrity of audit information and audit tools. parts: @@ -17153,17 +15033,6 @@ catalog: - id: au-9.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-09(03) class: sp800-53a @@ -17259,6 +15128,9 @@ catalog: - prose: a subset of privileged users or roles authorized to access management of audit logging functionality is defined; props: + - name: label + value: AU-09(04) + class: zero-padded - name: label value: AU-9(4) - name: label @@ -17277,10 +15149,6 @@ catalog: parts: - id: au-9.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Authorize access to management of audit logging functionality\ \ to only {{ insert: param, au-09.04_odp }}." - id: au-9.4_gdn @@ -17294,17 +15162,6 @@ catalog: - id: au-9.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-09(04) class: sp800-53a @@ -17405,9 +15262,9 @@ catalog: guidelines: - prose: actions to be covered by non-repudiation are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-10 + class: zero-padded - name: label value: AU-10 - name: label @@ -17453,10 +15310,6 @@ catalog: parts: - id: au-10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Provide irrefutable evidence that an individual (or process\ \ acting on behalf of an individual) has performed {{ insert: param,\ \ au-10_odp }}." @@ -17477,17 +15330,6 @@ catalog: - id: au-10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-10 class: sp800-53a @@ -17568,9 +15410,9 @@ catalog: - prose: a time period to retain audit records that is consistent with the records retention policy is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-11 + class: zero-padded - name: label value: AU-11 - name: label @@ -17605,10 +15447,6 @@ catalog: parts: - id: au-11_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Retain audit records for {{ insert: param, au-11_odp }} to provide\ \ support for after-the-fact investigations of incidents and to meet\ \ regulatory and organizational information retention requirements." @@ -17653,17 +15491,6 @@ catalog: - id: au-11_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-11 class: sp800-53a @@ -17745,9 +15572,9 @@ catalog: - prose: personnel or roles allowed to select the event types that are to be logged by specific components of the system is/are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-12 + class: zero-padded - name: label value: AU-12 - name: label @@ -17804,9 +15631,6 @@ catalog: - id: au-12_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Provide audit record generation capability for the event\ @@ -17815,9 +15639,6 @@ catalog: - id: au-12_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Allow {{ insert: param, au-12_odp.02 }} to select the event\ @@ -17826,9 +15647,6 @@ catalog: - id: au-12_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Generate audit records for the event types defined in [AU-2c](#au-2_smt.c) @@ -17849,17 +15667,6 @@ catalog: - id: au-12_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-12a. class: sp800-53a @@ -17872,17 +15679,6 @@ catalog: - id: au-12_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-12b. class: sp800-53a @@ -17895,13 +15691,6 @@ catalog: - id: au-12_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-12c. class: sp800-53a @@ -17997,9 +15786,9 @@ catalog: - prose: level of tolerance for the relationship between timestamps of individual records in the audit trail is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-12(01) + class: zero-padded - name: label value: AU-12(1) - name: label @@ -18020,10 +15809,6 @@ catalog: parts: - id: au-12.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Compile audit records from {{ insert: param, au-12.01_odp.01\ \ }} into a system-wide (logical or physical) audit trail that\ \ is time-correlated to within {{ insert: param, au-12.01_odp.02\ @@ -18037,17 +15822,6 @@ catalog: - id: au-12.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-12(01) class: sp800-53a @@ -18161,9 +15935,9 @@ catalog: - prose: time thresholds in which logging actions are to change is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-12(03) + class: zero-padded - name: label value: AU-12(3) - name: label @@ -18182,10 +15956,6 @@ catalog: parts: - id: au-12.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Provide and implement the capability for {{ insert: param,\ \ au-12.03_odp.01 }} to change the logging to be performed on\ \ {{ insert: param, au-12.03_odp.02 }} based on {{ insert: param,\ @@ -18205,17 +15975,6 @@ catalog: - id: au-12.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-12(03) class: sp800-53a @@ -18382,6 +16141,9 @@ catalog: - prose: events that would require assessment, authorization, and monitoring procedures to be reviewed and updated are defined; props: + - name: label + value: CA-01 + class: zero-padded - name: label value: CA-1 - name: label @@ -18429,11 +16191,6 @@ catalog: - id: ca-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -18474,9 +16231,6 @@ catalog: - id: ca-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ca-01_odp.04 }} to manage\ @@ -18485,11 +16239,6 @@ catalog: - id: ca-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current assessment, authorization,\ @@ -18552,17 +16301,6 @@ catalog: - id: ca-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-01a.[01] class: sp800-53a @@ -18574,17 +16312,6 @@ catalog: - id: ca-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-01a.[02] class: sp800-53a @@ -18596,13 +16323,6 @@ catalog: - id: ca-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-01a.[03] class: sp800-53a @@ -18616,13 +16336,6 @@ catalog: - id: ca-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-01a.[04] class: sp800-53a @@ -18641,13 +16354,6 @@ catalog: - id: ca-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-01a.01(a) class: sp800-53a @@ -18737,13 +16443,6 @@ catalog: - id: ca-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-01a.01(b) class: sp800-53a @@ -18763,17 +16462,6 @@ catalog: - id: ca-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-01b. class: sp800-53a @@ -18793,17 +16481,6 @@ catalog: - id: ca-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-01c.01 class: sp800-53a @@ -18838,17 +16515,6 @@ catalog: - id: ca-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-01c.02 class: sp800-53a @@ -18946,6 +16612,9 @@ catalog: - prose: individuals or roles to whom control assessment results are to be provided are defined; props: + - name: label + value: CA-02 + class: zero-padded - name: label value: CA-2 - name: label @@ -19013,9 +16682,6 @@ catalog: - id: ca-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Select the appropriate assessor or assessment team for the @@ -19023,9 +16689,6 @@ catalog: - id: ca-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Develop a control assessment plan that describes the scope\ @@ -19054,9 +16717,6 @@ catalog: - id: ca-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Ensure the control assessment plan is reviewed and approved @@ -19065,9 +16725,6 @@ catalog: - id: ca-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Assess the controls in the system and its environment of\ @@ -19078,9 +16735,6 @@ catalog: - id: ca-2_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Produce a control assessment report that document the results @@ -19088,9 +16742,6 @@ catalog: - id: ca-2_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Provide the results of the control assessment to {{ insert:\ @@ -19186,13 +16837,6 @@ catalog: - id: ca-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-02a. class: sp800-53a @@ -19211,17 +16855,6 @@ catalog: - id: ca-2_obj.b.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02b.01 class: sp800-53a @@ -19234,17 +16867,6 @@ catalog: - id: ca-2_obj.b.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02b.02 class: sp800-53a @@ -19257,17 +16879,6 @@ catalog: - id: ca-2_obj.b.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02b.03 class: sp800-53a @@ -19317,17 +16928,6 @@ catalog: - id: ca-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02c. class: sp800-53a @@ -19340,17 +16940,6 @@ catalog: - id: ca-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02d. class: sp800-53a @@ -19389,13 +16978,6 @@ catalog: - id: ca-2_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-02e. class: sp800-53a @@ -19407,13 +16989,6 @@ catalog: - id: ca-2_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-02f. class: sp800-53a @@ -19488,6 +17063,9 @@ catalog: class: SP800-53-enhancement title: Independent Assessors props: + - name: label + value: CA-02(01) + class: zero-padded - name: label value: CA-2(1) - name: label @@ -19507,10 +17085,6 @@ catalog: parts: - id: ca-2.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ independent assessors or assessment teams to conduct control assessments. parts: @@ -19573,17 +17147,6 @@ catalog: - id: ca-2.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02(01) class: sp800-53a @@ -19673,6 +17236,9 @@ catalog: guidelines: - prose: other forms of assessment are defined (if selected); props: + - name: label + value: CA-02(02) + class: zero-padded - name: label value: CA-2(2) - name: label @@ -19696,10 +17262,6 @@ catalog: parts: - id: ca-2.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Include as part of control assessments, {{ insert: param,\ \ ca-02.02_odp.01 }}, {{ insert: param, ca-02.02_odp.02 }}, {{\ \ insert: param, ca-02.02_odp.03 }}." @@ -19733,17 +17295,6 @@ catalog: - id: ca-2.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02(02) class: sp800-53a @@ -19834,6 +17385,9 @@ catalog: - prose: requirements to be met by the control assessment performed by an external organization on the system are defined; props: + - name: label + value: CA-02(03) + class: zero-padded - name: label value: CA-2(3) - name: label @@ -19855,10 +17409,6 @@ catalog: parts: - id: ca-2.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Leverage the results of control assessments performed by\ \ {{ insert: param, ca-02.03_odp.01 }} on {{ insert: param, ca-02.03_odp.02\ \ }} when the assessment meets {{ insert: param, ca-02.03_odp.03\ @@ -19886,17 +17436,6 @@ catalog: - id: ca-2.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02(03) class: sp800-53a @@ -19988,6 +17527,9 @@ catalog: - prose: the frequency at which to review and update agreements is defined; props: + - name: label + value: CA-03 + class: zero-padded - name: label value: CA-3 - name: label @@ -20039,9 +17581,6 @@ catalog: - id: ca-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Approve and manage the exchange of information between the\ @@ -20050,9 +17589,6 @@ catalog: - id: ca-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Document, as part of each exchange agreement, the interface @@ -20062,9 +17598,6 @@ catalog: - id: ca-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Review and update the agreements {{ insert: param, ca-03_odp.03\ @@ -20123,17 +17656,6 @@ catalog: - id: ca-3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-03a. class: sp800-53a @@ -20146,13 +17668,6 @@ catalog: - id: ca-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-03b. class: sp800-53a @@ -20228,17 +17743,6 @@ catalog: - id: ca-3_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-03c. class: sp800-53a @@ -20319,6 +17823,9 @@ catalog: class: SP800-53-enhancement title: Transfer Authorizations props: + - name: label + value: CA-03(06) + class: zero-padded - name: label value: CA-3(6) - name: label @@ -20347,10 +17854,6 @@ catalog: parts: - id: ca-3.6_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Verify that individuals or systems transferring data between interconnecting systems have the requisite authorizations (i.e., write permissions or privileges) prior to accepting such data. @@ -20366,17 +17869,6 @@ catalog: - id: ca-3.6_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-03(06) class: sp800-53a @@ -20489,6 +17981,9 @@ catalog: independent audits or reviews, and continuous monitoring activities is defined; props: + - name: label + value: CA-05 + class: zero-padded - name: label value: CA-5 - name: label @@ -20528,9 +18023,6 @@ catalog: - id: ca-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Develop a plan of action and milestones for the system to @@ -20541,9 +18033,6 @@ catalog: - id: ca-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Update existing plan of action and milestones {{ insert:\ @@ -20581,17 +18070,6 @@ catalog: - id: ca-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-05a. class: sp800-53a @@ -20606,17 +18084,6 @@ catalog: - id: ca-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-05b. class: sp800-53a @@ -20701,6 +18168,9 @@ catalog: guidelines: - prose: frequency at which to update the authorizations is defined; props: + - name: label + value: CA-06 + class: zero-padded - name: label value: CA-6 - name: label @@ -20744,9 +18214,6 @@ catalog: - id: ca-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Assign a senior official as the authorizing official for @@ -20754,9 +18221,6 @@ catalog: - id: ca-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Assign a senior official as the authorizing official for @@ -20764,9 +18228,6 @@ catalog: - id: ca-6_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Ensure that the authorizing official for the system, before\ @@ -20788,9 +18249,6 @@ catalog: - id: ca-6_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Ensure that the authorizing official for common controls @@ -20799,9 +18257,6 @@ catalog: - id: ca-6_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: "Update the authorizations {{ insert: param, ca-06_odp }}." @@ -20864,17 +18319,6 @@ catalog: - id: ca-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-06a. class: sp800-53a @@ -20886,17 +18330,6 @@ catalog: - id: ca-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-06b. class: sp800-53a @@ -20916,17 +18349,6 @@ catalog: - id: ca-6_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-06c.01 class: sp800-53a @@ -20939,17 +18361,6 @@ catalog: - id: ca-6_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-06c.02 class: sp800-53a @@ -20964,17 +18375,6 @@ catalog: - id: ca-6_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-06d. class: sp800-53a @@ -20986,13 +18386,6 @@ catalog: - id: ca-6_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-06e. class: sp800-53a @@ -21104,6 +18497,9 @@ catalog: - prose: frequency at which the privacy status of the system is reported is defined; props: + - name: label + value: CA-07 + class: zero-padded - name: label value: CA-7 - name: label @@ -21246,9 +18642,6 @@ catalog: - id: ca-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Establishing the following system-level metrics to be monitored:\ @@ -21256,9 +18649,6 @@ catalog: - id: ca-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Establishing {{ insert: param, ca-07_odp.02 }} for monitoring\ @@ -21267,9 +18657,6 @@ catalog: - id: ca-7_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Ongoing control assessments in accordance with the continuous @@ -21277,9 +18664,6 @@ catalog: - id: ca-7_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Ongoing monitoring of system and organization-defined metrics @@ -21287,9 +18671,6 @@ catalog: - id: ca-7_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Correlation and analysis of information generated by control @@ -21297,9 +18678,6 @@ catalog: - id: ca-7_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: Response actions to address results of the analysis of control @@ -21307,9 +18685,6 @@ catalog: - id: ca-7_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: "Reporting the security and privacy status of the system\ @@ -21400,17 +18775,6 @@ catalog: - id: ca-7_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07[01] class: sp800-53a @@ -21421,17 +18785,6 @@ catalog: - id: ca-7_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07[02] class: sp800-53a @@ -21443,17 +18796,6 @@ catalog: - id: ca-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07a. class: sp800-53a @@ -21466,17 +18808,6 @@ catalog: - id: ca-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07b. class: sp800-53a @@ -21510,17 +18841,6 @@ catalog: - id: ca-7_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07c. class: sp800-53a @@ -21532,17 +18852,6 @@ catalog: - id: ca-7_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07d. class: sp800-53a @@ -21555,17 +18864,6 @@ catalog: - id: ca-7_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07e. class: sp800-53a @@ -21577,17 +18875,6 @@ catalog: - id: ca-7_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07f. class: sp800-53a @@ -21600,17 +18887,6 @@ catalog: - id: ca-7_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07g. class: sp800-53a @@ -21743,6 +19019,9 @@ catalog: class: SP800-53-enhancement title: Independent Assessment props: + - name: label + value: CA-07(01) + class: zero-padded - name: label value: CA-7(1) - name: label @@ -21762,10 +19041,6 @@ catalog: parts: - id: ca-7.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ independent assessors or assessment teams to monitor the controls in the system on an ongoing basis. - id: ca-7.1_gdn @@ -21784,17 +19059,6 @@ catalog: - id: ca-7.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07(01) class: sp800-53a @@ -21871,6 +19135,9 @@ catalog: class: SP800-53-enhancement title: Risk Monitoring props: + - name: label + value: CA-07(04) + class: zero-padded - name: label value: CA-7(4) - name: label @@ -21899,27 +19166,18 @@ catalog: - id: ca-7.4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Effectiveness monitoring; - id: ca-7.4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Compliance monitoring; and - id: ca-7.4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: Change monitoring. @@ -21936,17 +19194,6 @@ catalog: - id: ca-7.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07(04) class: sp800-53a @@ -21956,17 +19203,6 @@ catalog: - id: ca-7.4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07(04)(a) class: sp800-53a @@ -21977,17 +19213,6 @@ catalog: - id: ca-7.4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07(04)(b) class: sp800-53a @@ -21998,17 +19223,6 @@ catalog: - id: ca-7.4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07(04)(c) class: sp800-53a @@ -22112,6 +19326,9 @@ catalog: - prose: systems or system components on which penetration testing is to be conducted are defined; props: + - name: label + value: CA-08 + class: zero-padded - name: label value: CA-8 - name: label @@ -22139,10 +19356,6 @@ catalog: parts: - id: ca-8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Conduct penetration testing {{ insert: param, ca-08_odp.01 }}\ \ on {{ insert: param, ca-08_odp.02 }}." parts: @@ -22198,17 +19411,6 @@ catalog: - id: ca-8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-08 class: sp800-53a @@ -22284,6 +19486,9 @@ catalog: class: SP800-53-enhancement title: Independent Penetration Testing Agent or Team props: + - name: label + value: CA-08(01) + class: zero-padded - name: label value: CA-8(1) - name: label @@ -22305,10 +19510,6 @@ catalog: parts: - id: ca-8.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ an independent penetration testing agent or team to perform penetration testing on the system or system components. - id: ca-8.1_gdn @@ -22324,17 +19525,6 @@ catalog: - id: ca-8.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-08(01) class: sp800-53a @@ -22400,9 +19590,9 @@ catalog: - prose: red team exercises to simulate attempts by adversaries to compromise organizational systems are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CA-08(02) + class: zero-padded - name: label value: CA-8(2) - name: label @@ -22422,10 +19612,6 @@ catalog: parts: - id: ca-8.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Employ the following red-team exercises to simulate attempts\ \ by adversaries to compromise organizational systems in accordance\ \ with applicable rules of engagement: {{ insert: param, ca-08.02_odp\ @@ -22433,7 +19619,7 @@ catalog: parts: - id: ca-8.2_fr name: item - title: CA-8(2) Additional FedRAMP Requirements and Guidance + title: CM-2 Additional FedRAMP Requirements and Guidance parts: - id: ca-8.2_fr_gdn.1 name: guidance @@ -22471,17 +19657,6 @@ catalog: - id: ca-8.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-08(02) class: sp800-53a @@ -22581,6 +19756,9 @@ catalog: - prose: frequency at which to review the continued need for each internal connection is defined; props: + - name: label + value: CA-09 + class: zero-padded - name: label value: CA-9 - name: label @@ -22622,9 +19800,6 @@ catalog: - id: ca-9_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Authorize internal connections of {{ insert: param, ca-09_odp.01\ @@ -22632,9 +19807,6 @@ catalog: - id: ca-9_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Document, for each internal connection, the interface characteristics, @@ -22643,9 +19815,6 @@ catalog: - id: ca-9_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Terminate internal system connections after {{ insert: param,\ @@ -22653,9 +19822,6 @@ catalog: - id: ca-9_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Review {{ insert: param, ca-09_odp.03 }} the continued need\ @@ -22686,17 +19852,6 @@ catalog: - id: ca-9_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-09a. class: sp800-53a @@ -22708,13 +19863,6 @@ catalog: - id: ca-9_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-09b. class: sp800-53a @@ -22769,17 +19917,6 @@ catalog: - id: ca-9_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-09c. class: sp800-53a @@ -22791,17 +19928,6 @@ catalog: - id: ca-9_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-09d. class: sp800-53a @@ -22950,6 +20076,9 @@ catalog: - prose: events that would require configuration management procedures to be reviewed and updated are defined; props: + - name: label + value: CM-01 + class: zero-padded - name: label value: CM-1 - name: label @@ -22989,11 +20118,6 @@ catalog: - id: cm-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -23034,9 +20158,6 @@ catalog: - id: cm-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, cm-01_odp.04 }} to manage\ @@ -23045,11 +20166,6 @@ catalog: - id: cm-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current configuration management:" @@ -23110,17 +20226,6 @@ catalog: - id: cm-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-01a.[01] class: sp800-53a @@ -23131,17 +20236,6 @@ catalog: - id: cm-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-01a.[02] class: sp800-53a @@ -23153,13 +20247,6 @@ catalog: - id: cm-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-01a.[03] class: sp800-53a @@ -23173,13 +20260,6 @@ catalog: - id: cm-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-01a.[04] class: sp800-53a @@ -23198,13 +20278,6 @@ catalog: - id: cm-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-01a.01(a) class: sp800-53a @@ -23294,13 +20367,6 @@ catalog: - id: cm-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-01a.01(b) class: sp800-53a @@ -23319,17 +20385,6 @@ catalog: - id: cm-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-01b. class: sp800-53a @@ -23349,17 +20404,6 @@ catalog: - id: cm-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-01c.01 class: sp800-53a @@ -23393,17 +20437,6 @@ catalog: - id: cm-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-01c.02 class: sp800-53a @@ -23505,6 +20538,9 @@ catalog: - prose: the circumstances requiring baseline configuration review and update are defined; props: + - name: label + value: CM-02 + class: zero-padded - name: label value: CM-2 - name: label @@ -23568,9 +20604,6 @@ catalog: - id: cm-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Develop, document, and maintain under configuration control, @@ -23578,9 +20611,6 @@ catalog: - id: cm-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update the baseline configuration of the system:" @@ -23638,13 +20668,6 @@ catalog: - id: cm-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-02a. class: sp800-53a @@ -23684,17 +20707,6 @@ catalog: - id: cm-2_obj.b.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-02b.01 class: sp800-53a @@ -23706,17 +20718,6 @@ catalog: - id: cm-2_obj.b.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-02b.02 class: sp800-53a @@ -23729,17 +20730,6 @@ catalog: - id: cm-2_obj.b.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-02b.03 class: sp800-53a @@ -23849,6 +20839,9 @@ catalog: - prose: automated mechanisms for maintaining baseline configuration of the system are defined; props: + - name: label + value: CM-02(02) + class: zero-padded - name: label value: CM-2(2) - name: label @@ -23874,10 +20867,6 @@ catalog: parts: - id: cm-2.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Maintain the currency, completeness, accuracy, and availability\ \ of the baseline configuration of the system using {{ insert:\ \ param, cm-02.02_odp }}." @@ -23898,17 +20887,6 @@ catalog: - id: cm-2.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-02(02) class: sp800-53a @@ -24053,6 +21031,9 @@ catalog: - prose: the number of previous baseline configuration versions to be retained is defined; props: + - name: label + value: CM-02(03) + class: zero-padded - name: label value: CM-2(3) - name: label @@ -24072,10 +21053,6 @@ catalog: parts: - id: cm-2.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Retain {{ insert: param, cm-02.03_odp }} of previous versions\ \ of baseline configurations of the system to support rollback." - id: cm-2.3_gdn @@ -24086,13 +21063,6 @@ catalog: - id: cm-2.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-02(03) class: sp800-53a @@ -24188,6 +21158,9 @@ catalog: - prose: the controls to be applied when the individuals return from travel are defined; props: + - name: label + value: CM-02(07) + class: zero-padded - name: label value: CM-2(7) - name: label @@ -24215,9 +21188,6 @@ catalog: - id: cm-2.7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Issue {{ insert: param, cm-02.07_odp.01 }} with {{ insert:\ @@ -24226,9 +21196,6 @@ catalog: - id: cm-2.7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Apply the following controls to the systems or components\ @@ -24262,17 +21229,6 @@ catalog: - id: cm-2.7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-02(07)(a) class: sp800-53a @@ -24286,17 +21242,6 @@ catalog: - id: cm-2.7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-02(07)(b) class: sp800-53a @@ -24418,6 +21363,9 @@ catalog: - prose: configuration change conditions that prompt the configuration control element to convene are defined (if selected); props: + - name: label + value: CM-03 + class: zero-padded - name: label value: CM-3 - name: label @@ -24491,9 +21439,6 @@ catalog: - id: cm-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Determine and document the types of changes to the system @@ -24501,9 +21446,6 @@ catalog: - id: cm-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Review proposed configuration-controlled changes to the system @@ -24512,9 +21454,6 @@ catalog: - id: cm-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Document configuration change decisions associated with the @@ -24522,9 +21461,6 @@ catalog: - id: cm-3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Implement approved configuration-controlled changes to the @@ -24532,9 +21468,6 @@ catalog: - id: cm-3_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: "Retain records of configuration-controlled changes to the\ @@ -24542,9 +21475,6 @@ catalog: - id: cm-3_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: Monitor and review activities associated with configuration-controlled @@ -24552,9 +21482,6 @@ catalog: - id: cm-3_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: "Coordinate and provide oversight for configuration change\ @@ -24609,17 +21536,6 @@ catalog: - id: cm-3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03a. class: sp800-53a @@ -24631,17 +21547,6 @@ catalog: - id: cm-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03b. class: sp800-53a @@ -24675,17 +21580,6 @@ catalog: - id: cm-3_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03c. class: sp800-53a @@ -24697,13 +21591,6 @@ catalog: - id: cm-3_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-03d. class: sp800-53a @@ -24715,13 +21602,6 @@ catalog: - id: cm-3_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-03e. class: sp800-53a @@ -24733,17 +21613,6 @@ catalog: - id: cm-3_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03f. class: sp800-53a @@ -24783,17 +21652,6 @@ catalog: - id: cm-3_obj.g-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03g.[01] class: sp800-53a @@ -24805,17 +21663,6 @@ catalog: - id: cm-3_obj.g-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03g.[02] class: sp800-53a @@ -24950,6 +21797,9 @@ catalog: - prose: personnel to be notified when approved changes are complete is/are defined; props: + - name: label + value: CM-03(01) + class: zero-padded - name: label value: CM-3(1) - name: label @@ -24974,18 +21824,12 @@ catalog: - id: cm-3.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Document proposed changes to the system; - id: cm-3.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Notify {{ insert: param, cm-03.01_odp.02 }} of proposed\ @@ -24993,9 +21837,6 @@ catalog: - id: cm-3.1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: "Highlight proposed changes to the system that have not\ @@ -25004,9 +21845,6 @@ catalog: - id: cm-3.1_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (d) prose: Prohibit changes to the system until designated approvals @@ -25014,18 +21852,12 @@ catalog: - id: cm-3.1_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (e) prose: Document all changes to the system; and - id: cm-3.1_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (f) prose: "Notify {{ insert: param, cm-03.01_odp.04 }} when approved\ @@ -25043,17 +21875,6 @@ catalog: - id: cm-3.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03(01)(a) class: sp800-53a @@ -25065,17 +21886,6 @@ catalog: - id: cm-3.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03(01)(b) class: sp800-53a @@ -25088,17 +21898,6 @@ catalog: - id: cm-3.1_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03(01)(c) class: sp800-53a @@ -25112,17 +21911,6 @@ catalog: - id: cm-3.1_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03(01)(d) class: sp800-53a @@ -25134,17 +21922,6 @@ catalog: - id: cm-3.1_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03(01)(e) class: sp800-53a @@ -25156,17 +21933,6 @@ catalog: - id: cm-3.1_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03(01)(f) class: sp800-53a @@ -25276,6 +22042,9 @@ catalog: class: SP800-53-enhancement title: Testing, Validation, and Documentation of Changes props: + - name: label + value: CM-03(02) + class: zero-padded - name: label value: CM-3(2) - name: label @@ -25295,10 +22064,6 @@ catalog: parts: - id: cm-3.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Test, validate, and document changes to the system before finalizing the implementation of the changes. - id: cm-3.2_gdn @@ -25320,17 +22085,6 @@ catalog: - id: cm-3.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03(02) class: sp800-53a @@ -25487,6 +22241,9 @@ catalog: security and privacy representatives are to be members is defined; props: + - name: label + value: CM-03(04) + class: zero-padded - name: label value: CM-3(4) - name: label @@ -25503,10 +22260,6 @@ catalog: parts: - id: cm-3.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Require {{ insert: param, cm-3.4_prm_1 }} to be members\ \ of the {{ insert: param, cm-03.04_odp.03 }}." - id: cm-3.4_gdn @@ -25526,17 +22279,6 @@ catalog: - id: cm-3.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03(04) class: sp800-53a @@ -25639,6 +22381,9 @@ catalog: - prose: controls provided by cryptographic mechanisms that are to be under configuration management are defined; props: + - name: label + value: CM-03(06) + class: zero-padded - name: label value: CM-3(6) - name: label @@ -25657,10 +22402,6 @@ catalog: parts: - id: cm-3.6_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Ensure that cryptographic mechanisms used to provide the\ \ following controls are under configuration management: {{ insert:\ \ param, cm-03.06_odp }}." @@ -25675,17 +22416,6 @@ catalog: - id: cm-3.6_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03(06) class: sp800-53a @@ -25776,6 +22506,9 @@ catalog: class: SP800-53 title: Impact Analyses props: + - name: label + value: CM-04 + class: zero-padded - name: label value: CM-4 - name: label @@ -25819,10 +22552,6 @@ catalog: parts: - id: cm-4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Analyze changes to the system to determine potential security and privacy impacts prior to change implementation. - id: cm-4_gdn @@ -25844,17 +22573,6 @@ catalog: - id: cm-4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-04 class: sp800-53a @@ -25989,6 +22707,9 @@ catalog: class: SP800-53-enhancement title: Separate Test Environments props: + - name: label + value: CM-04(01) + class: zero-padded - name: label value: CM-4(1) - name: label @@ -26012,10 +22733,6 @@ catalog: parts: - id: cm-4.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Analyze changes to the system in a separate test environment before implementation in an operational environment, looking for security and privacy impacts due to flaws, weaknesses, incompatibility, @@ -26042,17 +22759,6 @@ catalog: - id: cm-4.1_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-04(01)[01] class: sp800-53a @@ -26064,17 +22770,6 @@ catalog: - id: cm-4.1_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-04(01)[02] class: sp800-53a @@ -26086,17 +22781,6 @@ catalog: - id: cm-4.1_obj-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-04(01)[03] class: sp800-53a @@ -26108,17 +22792,6 @@ catalog: - id: cm-4.1_obj-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-04(01)[04] class: sp800-53a @@ -26130,17 +22803,6 @@ catalog: - id: cm-4.1_obj-5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-04(01)[05] class: sp800-53a @@ -26152,17 +22814,6 @@ catalog: - id: cm-4.1_obj-6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-04(01)[06] class: sp800-53a @@ -26174,17 +22825,6 @@ catalog: - id: cm-4.1_obj-7 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-04(01)[07] class: sp800-53a @@ -26196,17 +22836,6 @@ catalog: - id: cm-4.1_obj-8 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-04(01)[08] class: sp800-53a @@ -26218,17 +22847,6 @@ catalog: - id: cm-4.1_obj-9 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-04(01)[09] class: sp800-53a @@ -26349,6 +22967,9 @@ catalog: class: SP800-53-enhancement title: Verification of Controls props: + - name: label + value: CM-04(02) + class: zero-padded - name: label value: CM-4(2) - name: label @@ -26374,10 +22995,6 @@ catalog: parts: - id: cm-4.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: After system changes, verify that the impacted controls are implemented correctly, operating as intended, and producing the desired outcome with regard to meeting the security and privacy @@ -26390,17 +23007,6 @@ catalog: - id: cm-4.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-04(02) class: sp800-53a @@ -26583,9 +23189,9 @@ catalog: class: SP800-53 title: Access Restrictions for Change props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-05 + class: zero-padded - name: label value: CM-5 - name: label @@ -26624,10 +23230,6 @@ catalog: parts: - id: cm-5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system. - id: cm-5_gdn @@ -26645,17 +23247,6 @@ catalog: - id: cm-5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-05 class: sp800-53a @@ -26830,6 +23421,9 @@ catalog: - prose: mechanisms used to automate the enforcement of access restrictions are defined; props: + - name: label + value: CM-05(01) + class: zero-padded - name: label value: CM-5(1) - name: label @@ -26864,9 +23458,6 @@ catalog: - id: cm-5.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Enforce access restrictions using {{ insert: param,\ @@ -26874,9 +23465,6 @@ catalog: - id: cm-5.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Automatically generate audit records of the enforcement @@ -26897,13 +23485,6 @@ catalog: - id: cm-5.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-05(01)(a) class: sp800-53a @@ -26915,17 +23496,6 @@ catalog: - id: cm-5.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-05(01)(b) class: sp800-53a @@ -27036,6 +23606,9 @@ catalog: guidelines: - prose: frequency at which to reevaluate privileges is defined; props: + - name: label + value: CM-05(05) + class: zero-padded - name: label value: CM-5(5) - name: label @@ -27058,9 +23631,6 @@ catalog: - id: cm-5.5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Limit privileges to change system components and system-related @@ -27069,9 +23639,6 @@ catalog: - id: cm-5.5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Review and reevaluate privileges {{ insert: param, cm-5.5_prm_1\ @@ -27096,13 +23663,6 @@ catalog: - id: cm-5.5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-05(05)(a) class: sp800-53a @@ -27135,17 +23695,6 @@ catalog: - id: cm-5.5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-05(05)(b) class: sp800-53a @@ -27283,9 +23832,9 @@ catalog: - prose: operational requirements necessitating approval of deviations are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-06 + class: zero-padded - name: label value: CM-6 - name: label @@ -27375,9 +23924,6 @@ catalog: - id: cm-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Establish and document configuration settings for components\ @@ -27387,18 +23933,12 @@ catalog: - id: cm-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Implement the configuration settings; - id: cm-6_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Identify, document, and approve any deviations from established\ @@ -27407,9 +23947,6 @@ catalog: - id: cm-6_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Monitor and control changes to the configuration settings @@ -27456,7 +23993,7 @@ catalog: assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are - then documented in the CSP's Plan of Action and + then documented in the CSP’s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable. @@ -27523,13 +24060,6 @@ catalog: - id: cm-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-06a. class: sp800-53a @@ -27543,17 +24073,6 @@ catalog: - id: cm-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-06b. class: sp800-53a @@ -27564,17 +24083,6 @@ catalog: - id: cm-6_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-06c. class: sp800-53a @@ -27608,17 +24116,6 @@ catalog: - id: cm-6_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-06d. class: sp800-53a @@ -27778,9 +24275,9 @@ catalog: - prose: automated mechanisms to verify configuration settings are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-06(01) + class: zero-padded - name: label value: CM-6(1) - name: label @@ -27799,10 +24296,6 @@ catalog: parts: - id: cm-6.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Manage, apply, and verify configuration settings for {{\ \ insert: param, cm-06.01_odp.01 }} using {{ insert: param, cm-6.1_prm_2\ \ }}." @@ -27817,13 +24310,6 @@ catalog: - id: cm-6.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-06(01) class: sp800-53a @@ -27967,9 +24453,9 @@ catalog: - prose: configuration settings requiring action upon an unauthorized change are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-06(02) + class: zero-padded - name: label value: CM-6(2) - name: label @@ -27992,10 +24478,6 @@ catalog: parts: - id: cm-6.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Take the following actions in response to unauthorized changes\ \ to {{ insert: param, cm-06.02_odp.02 }}: {{ insert: param, cm-06.02_odp.01\ \ }}." @@ -28008,17 +24490,6 @@ catalog: - id: cm-6.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-06(02) class: sp800-53a @@ -28149,9 +24620,9 @@ catalog: guidelines: - prose: services to be prohibited or restricted are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-07 + class: zero-padded - name: label value: CM-7 - name: label @@ -28217,9 +24688,6 @@ catalog: - id: cm-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Configure the system to provide only {{ insert: param, cm-07_odp.01\ @@ -28227,9 +24695,6 @@ catalog: - id: cm-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Prohibit or restrict the use of the following functions,\ @@ -28279,17 +24744,6 @@ catalog: - id: cm-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-07a. class: sp800-53a @@ -28301,13 +24755,6 @@ catalog: - id: cm-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-07b. class: sp800-53a @@ -28486,9 +24933,9 @@ catalog: - prose: services to be disabled or removed when deemed unnecessary or non-secure are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-07(01) + class: zero-padded - name: label value: CM-7(1) - name: label @@ -28514,9 +24961,6 @@ catalog: - id: cm-7.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Review the system {{ insert: param, cm-07.01_odp.01\ @@ -28525,9 +24969,6 @@ catalog: - id: cm-7.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Disable or remove {{ insert: param, cm-7.1_prm_2 }}." @@ -28556,17 +24997,6 @@ catalog: - id: cm-7.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-07(01)(a) class: sp800-53a @@ -28579,17 +25009,6 @@ catalog: - id: cm-7.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-07(01)(b) class: sp800-53a @@ -28760,9 +25179,9 @@ catalog: regarding software program usage and restrictions are defined (if selected); props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-07(02) + class: zero-padded - name: label value: CM-7(2) - name: label @@ -28789,10 +25208,6 @@ catalog: parts: - id: cm-7.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Prevent program execution in accordance with {{ insert:\ \ param, cm-07.02_odp.01 }}." parts: @@ -28826,13 +25241,6 @@ catalog: - id: cm-7.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-07(02) class: sp800-53a @@ -28948,9 +25356,9 @@ catalog: - prose: frequency at which to review and update the list of authorized software programs is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-07(05) + class: zero-padded - name: label value: CM-7(5) - name: label @@ -28992,18 +25400,12 @@ catalog: - id: cm-7.5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Identify {{ insert: param, cm-07.05_odp.01 }};" - id: cm-7.5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Employ a deny-all, permit-by-exception policy to allow @@ -29012,9 +25414,6 @@ catalog: - id: cm-7.5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: "Review and update the list of authorized software programs\ @@ -29047,17 +25446,6 @@ catalog: - id: cm-7.5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-07(05)(a) class: sp800-53a @@ -29068,13 +25456,6 @@ catalog: - id: cm-7.5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-07(05)(b) class: sp800-53a @@ -29086,17 +25467,6 @@ catalog: - id: cm-7.5_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-07(05)(c) class: sp800-53a @@ -29217,9 +25587,9 @@ catalog: - prose: frequency at which to review and update the system component inventory is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-08 + class: zero-padded - name: label value: CM-8 - name: label @@ -29289,9 +25659,6 @@ catalog: - id: cm-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Develop and document an inventory of system components that:" @@ -29333,9 +25700,6 @@ catalog: - id: cm-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update the system component inventory {{ insert:\ @@ -29404,17 +25768,6 @@ catalog: - id: cm-8_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08a.01 class: sp800-53a @@ -29426,17 +25779,6 @@ catalog: - id: cm-8_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08a.02 class: sp800-53a @@ -29448,17 +25790,6 @@ catalog: - id: cm-8_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08a.03 class: sp800-53a @@ -29471,17 +25802,6 @@ catalog: - id: cm-8_obj.a.4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08a.04 class: sp800-53a @@ -29494,17 +25814,6 @@ catalog: - id: cm-8_obj.a.5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08a.05 class: sp800-53a @@ -29519,17 +25828,6 @@ catalog: - id: cm-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08b. class: sp800-53a @@ -29612,6 +25910,9 @@ catalog: class: SP800-53-enhancement title: Updates During Installation and Removal props: + - name: label + value: CM-08(01) + class: zero-padded - name: label value: CM-8(1) - name: label @@ -29633,10 +25934,6 @@ catalog: parts: - id: cm-8.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Update the inventory of system components as part of component installations, removals, and system updates. - id: cm-8.1_gdn @@ -29651,17 +25948,6 @@ catalog: - id: cm-8.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08(01) class: sp800-53a @@ -29800,6 +26086,9 @@ catalog: - prose: automated mechanisms used to maintain the availability of the system component inventory are defined; props: + - name: label + value: CM-08(02) + class: zero-padded - name: label value: CM-8(2) - name: label @@ -29819,10 +26108,6 @@ catalog: parts: - id: cm-8.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Maintain the currency, completeness, accuracy, and availability\ \ of the inventory of system components using {{ insert: param,\ \ cm-8.2_prm_1 }}." @@ -29839,17 +26124,6 @@ catalog: - id: cm-8.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08(02) class: sp800-53a @@ -30020,6 +26294,9 @@ catalog: - prose: personnel or roles to be notified when unauthorized components are detected is/are defined (if selected); props: + - name: label + value: CM-08(03) + class: zero-padded - name: label value: CM-8(3) - name: label @@ -30061,9 +26338,6 @@ catalog: - id: cm-8.3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Detect the presence of unauthorized hardware, software,\ @@ -30073,9 +26347,6 @@ catalog: - id: cm-8.3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Take the following actions when unauthorized components\ @@ -30108,13 +26379,6 @@ catalog: - id: cm-8.3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-08(03)(a) class: sp800-53a @@ -30161,13 +26425,6 @@ catalog: - id: cm-8.3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-08(03)(b) class: sp800-53a @@ -30329,6 +26586,9 @@ catalog: - position - role props: + - name: label + value: CM-08(04) + class: zero-padded - name: label value: CM-8(4) - name: label @@ -30350,10 +26610,6 @@ catalog: parts: - id: cm-8.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Include in the system component inventory information, a\ \ means for identifying by {{ insert: param, cm-08.04_odp }} ,\ \ individuals responsible and accountable for administering those\ @@ -30369,17 +26625,6 @@ catalog: - id: cm-8.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08(04) class: sp800-53a @@ -30462,6 +26707,9 @@ catalog: - prose: personnel or roles to review and approve the configuration management plan is/are defined; props: + - name: label + value: CM-09 + class: zero-padded - name: label value: CM-9 - name: label @@ -30502,9 +26750,6 @@ catalog: - id: cm-9_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Addresses roles, responsibilities, and configuration management @@ -30512,9 +26757,6 @@ catalog: - id: cm-9_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Establishes a process for identifying configuration items @@ -30523,9 +26765,6 @@ catalog: - id: cm-9_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Defines the configuration items for the system and places @@ -30533,9 +26772,6 @@ catalog: - id: cm-9_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Is reviewed and approved by {{ insert: param, cm-09_odp\ @@ -30543,9 +26779,6 @@ catalog: - id: cm-9_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Protects the configuration management plan from unauthorized @@ -30600,13 +26833,6 @@ catalog: - id: cm-9_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-09 class: sp800-53a @@ -30635,13 +26861,6 @@ catalog: - id: cm-9_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-09a. class: sp800-53a @@ -30690,17 +26909,6 @@ catalog: - id: cm-9_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-09b.[01] class: sp800-53a @@ -30713,13 +26921,6 @@ catalog: - id: cm-9_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-09b.[02] class: sp800-53a @@ -30741,13 +26942,6 @@ catalog: - id: cm-9_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-09c.[01] class: sp800-53a @@ -30759,13 +26953,6 @@ catalog: - id: cm-9_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-09c.[02] class: sp800-53a @@ -30780,17 +26967,6 @@ catalog: - id: cm-9_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-09d. class: sp800-53a @@ -30802,13 +26978,6 @@ catalog: - id: cm-9_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-09e. class: sp800-53a @@ -30931,6 +27100,9 @@ catalog: class: SP800-53 title: Software Usage Restrictions props: + - name: label + value: CM-10 + class: zero-padded - name: label value: CM-10 - name: label @@ -30961,9 +27133,6 @@ catalog: - id: cm-10_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Use software and associated documentation in accordance with @@ -30971,9 +27140,6 @@ catalog: - id: cm-10_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Track the use of software and associated documentation protected @@ -30981,9 +27147,6 @@ catalog: - id: cm-10_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Control and document the use of peer-to-peer file sharing @@ -31005,17 +27168,6 @@ catalog: - id: cm-10_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-10a. class: sp800-53a @@ -31027,17 +27179,6 @@ catalog: - id: cm-10_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-10b. class: sp800-53a @@ -31049,17 +27190,6 @@ catalog: - id: cm-10_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-10c. class: sp800-53a @@ -31173,6 +27303,9 @@ catalog: guidelines: - prose: frequency with which to monitor compliance is defined; props: + - name: label + value: CM-11 + class: zero-padded - name: label value: CM-11 - name: label @@ -31213,9 +27346,6 @@ catalog: - id: cm-11_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Establish {{ insert: param, cm-11_odp.01 }} governing the\ @@ -31223,9 +27353,6 @@ catalog: - id: cm-11_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Enforce software installation policies through the following\ @@ -31233,9 +27360,6 @@ catalog: - id: cm-11_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Monitor policy compliance {{ insert: param, cm-11_odp.03\ @@ -31263,17 +27387,6 @@ catalog: - id: cm-11_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-11a. class: sp800-53a @@ -31285,17 +27398,6 @@ catalog: - id: cm-11_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-11b. class: sp800-53a @@ -31307,13 +27409,6 @@ catalog: - id: cm-11_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-11c. class: sp800-53a @@ -31419,6 +27514,9 @@ catalog: - prose: information for which the location is to be identified and documented is defined; props: + - name: label + value: CM-12 + class: zero-padded - name: label value: CM-12 - name: label @@ -31478,9 +27576,6 @@ catalog: - id: cm-12_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Identify and document the location of {{ insert: param,\ @@ -31489,9 +27584,6 @@ catalog: - id: cm-12_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Identify and document the users who have access to the system @@ -31500,9 +27592,6 @@ catalog: - id: cm-12_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Document changes to the location (i.e., system or system @@ -31548,17 +27637,6 @@ catalog: - id: cm-12_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-12a.[01] class: sp800-53a @@ -31570,17 +27648,6 @@ catalog: - id: cm-12_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-12a.[02] class: sp800-53a @@ -31592,17 +27659,6 @@ catalog: - id: cm-12_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-12a.[03] class: sp800-53a @@ -31617,17 +27673,6 @@ catalog: - id: cm-12_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-12b. class: sp800-53a @@ -31662,17 +27707,6 @@ catalog: - id: cm-12_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-12c. class: sp800-53a @@ -31822,6 +27856,9 @@ catalog: - prose: system components where the information is located are defined; props: + - name: label + value: CM-12(01) + class: zero-padded - name: label value: CM-12(1) - name: label @@ -31841,10 +27878,6 @@ catalog: parts: - id: cm-12.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Use automated tools to identify {{ insert: param, cm-12.01_odp.01\ \ }} on {{ insert: param, cm-12.01_odp.02 }} to ensure controls\ \ are in place to protect organizational information and individual\ @@ -31872,13 +27905,6 @@ catalog: - id: cm-12.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-12(01) class: sp800-53a @@ -31993,6 +28019,9 @@ catalog: - prose: firmware components requiring verification of a digitally signed certificate before installation are defined; props: + - name: label + value: CM-14 + class: zero-padded - name: label value: CM-14 - name: label @@ -32023,10 +28052,6 @@ catalog: parts: - id: cm-14_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Prevent the installation of {{ insert: param, cm-14_prm_1 }}\ \ without verification that the component has been digitally signed\ \ using a certificate that is recognized and approved by the organization." @@ -32051,17 +28076,6 @@ catalog: - id: cm-14_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-14 class: sp800-53a @@ -32239,6 +28253,9 @@ catalog: - prose: events that would require procedures to be reviewed and updated are defined; props: + - name: label + value: CP-01 + class: zero-padded - name: label value: CP-1 - name: label @@ -32278,11 +28295,6 @@ catalog: - id: cp-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -32322,9 +28334,6 @@ catalog: - id: cp-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, cp-01_odp.04 }} to manage\ @@ -32333,11 +28342,6 @@ catalog: - id: cp-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current contingency planning:" @@ -32397,17 +28401,6 @@ catalog: - id: cp-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-01a.[01] class: sp800-53a @@ -32418,17 +28411,6 @@ catalog: - id: cp-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-01a.[02] class: sp800-53a @@ -32440,13 +28422,6 @@ catalog: - id: cp-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-01a.[03] class: sp800-53a @@ -32459,13 +28434,6 @@ catalog: - id: cp-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-01a.[04] class: sp800-53a @@ -32484,13 +28452,6 @@ catalog: - id: cp-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-01a.01(a) class: sp800-53a @@ -32579,13 +28540,6 @@ catalog: - id: cp-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-01a.01(b) class: sp800-53a @@ -32605,17 +28559,6 @@ catalog: - id: cp-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-01b. class: sp800-53a @@ -32635,17 +28578,6 @@ catalog: - id: cp-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-01c.01 class: sp800-53a @@ -32679,17 +28611,6 @@ catalog: - id: cp-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-01c.02 class: sp800-53a @@ -32811,6 +28732,9 @@ catalog: - prose: key contingency organizational elements to communicate changes to are defined; props: + - name: label + value: CP-02 + class: zero-padded - name: label value: CP-2 - name: label @@ -32883,9 +28807,6 @@ catalog: - id: cp-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Develop a contingency plan for the system that:" @@ -32941,9 +28862,6 @@ catalog: - id: cp-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Distribute copies of the contingency plan to {{ insert:\ @@ -32951,9 +28869,6 @@ catalog: - id: cp-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Coordinate contingency planning activities with incident @@ -32961,9 +28876,6 @@ catalog: - id: cp-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Review the contingency plan for the system {{ insert: param,\ @@ -32971,9 +28883,6 @@ catalog: - id: cp-2_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Update the contingency plan to address changes to the organization, @@ -32982,9 +28891,6 @@ catalog: - id: cp-2_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Communicate contingency plan changes to {{ insert: param,\ @@ -32992,9 +28898,6 @@ catalog: - id: cp-2_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: Incorporate lessons learned from contingency plan testing, @@ -33003,9 +28906,6 @@ catalog: - id: cp-2_smt.h name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: h. prose: Protect the contingency plan from unauthorized disclosure @@ -33076,13 +28976,6 @@ catalog: - id: cp-2_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.01 class: sp800-53a @@ -33095,13 +28988,6 @@ catalog: - id: cp-2_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.02 class: sp800-53a @@ -33145,13 +29031,6 @@ catalog: - id: cp-2_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.03 class: sp800-53a @@ -33195,13 +29074,6 @@ catalog: - id: cp-2_obj.a.4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.04 class: sp800-53a @@ -33214,13 +29086,6 @@ catalog: - id: cp-2_obj.a.5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.05 class: sp800-53a @@ -33233,13 +29098,6 @@ catalog: - id: cp-2_obj.a.6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.06 class: sp800-53a @@ -33251,13 +29109,6 @@ catalog: - id: cp-2_obj.a.7 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.07 class: sp800-53a @@ -33300,17 +29151,6 @@ catalog: - id: cp-2_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02b.[01] class: sp800-53a @@ -33322,17 +29162,6 @@ catalog: - id: cp-2_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02b.[02] class: sp800-53a @@ -33347,17 +29176,6 @@ catalog: - id: cp-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02c. class: sp800-53a @@ -33369,17 +29187,6 @@ catalog: - id: cp-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02d. class: sp800-53a @@ -33398,17 +29205,6 @@ catalog: - id: cp-2_obj.e-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02e.[01] class: sp800-53a @@ -33420,17 +29216,6 @@ catalog: - id: cp-2_obj.e-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02e.[02] class: sp800-53a @@ -33445,17 +29230,6 @@ catalog: - id: cp-2_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02f. class: sp800-53a @@ -33488,21 +29262,6 @@ catalog: - id: cp-2_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-02g. class: sp800-53a @@ -33536,21 +29295,6 @@ catalog: - id: cp-2_obj.h name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-02h. class: sp800-53a @@ -33651,6 +29395,9 @@ catalog: class: SP800-53-enhancement title: Coordinate with Related Plans props: + - name: label + value: CP-02(01) + class: zero-padded - name: label value: CP-2(1) - name: label @@ -33667,10 +29414,6 @@ catalog: parts: - id: cp-2.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Coordinate contingency plan development with organizational elements responsible for related plans. - id: cp-2.1_gdn @@ -33684,17 +29427,6 @@ catalog: - id: cp-2.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02(01) class: sp800-53a @@ -33776,6 +29508,9 @@ catalog: class: SP800-53-enhancement title: Capacity Planning props: + - name: label + value: CP-02(02) + class: zero-padded - name: label value: CP-2(2) - name: label @@ -33804,10 +29539,6 @@ catalog: parts: - id: cp-2.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Conduct capacity planning so that necessary capacity for information processing, telecommunications, and environmental support exists during contingency operations. @@ -33827,21 +29558,6 @@ catalog: - id: cp-2.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-02(02) class: sp800-53a @@ -33952,6 +29668,9 @@ catalog: - prose: the contingency plan activation time period within which to resume mission and business functions is defined; props: + - name: label + value: CP-02(03) + class: zero-padded - name: label value: CP-2(3) - name: label @@ -33968,10 +29687,6 @@ catalog: parts: - id: cp-2.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Plan for the resumption of {{ insert: param, cp-02.03_odp.01\ \ }} mission and business functions within {{ insert: param, cp-02.03_odp.02\ \ }} of contingency plan activation." @@ -33987,17 +29702,6 @@ catalog: - id: cp-2.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02(03) class: sp800-53a @@ -34091,6 +29795,9 @@ catalog: - all - essential props: + - name: label + value: CP-02(05) + class: zero-padded - name: label value: CP-2(5) - name: label @@ -34107,10 +29814,6 @@ catalog: parts: - id: cp-2.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Plan for the continuance of {{ insert: param, cp-02.05_odp\ \ }} mission and business functions with minimal or no loss of\ \ operational continuity and sustains that continuity until full\ @@ -34133,21 +29836,6 @@ catalog: - id: cp-2.5_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-02(05)[01] class: sp800-53a @@ -34160,21 +29848,6 @@ catalog: - id: cp-2.5_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-02(05)[02] class: sp800-53a @@ -34276,6 +29949,9 @@ catalog: - all - essential props: + - name: label + value: CP-02(08) + class: zero-padded - name: label value: CP-2(8) - name: label @@ -34296,10 +29972,6 @@ catalog: parts: - id: cp-2.8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Identify critical system assets supporting {{ insert: param,\ \ cp-02.08_odp }} mission and business functions." - id: cp-2.8_gdn @@ -34325,17 +29997,6 @@ catalog: - id: cp-2.8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02(08) class: sp800-53a @@ -34424,6 +30085,9 @@ catalog: - prose: events necessitating review and update of contingency training are defined; props: + - name: label + value: CP-03 + class: zero-padded - name: label value: CP-3 - name: label @@ -34465,9 +30129,6 @@ catalog: - id: cp-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Provide contingency training to system users consistent\ @@ -34495,9 +30156,6 @@ catalog: - id: cp-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update contingency training content {{ insert:\ @@ -34560,17 +30218,6 @@ catalog: - id: cp-3_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-03a.01 class: sp800-53a @@ -34584,17 +30231,6 @@ catalog: - id: cp-3_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-03a.02 class: sp800-53a @@ -34607,17 +30243,6 @@ catalog: - id: cp-3_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-03a.03 class: sp800-53a @@ -34640,17 +30265,6 @@ catalog: - id: cp-3_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-03b.[01] class: sp800-53a @@ -34662,17 +30276,6 @@ catalog: - id: cp-3_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-03b.[02] class: sp800-53a @@ -34748,6 +30351,9 @@ catalog: class: SP800-53-enhancement title: Simulated Events props: + - name: label + value: CP-03(01) + class: zero-padded - name: label value: CP-3(1) - name: label @@ -34767,10 +30373,6 @@ catalog: parts: - id: cp-3.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Incorporate simulated events into contingency training to facilitate effective response by personnel in crisis situations. - id: cp-3.1_gdn @@ -34783,21 +30385,6 @@ catalog: - id: cp-3.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-03(01) class: sp800-53a @@ -34889,9 +30476,9 @@ catalog: - prose: tests for determining readiness to execute the contingency plan are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CP-04 + class: zero-padded - name: label value: CP-4 - name: label @@ -34941,9 +30528,6 @@ catalog: - id: cp-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Test the contingency plan for the system {{ insert: param,\ @@ -34953,18 +30537,12 @@ catalog: - id: cp-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Review the contingency plan test results; and - id: cp-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Initiate corrective actions, if needed. @@ -35016,21 +30594,6 @@ catalog: - id: cp-4_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-04a.[01] class: sp800-53a @@ -35042,21 +30605,6 @@ catalog: - id: cp-4_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-04a.[02] class: sp800-53a @@ -35068,21 +30616,6 @@ catalog: - id: cp-4_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-04a.[03] class: sp800-53a @@ -35097,17 +30630,6 @@ catalog: - id: cp-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-04b. class: sp800-53a @@ -35118,17 +30640,6 @@ catalog: - id: cp-4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-04c. class: sp800-53a @@ -35204,6 +30715,9 @@ catalog: class: SP800-53-enhancement title: Coordinate with Related Plans props: + - name: label + value: CP-04(01) + class: zero-padded - name: label value: CP-4(1) - name: label @@ -35227,10 +30741,6 @@ catalog: parts: - id: cp-4.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Coordinate contingency plan testing with organizational elements responsible for related plans. - id: cp-4.1_gdn @@ -35248,21 +30758,6 @@ catalog: - id: cp-4.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-04(01) class: sp800-53a @@ -35334,6 +30829,9 @@ catalog: class: SP800-53-enhancement title: Alternate Processing Site props: + - name: label + value: CP-04(02) + class: zero-padded - name: label value: CP-4(2) - name: label @@ -35360,9 +30858,6 @@ catalog: - id: cp-4.2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: To familiarize contingency personnel with the facility @@ -35370,9 +30865,6 @@ catalog: - id: cp-4.2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: To evaluate the capabilities of the alternate processing @@ -35397,21 +30889,6 @@ catalog: - id: cp-4.2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-04(02)(a) class: sp800-53a @@ -35424,21 +30901,6 @@ catalog: - id: cp-4.2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-04(02)(b) class: sp800-53a @@ -35518,6 +30980,9 @@ catalog: class: SP800-53 title: Alternate Storage Site props: + - name: label + value: CP-06 + class: zero-padded - name: label value: CP-6 - name: label @@ -35558,9 +31023,6 @@ catalog: - id: cp-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish an alternate storage site, including necessary @@ -35569,9 +31031,6 @@ catalog: - id: cp-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Ensure that the alternate storage site provides controls @@ -35608,21 +31067,6 @@ catalog: - id: cp-6_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-06a.[01] class: sp800-53a @@ -35633,21 +31077,6 @@ catalog: - id: cp-6_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-06a.[02] class: sp800-53a @@ -35663,21 +31092,6 @@ catalog: - id: cp-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-06b. class: sp800-53a @@ -35757,6 +31171,9 @@ catalog: class: SP800-53-enhancement title: Separation from Primary Site props: + - name: label + value: CP-06(01) + class: zero-padded - name: label value: CP-6(1) - name: label @@ -35775,10 +31192,6 @@ catalog: parts: - id: cp-6.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Identify an alternate storage site that is sufficiently separated from the primary storage site to reduce susceptibility to the same threats. @@ -35795,21 +31208,6 @@ catalog: - id: cp-6.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-06(01) class: sp800-53a @@ -35870,6 +31268,9 @@ catalog: class: SP800-53-enhancement title: Recovery Time and Recovery Point Objectives props: + - name: label + value: CP-06(02) + class: zero-padded - name: label value: CP-6(2) - name: label @@ -35886,10 +31287,6 @@ catalog: parts: - id: cp-6.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Configure the alternate storage site to facilitate recovery operations in accordance with recovery time and recovery point objectives. @@ -35903,21 +31300,6 @@ catalog: - id: cp-6.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-06(02) class: sp800-53a @@ -36014,6 +31396,9 @@ catalog: class: SP800-53-enhancement title: Accessibility props: + - name: label + value: CP-06(03) + class: zero-padded - name: label value: CP-6(3) - name: label @@ -36032,10 +31417,6 @@ catalog: parts: - id: cp-6.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Identify potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outline explicit mitigation actions. @@ -36059,17 +31440,6 @@ catalog: - id: cp-6.3_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-06(03)[01] class: sp800-53a @@ -36082,17 +31452,6 @@ catalog: - id: cp-6.3_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-06(03)[02] class: sp800-53a @@ -36178,6 +31537,9 @@ catalog: - prose: time period consistent with recovery time and recovery point objectives is defined; props: + - name: label + value: CP-07 + class: zero-padded - name: label value: CP-7 - name: label @@ -36222,9 +31584,6 @@ catalog: - id: cp-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Establish an alternate processing site, including necessary\ @@ -36235,9 +31594,6 @@ catalog: - id: cp-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Make available at the alternate processing site, the equipment @@ -36248,9 +31604,6 @@ catalog: - id: cp-7_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Provide controls at the alternate processing site that are @@ -36293,21 +31646,6 @@ catalog: - id: cp-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-07a. class: sp800-53a @@ -36329,21 +31667,6 @@ catalog: - id: cp-7_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-07b.[01] class: sp800-53a @@ -36357,21 +31680,6 @@ catalog: - id: cp-7_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-07b.[02] class: sp800-53a @@ -36388,21 +31696,6 @@ catalog: - id: cp-7_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-07c. class: sp800-53a @@ -36494,6 +31787,9 @@ catalog: class: SP800-53-enhancement title: Separation from Primary Site props: + - name: label + value: CP-07(01) + class: zero-padded - name: label value: CP-7(1) - name: label @@ -36512,10 +31808,6 @@ catalog: parts: - id: cp-7.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Identify an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats. @@ -36548,17 +31840,6 @@ catalog: - id: cp-7.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-07(01) class: sp800-53a @@ -36619,6 +31900,9 @@ catalog: class: SP800-53-enhancement title: Accessibility props: + - name: label + value: CP-07(02) + class: zero-padded - name: label value: CP-7(2) - name: label @@ -36637,10 +31921,6 @@ catalog: parts: - id: cp-7.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Identify potential accessibility problems to alternate processing sites in the event of an area-wide disruption or disaster and outlines explicit mitigation actions. @@ -36659,17 +31939,6 @@ catalog: - id: cp-7.2_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-07(02)[01] class: sp800-53a @@ -36682,17 +31951,6 @@ catalog: - id: cp-7.2_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-07(02)[02] class: sp800-53a @@ -36755,6 +32013,9 @@ catalog: class: SP800-53-enhancement title: Priority of Service props: + - name: label + value: CP-07(03) + class: zero-padded - name: label value: CP-7(3) - name: label @@ -36771,10 +32032,6 @@ catalog: parts: - id: cp-7.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Develop alternate processing site agreements that contain priority-of-service provisions in accordance with availability requirements (including recovery time objectives). @@ -36789,17 +32046,6 @@ catalog: - id: cp-7.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-07(03) class: sp800-53a @@ -36862,6 +32108,9 @@ catalog: class: SP800-53-enhancement title: Preparation for Use props: + - name: label + value: CP-07(04) + class: zero-padded - name: label value: CP-7(4) - name: label @@ -36884,10 +32133,6 @@ catalog: parts: - id: cp-7.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Prepare the alternate processing site so that the site can serve as the operational site supporting essential mission and business functions. @@ -36900,21 +32145,6 @@ catalog: - id: cp-7.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-07(04) class: sp800-53a @@ -37000,6 +32230,9 @@ catalog: business functions when the primary telecommunications capabilities are unavailable is defined; props: + - name: label + value: CP-08 + class: zero-padded - name: label value: CP-8 - name: label @@ -37026,10 +32259,6 @@ catalog: parts: - id: cp-8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Establish alternate telecommunications services, including necessary\ \ agreements to permit the resumption of {{ insert: param, cp-08_odp.01\ \ }} for essential mission and business functions within {{ insert:\ @@ -37064,21 +32293,6 @@ catalog: - id: cp-8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-08 class: sp800-53a @@ -37159,6 +32373,9 @@ catalog: class: SP800-53-enhancement title: Priority of Service Provisions props: + - name: label + value: CP-08(01) + class: zero-padded - name: label value: CP-8(1) - name: label @@ -37179,9 +32396,6 @@ catalog: - id: cp-8.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Develop primary and alternate telecommunications service @@ -37191,9 +32405,6 @@ catalog: - id: cp-8.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Request Telecommunications Service Priority for all telecommunications @@ -37226,21 +32437,6 @@ catalog: - id: cp-8.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-08(01)(a) class: sp800-53a @@ -37277,21 +32473,6 @@ catalog: - id: cp-8.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-08(01)(b) class: sp800-53a @@ -37377,6 +32558,9 @@ catalog: class: SP800-53-enhancement title: Single Points of Failure props: + - name: label + value: CP-08(02) + class: zero-padded - name: label value: CP-8(2) - name: label @@ -37393,10 +32577,6 @@ catalog: parts: - id: cp-8.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Obtain alternate telecommunications services to reduce the likelihood of sharing a single point of failure with primary telecommunications services. @@ -37410,17 +32590,6 @@ catalog: - id: cp-8.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-08(02) class: sp800-53a @@ -37486,6 +32655,9 @@ catalog: class: SP800-53-enhancement title: Separation of Primary and Alternate Providers props: + - name: label + value: CP-08(03) + class: zero-padded - name: label value: CP-8(3) - name: label @@ -37502,10 +32674,6 @@ catalog: parts: - id: cp-8.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Obtain alternate telecommunications services from providers that are separated from primary service providers to reduce susceptibility to the same threats. @@ -37524,17 +32692,6 @@ catalog: - id: cp-8.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-08(03) class: sp800-53a @@ -37618,6 +32775,9 @@ catalog: - prose: frequency at which to obtain evidence of contingency training by providers is defined; props: + - name: label + value: CP-08(04) + class: zero-padded - name: label value: CP-8(4) - name: label @@ -37642,9 +32802,6 @@ catalog: - id: cp-8.4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Require primary and alternate telecommunications service @@ -37652,9 +32809,6 @@ catalog: - id: cp-8.4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Review provider contingency plans to ensure that the @@ -37662,9 +32816,6 @@ catalog: - id: cp-8.4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: "Obtain evidence of contingency testing and training\ @@ -37690,17 +32841,6 @@ catalog: - id: cp-8.4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-08(04)(a) class: sp800-53a @@ -37733,17 +32873,6 @@ catalog: - id: cp-8.4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-08(04)(b) class: sp800-53a @@ -37755,17 +32884,6 @@ catalog: - id: cp-8.4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-08(04)(c) class: sp800-53a @@ -37891,6 +33009,9 @@ catalog: consistent with recovery time and recovery point objectives is defined; props: + - name: label + value: CP-09 + class: zero-padded - name: label value: CP-9 - name: label @@ -37939,9 +33060,6 @@ catalog: - id: cp-9_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Conduct backups of user-level information contained in {{\ @@ -37950,9 +33068,6 @@ catalog: - id: cp-9_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Conduct backups of system-level information contained in\ @@ -37960,9 +33075,6 @@ catalog: - id: cp-9_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Conduct backups of system documentation, including security-\ @@ -37971,9 +33083,6 @@ catalog: - id: cp-9_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Protect the confidentiality, integrity, and availability @@ -38042,21 +33151,6 @@ catalog: - id: cp-9_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09a. class: sp800-53a @@ -38069,21 +33163,6 @@ catalog: - id: cp-9_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09b. class: sp800-53a @@ -38095,21 +33174,6 @@ catalog: - id: cp-9_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09c. class: sp800-53a @@ -38122,17 +33186,6 @@ catalog: - id: cp-9_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09d. class: sp800-53a @@ -38252,6 +33305,9 @@ catalog: - prose: frequency at which to test backup information for information integrity is defined; props: + - name: label + value: CP-09(01) + class: zero-padded - name: label value: CP-9(1) - name: label @@ -38270,10 +33326,6 @@ catalog: parts: - id: cp-9.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Test backup information {{ insert: param, cp-9.1_prm_1 }}\ \ to verify media reliability and information integrity." - id: cp-9.1_gdn @@ -38291,21 +33343,6 @@ catalog: - id: cp-9.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09(01) class: sp800-53a @@ -38398,6 +33435,9 @@ catalog: class: SP800-53-enhancement title: Test Restoration Using Sampling props: + - name: label + value: CP-09(02) + class: zero-padded - name: label value: CP-9(2) - name: label @@ -38416,10 +33456,6 @@ catalog: parts: - id: cp-9.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Use a sample of backup information in the restoration of selected system functions as part of contingency plan testing. - id: cp-9.2_gdn @@ -38435,17 +33471,6 @@ catalog: - id: cp-9.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09(02) class: sp800-53a @@ -38527,6 +33552,9 @@ catalog: - prose: critical system software and other security-related information backups to be stored in a separate facility are defined; props: + - name: label + value: CP-09(03) + class: zero-padded - name: label value: CP-9(3) - name: label @@ -38549,10 +33577,6 @@ catalog: parts: - id: cp-9.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Store backup copies of {{ insert: param, cp-09.03_odp }}\ \ in a separate facility or in a fire rated container that is\ \ not collocated with the operational system." @@ -38573,21 +33597,6 @@ catalog: - id: cp-9.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09(03) class: sp800-53a @@ -38673,6 +33682,9 @@ catalog: - prose: transfer rate consistent with recovery time and recovery point objectives is defined; props: + - name: label + value: CP-09(05) + class: zero-padded - name: label value: CP-9(5) - name: label @@ -38697,10 +33709,6 @@ catalog: parts: - id: cp-9.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Transfer system backup information to the alternate storage\ \ site {{ insert: param, cp-9.5_prm_1 }}." - id: cp-9.5_gdn @@ -38718,21 +33726,6 @@ catalog: - id: cp-9.5_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09(05)[01] class: sp800-53a @@ -38744,21 +33737,6 @@ catalog: - id: cp-9.5_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09(05)[02] class: sp800-53a @@ -38855,6 +33833,9 @@ catalog: - prose: backup information to protect against unauthorized disclosure and modification is defined; props: + - name: label + value: CP-09(08) + class: zero-padded - name: label value: CP-9(8) - name: label @@ -38877,10 +33858,6 @@ catalog: parts: - id: cp-9.8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement cryptographic mechanisms to prevent unauthorized\ \ disclosure and modification of {{ insert: param, cp-09.08_odp\ \ }}." @@ -38911,21 +33888,6 @@ catalog: - id: cp-9.8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09(08) class: sp800-53a @@ -39014,6 +33976,9 @@ catalog: - prose: time period consistent with recovery time and recovery point objectives for the reconstitution of the system is determined; props: + - name: label + value: CP-10 + class: zero-padded - name: label value: CP-10 - name: label @@ -39048,10 +34013,6 @@ catalog: parts: - id: cp-10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Provide for the recovery and reconstitution of the system to\ \ a known state within {{ insert: param, cp-10_prm_1 }} after a disruption,\ \ compromise, or failure." @@ -39076,21 +34037,6 @@ catalog: - id: cp-10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-10 class: sp800-53a @@ -39193,6 +34139,9 @@ catalog: class: SP800-53-enhancement title: Transaction Recovery props: + - name: label + value: CP-10(02) + class: zero-padded - name: label value: CP-10(2) - name: label @@ -39209,10 +34158,6 @@ catalog: parts: - id: cp-10.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Implement transaction recovery for systems that are transaction-based. - id: cp-10.2_gdn name: guidance @@ -39222,21 +34167,6 @@ catalog: - id: cp-10.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-10(02) class: sp800-53a @@ -39331,6 +34261,9 @@ catalog: - prose: restoration time period within which to restore system components to a known, operational state is defined; props: + - name: label + value: CP-10(04) + class: zero-padded - name: label value: CP-10(4) - name: label @@ -39351,10 +34284,6 @@ catalog: parts: - id: cp-10.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Provide the capability to restore system components within\ \ {{ insert: param, cp-10.04_odp }} from configuration-controlled\ \ and integrity-protected information representing a known, operational\ @@ -39366,21 +34295,6 @@ catalog: - id: cp-10.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-10(04) class: sp800-53a @@ -39520,6 +34434,9 @@ catalog: - prose: events that would require identification and authentication procedures to be reviewed and updated are defined; props: + - name: label + value: IA-01 + class: zero-padded - name: label value: IA-1 - name: label @@ -39571,11 +34488,6 @@ catalog: - id: ia-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -39616,9 +34528,6 @@ catalog: - id: ia-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ia-01_odp.04 }} to manage\ @@ -39627,11 +34536,6 @@ catalog: - id: ia-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current identification and authentication:" @@ -39692,17 +34596,6 @@ catalog: - id: ia-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IA-01a.[01] class: sp800-53a @@ -39714,17 +34607,6 @@ catalog: - id: ia-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IA-01a.[02] class: sp800-53a @@ -39736,13 +34618,6 @@ catalog: - id: ia-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IA-01a.[03] class: sp800-53a @@ -39756,13 +34631,6 @@ catalog: - id: ia-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IA-01a.[04] class: sp800-53a @@ -39781,13 +34649,6 @@ catalog: - id: ia-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IA-01a.01(a) class: sp800-53a @@ -39876,13 +34737,6 @@ catalog: - id: ia-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IA-01a.01(b) class: sp800-53a @@ -39902,17 +34756,6 @@ catalog: - id: ia-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IA-01b. class: sp800-53a @@ -39932,17 +34775,6 @@ catalog: - id: ia-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IA-01c.01 class: sp800-53a @@ -39977,17 +34809,6 @@ catalog: - id: ia-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IA-01c.02 class: sp800-53a @@ -40076,9 +34897,9 @@ catalog: class: SP800-53 title: Identification and Authentication (Organizational Users) props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-02 + class: zero-padded - name: label value: IA-2 - name: label @@ -40166,10 +34987,6 @@ catalog: parts: - id: ia-2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users. @@ -40259,21 +35076,6 @@ catalog: - id: ia-2_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02[01] class: sp800-53a @@ -40284,21 +35086,6 @@ catalog: - id: ia-2_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02[02] class: sp800-53a @@ -40384,9 +35171,9 @@ catalog: class: SP800-53-enhancement title: Multi-factor Authentication to Privileged Accounts props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-02(01) + class: zero-padded - name: label value: IA-2(1) - name: label @@ -40407,10 +35194,6 @@ catalog: parts: - id: ia-2.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Implement multi-factor authentication for access to privileged accounts. parts: @@ -40462,13 +35245,6 @@ catalog: - id: ia-2.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02(01) class: sp800-53a @@ -40554,9 +35330,9 @@ catalog: class: SP800-53-enhancement title: Multi-factor Authentication to Non-privileged Accounts props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-02(02) + class: zero-padded - name: label value: IA-2(2) - name: label @@ -40575,10 +35351,6 @@ catalog: parts: - id: ia-2.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Implement multi-factor authentication for access to non-privileged accounts. parts: @@ -40630,13 +35402,6 @@ catalog: - id: ia-2.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02(02) class: sp800-53a @@ -40722,9 +35487,9 @@ catalog: class: SP800-53-enhancement title: Individual Authentication with Group Authentication props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-02(05) + class: zero-padded - name: label value: IA-2(5) - name: label @@ -40744,10 +35509,6 @@ catalog: parts: - id: ia-2.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: When shared accounts or authenticators are employed, require users to be individually authenticated before granting access to the shared accounts or resources. @@ -40758,13 +35519,6 @@ catalog: - id: ia-2.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02(05) class: sp800-53a @@ -40877,9 +35631,9 @@ catalog: by a device separate from the system gaining access to accounts is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-02(06) + class: zero-padded - name: label value: IA-2(6) - name: label @@ -40905,9 +35659,6 @@ catalog: - id: ia-2.6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: One of the factors is provided by a device separate from @@ -40915,9 +35666,6 @@ catalog: - id: ia-2.6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "The device meets {{ insert: param, ia-02.06_odp.03 }}." @@ -40961,17 +35709,6 @@ catalog: - id: ia-2.6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02(06)(a) class: sp800-53a @@ -40985,17 +35722,6 @@ catalog: - id: ia-2.6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02(06)(b) class: sp800-53a @@ -41095,9 +35821,9 @@ catalog: - privileged accounts - non-privileged accounts props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-02(08) + class: zero-padded - name: label value: IA-2(8) - name: label @@ -41114,10 +35840,6 @@ catalog: parts: - id: ia-2.8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement replay-resistant authentication mechanisms for\ \ access to {{ insert: param, ia-02.08_odp }}." - id: ia-2.8_gdn @@ -41130,17 +35852,6 @@ catalog: - id: ia-2.8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02(08) class: sp800-53a @@ -41231,9 +35942,9 @@ catalog: class: SP800-53-enhancement title: Acceptance of PIV Credentials props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-02(12) + class: zero-padded - name: label value: IA-2(12) - name: label @@ -41250,10 +35961,6 @@ catalog: parts: - id: ia-2.12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Accept and electronically verify Personal Identity Verification-compliant credentials. parts: @@ -41283,17 +35990,6 @@ catalog: - id: ia-2.12_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02(12) class: sp800-53a @@ -41398,6 +36094,9 @@ catalog: - remote - network props: + - name: label + value: IA-03 + class: zero-padded - name: label value: IA-3 - name: label @@ -41436,10 +36135,6 @@ catalog: parts: - id: ia-3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Uniquely identify and authenticate {{ insert: param, ia-03_odp.01\ \ }} before establishing a {{ insert: param, ia-03_odp.02 }} connection." - id: ia-3_gdn @@ -41463,17 +36158,6 @@ catalog: - id: ia-3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-03 class: sp800-53a @@ -41572,9 +36256,9 @@ catalog: guidelines: - prose: a time period for preventing reuse of identifiers is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-04 + class: zero-padded - name: label value: IA-4 - name: label @@ -41638,9 +36322,6 @@ catalog: - id: ia-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Receiving authorization from {{ insert: param, ia-04_odp.01\ @@ -41649,9 +36330,6 @@ catalog: - id: ia-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Selecting an identifier that identifies an individual, group, @@ -41659,9 +36337,6 @@ catalog: - id: ia-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Assigning the identifier to the intended individual, group, @@ -41669,9 +36344,6 @@ catalog: - id: ia-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Preventing reuse of identifiers for {{ insert: param, ia-04_odp.02\ @@ -41700,17 +36372,6 @@ catalog: - id: ia-4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-04a. class: sp800-53a @@ -41723,17 +36384,6 @@ catalog: - id: ia-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-04b. class: sp800-53a @@ -41745,17 +36395,6 @@ catalog: - id: ia-4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-04c. class: sp800-53a @@ -41767,17 +36406,6 @@ catalog: - id: ia-4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-04d. class: sp800-53a @@ -41874,6 +36502,9 @@ catalog: - prose: characteristics used to identify individual status is defined; props: + - name: label + value: IA-04(04) + class: zero-padded - name: label value: IA-4(4) - name: label @@ -41890,10 +36521,6 @@ catalog: parts: - id: ia-4.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Manage individual identifiers by uniquely identifying each\ \ individual as {{ insert: param, ia-04.04_odp }}." - id: ia-4.4_gdn @@ -41908,17 +36535,6 @@ catalog: - id: ia-4.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-04(04) class: sp800-53a @@ -41998,9 +36614,9 @@ catalog: - prose: events that trigger the change or refreshment of authenticators are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-05 + class: zero-padded - name: label value: IA-5 - name: label @@ -42075,9 +36691,6 @@ catalog: - id: ia-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Verifying, as part of the initial authenticator distribution, @@ -42086,9 +36699,6 @@ catalog: - id: ia-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Establishing initial authenticator content for any authenticators @@ -42096,9 +36706,6 @@ catalog: - id: ia-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Ensuring that authenticators have sufficient strength of @@ -42106,9 +36713,6 @@ catalog: - id: ia-5_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Establishing and implementing administrative procedures for @@ -42117,18 +36721,12 @@ catalog: - id: ia-5_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Changing default authenticators prior to first use; - id: ia-5_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Changing or refreshing authenticators {{ insert: param,\ @@ -42136,9 +36734,6 @@ catalog: - id: ia-5_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: Protecting authenticator content from unauthorized disclosure @@ -42146,9 +36741,6 @@ catalog: - id: ia-5_smt.h name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: h. prose: Requiring individuals to take, and having devices implement, @@ -42156,9 +36748,6 @@ catalog: - id: ia-5_smt.i name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: i. prose: Changing authenticators for group or role accounts when membership @@ -42228,17 +36817,6 @@ catalog: - id: ia-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05a. class: sp800-53a @@ -42252,17 +36830,6 @@ catalog: - id: ia-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05b. class: sp800-53a @@ -42275,17 +36842,6 @@ catalog: - id: ia-5_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05c. class: sp800-53a @@ -42297,17 +36853,6 @@ catalog: - id: ia-5_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05d. class: sp800-53a @@ -42321,17 +36866,6 @@ catalog: - id: ia-5_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05e. class: sp800-53a @@ -42343,17 +36877,6 @@ catalog: - id: ia-5_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05f. class: sp800-53a @@ -42366,17 +36889,6 @@ catalog: - id: ia-5_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05g. class: sp800-53a @@ -42395,17 +36907,6 @@ catalog: - id: ia-5_obj.h-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05h.[01] class: sp800-53a @@ -42417,17 +36918,6 @@ catalog: - id: ia-5_obj.h-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05h.[02] class: sp800-53a @@ -42442,17 +36932,6 @@ catalog: - id: ia-5_obj.i name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05i. class: sp800-53a @@ -42549,6 +37028,9 @@ catalog: guidelines: - prose: authenticator composition and complexity rules are defined; props: + - name: label + value: IA-05(01) + class: zero-padded - name: label value: IA-5(1) - name: label @@ -42575,9 +37057,6 @@ catalog: - id: ia-5.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Maintain a list of commonly-used, expected, or compromised\ @@ -42587,9 +37066,6 @@ catalog: - id: ia-5.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Verify, when users create or update passwords, that the @@ -42598,9 +37074,6 @@ catalog: - id: ia-5.1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: Transmit passwords only over cryptographically-protected @@ -42608,9 +37081,6 @@ catalog: - id: ia-5.1_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (d) prose: Store passwords using an approved salted key derivation @@ -42618,9 +37088,6 @@ catalog: - id: ia-5.1_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (e) prose: Require immediate selection of a new password upon account @@ -42628,9 +37095,6 @@ catalog: - id: ia-5.1_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (f) prose: Allow user selection of long passwords and passphrases, @@ -42638,9 +37102,6 @@ catalog: - id: ia-5.1_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (g) prose: Employ automated tools to assist the user in selecting @@ -42648,9 +37109,6 @@ catalog: - id: ia-5.1_smt.h name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (h) prose: "Enforce the following composition and complexity rules:\ @@ -42675,7 +37133,7 @@ catalog: - name: label value: "(h) Requirement:" prose: >- - For cases where technology doesn't allow + For cases where technology doesn’t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII @@ -42722,17 +37180,6 @@ catalog: - id: ia-5.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(a) class: sp800-53a @@ -42747,17 +37194,6 @@ catalog: - id: ia-5.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(b) class: sp800-53a @@ -42771,13 +37207,6 @@ catalog: - id: ia-5.1_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(c) class: sp800-53a @@ -42789,13 +37218,6 @@ catalog: - id: ia-5.1_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(d) class: sp800-53a @@ -42808,13 +37230,6 @@ catalog: - id: ia-5.1_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(e) class: sp800-53a @@ -42826,13 +37241,6 @@ catalog: - id: ia-5.1_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(f) class: sp800-53a @@ -42845,13 +37253,6 @@ catalog: - id: ia-5.1_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(g) class: sp800-53a @@ -42863,17 +37264,6 @@ catalog: - id: ia-5.1_obj.h name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(h) class: sp800-53a @@ -42959,6 +37349,9 @@ catalog: class: SP800-53-enhancement title: Public Key-based Authentication props: + - name: label + value: IA-05(02) + class: zero-padded - name: label value: IA-5(2) - name: label @@ -42983,9 +37376,6 @@ catalog: - id: ia-5.2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "For public key-based authentication:" @@ -43007,9 +37397,6 @@ catalog: - id: ia-5.2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "When public key infrastructure (PKI) is used:" @@ -43058,13 +37445,6 @@ catalog: - id: ia-5.2_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(02)(a)(01) class: sp800-53a @@ -43076,13 +37456,6 @@ catalog: - id: ia-5.2_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(02)(a)(02) class: sp800-53a @@ -43104,13 +37477,6 @@ catalog: - id: ia-5.2_obj.b.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(02)(b)(01) class: sp800-53a @@ -43124,13 +37490,6 @@ catalog: - id: ia-5.2_obj.b.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(02)(b)(02) class: sp800-53a @@ -43220,6 +37579,9 @@ catalog: class: SP800-53-enhancement title: Protection of Authenticators props: + - name: label + value: IA-05(06) + class: zero-padded - name: label value: IA-5(6) - name: label @@ -43238,10 +37600,6 @@ catalog: parts: - id: ia-5.6_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Protect authenticators commensurate with the security category of the information to which use of the authenticator permits access. - id: ia-5.6_gdn @@ -43255,13 +37613,6 @@ catalog: - id: ia-5.6_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(06) class: sp800-53a @@ -43341,6 +37692,9 @@ catalog: class: SP800-53-enhancement title: No Embedded Unencrypted Static Authenticators props: + - name: label + value: IA-05(07) + class: zero-padded - name: label value: IA-5(7) - name: label @@ -43357,10 +37711,6 @@ catalog: parts: - id: ia-5.7_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Ensure that unencrypted static authenticators are not embedded in applications or other forms of static storage. parts: @@ -43388,13 +37738,6 @@ catalog: - id: ia-5.7_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(07) class: sp800-53a @@ -43492,6 +37835,9 @@ catalog: due to individuals having accounts on multiple systems are defined; props: + - name: label + value: IA-05(08) + class: zero-padded - name: label value: IA-5(8) - name: label @@ -43510,10 +37856,6 @@ catalog: parts: - id: ia-5.8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement {{ insert: param, ia-05.08_odp }} to manage the\ \ risk of compromise due to individuals having accounts on multiple\ \ systems." @@ -43544,17 +37886,6 @@ catalog: - id: ia-5.8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(08) class: sp800-53a @@ -43636,6 +37967,9 @@ catalog: - prose: the time period after which the use of cached authenticators is prohibited is defined; props: + - name: label + value: IA-05(13) + class: zero-padded - name: label value: IA-5(13) - name: label @@ -43652,10 +37986,6 @@ catalog: parts: - id: ia-5.13_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Prohibit the use of cached authenticators after {{ insert:\ \ param, ia-05.13_odp }}." parts: @@ -43680,17 +38010,6 @@ catalog: - id: ia-5.13_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(13) class: sp800-53a @@ -43770,6 +38089,9 @@ catalog: class: SP800-53 title: Authentication Feedback props: + - name: label + value: IA-06 + class: zero-padded - name: label value: IA-6 - name: label @@ -43786,10 +38108,6 @@ catalog: parts: - id: ia-6_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals. @@ -43810,13 +38128,6 @@ catalog: - id: ia-6_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-06 class: sp800-53a @@ -43888,6 +38199,9 @@ catalog: class: SP800-53 title: Cryptographic Module Authentication props: + - name: label + value: IA-07 + class: zero-padded - name: label value: IA-7 - name: label @@ -43914,10 +38228,6 @@ catalog: parts: - id: ia-7_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication. @@ -43930,21 +38240,6 @@ catalog: - id: ia-7_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-07 class: sp800-53a @@ -44019,6 +38314,9 @@ catalog: class: SP800-53 title: Identification and Authentication (Non-organizational Users) props: + - name: label + value: IA-08 + class: zero-padded - name: label value: IA-8 - name: label @@ -44079,10 +38377,6 @@ catalog: parts: - id: ia-8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users. - id: ia-8_gdn @@ -44101,13 +38395,6 @@ catalog: - id: ia-8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-08 class: sp800-53a @@ -44187,6 +38474,9 @@ catalog: class: SP800-53-enhancement title: Acceptance of PIV Credentials from Other Agencies props: + - name: label + value: IA-08(01) + class: zero-padded - name: label value: IA-8(1) - name: label @@ -44205,10 +38495,6 @@ catalog: parts: - id: ia-8.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Accept and electronically verify Personal Identity Verification-compliant credentials from other federal agencies. - id: ia-8.1_gdn @@ -44222,13 +38508,6 @@ catalog: - id: ia-8.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-08(01) class: sp800-53a @@ -44345,6 +38624,9 @@ catalog: class: SP800-53-enhancement title: Acceptance of External Authenticators props: + - name: label + value: IA-08(02) + class: zero-padded - name: label value: IA-8(2) - name: label @@ -44365,9 +38647,6 @@ catalog: - id: ia-8.2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Accept only external authenticators that are NIST-compliant; @@ -44375,9 +38654,6 @@ catalog: - id: ia-8.2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Document and maintain a list of accepted external authenticators. @@ -44403,13 +38679,6 @@ catalog: - id: ia-8.2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-08(02)(a) class: sp800-53a @@ -44421,17 +38690,6 @@ catalog: - id: ia-8.2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-08(02)(b) class: sp800-53a @@ -44558,6 +38816,9 @@ catalog: guidelines: - prose: identity management profiles are defined; props: + - name: label + value: IA-08(04) + class: zero-padded - name: label value: IA-8(4) - name: label @@ -44574,10 +38835,6 @@ catalog: parts: - id: ia-8.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Conform to the following profiles for identity management\ \ {{ insert: param, ia-08.04_odp }}." - id: ia-8.4_gdn @@ -44592,21 +38849,6 @@ catalog: - id: ia-8.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-08(04) class: sp800-53a @@ -44697,6 +38939,9 @@ catalog: - prose: circumstances or situations requiring re-authentication are defined; props: + - name: label + value: IA-11 + class: zero-padded - name: label value: IA-11 - name: label @@ -44726,10 +38971,6 @@ catalog: parts: - id: ia-11_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Require users to re-authenticate when {{ insert: param, ia-11_odp\ \ }}." parts: @@ -44760,21 +39001,6 @@ catalog: - id: ia-11_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-11 class: sp800-53a @@ -44861,6 +39087,9 @@ catalog: class: SP800-53 title: Identity Proofing props: + - name: label + value: IA-12 + class: zero-padded - name: label value: IA-12 - name: label @@ -44905,9 +39134,6 @@ catalog: - id: ia-12_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Identity proof users that require accounts for logical access @@ -44916,18 +39142,12 @@ catalog: - id: ia-12_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Resolve user identities to a unique individual; and - id: ia-12_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Collect, validate, and verify identity evidence. @@ -44965,21 +39185,6 @@ catalog: - id: ia-12_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-12a. class: sp800-53a @@ -44993,17 +39198,6 @@ catalog: - id: ia-12_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-12b. class: sp800-53a @@ -45014,17 +39208,6 @@ catalog: - id: ia-12_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-12c. class: sp800-53a @@ -45135,6 +39318,9 @@ catalog: class: SP800-53-enhancement title: Identity Evidence props: + - name: label + value: IA-12(02) + class: zero-padded - name: label value: IA-12(2) - name: label @@ -45151,10 +39337,6 @@ catalog: parts: - id: ia-12.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Require evidence of individual identification be presented to the registration authority. - id: ia-12.2_gdn @@ -45169,17 +39351,6 @@ catalog: - id: ia-12.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-12(02) class: sp800-53a @@ -45257,6 +39428,9 @@ catalog: - prose: methods of validation and verification of identity evidence are defined; props: + - name: label + value: IA-12(03) + class: zero-padded - name: label value: IA-12(3) - name: label @@ -45273,10 +39447,6 @@ catalog: parts: - id: ia-12.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Require that the presented identity evidence be validated\ \ and verified through {{ insert: param, ia-12.03_odp }}." - id: ia-12.3_gdn @@ -45295,21 +39465,6 @@ catalog: - id: ia-12.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-12(03) class: sp800-53a @@ -45381,6 +39536,9 @@ catalog: class: SP800-53-enhancement title: In-person Validation and Verification props: + - name: label + value: IA-12(04) + class: zero-padded - name: label value: IA-12(4) - name: label @@ -45397,10 +39555,6 @@ catalog: parts: - id: ia-12.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Require that the validation and verification of identity evidence be conducted in person before a designated registration authority. @@ -45413,17 +39567,6 @@ catalog: - id: ia-12.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-12(04) class: sp800-53a @@ -45501,6 +39644,9 @@ catalog: - registration code - notice of proofing props: + - name: label + value: IA-12(05) + class: zero-padded - name: label value: IA-12(5) - name: label @@ -45519,10 +39665,6 @@ catalog: parts: - id: ia-12.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Require that a {{ insert: param, ia-12.05_odp }} be delivered\ \ through an out-of-band channel to verify the users address (physical\ \ or digital) of record." @@ -45553,17 +39695,6 @@ catalog: - id: ia-12.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-12(05) class: sp800-53a @@ -45691,6 +39822,9 @@ catalog: - prose: events that would require the incident response procedures to be reviewed and updated are defined; props: + - name: label + value: IR-01 + class: zero-padded - name: label value: IR-1 - name: label @@ -45734,11 +39868,6 @@ catalog: - id: ir-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -45778,9 +39907,6 @@ catalog: - id: ir-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ir-01_odp.04 }} to manage\ @@ -45789,11 +39915,6 @@ catalog: - id: ir-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current incident response:" @@ -45853,17 +39974,6 @@ catalog: - id: ir-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-01a.[01] class: sp800-53a @@ -45874,17 +39984,6 @@ catalog: - id: ir-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-01a.[02] class: sp800-53a @@ -45896,13 +39995,6 @@ catalog: - id: ir-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-01a.[03] class: sp800-53a @@ -45915,13 +40007,6 @@ catalog: - id: ir-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-01a.[04] class: sp800-53a @@ -45940,13 +40025,6 @@ catalog: - id: ir-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-01a.01(a) class: sp800-53a @@ -46035,13 +40113,6 @@ catalog: - id: ir-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-01a.01(b) class: sp800-53a @@ -46061,17 +40132,6 @@ catalog: - id: ir-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-01b. class: sp800-53a @@ -46091,17 +40151,6 @@ catalog: - id: ir-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-01c.01 class: sp800-53a @@ -46135,17 +40184,6 @@ catalog: - id: ir-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-01c.02 class: sp800-53a @@ -46252,6 +40290,9 @@ catalog: - prose: events that initiate a review of the incident response training content are defined; props: + - name: label + value: IR-02 + class: zero-padded - name: label value: IR-2 - name: label @@ -46293,9 +40334,6 @@ catalog: - id: ir-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Provide incident response training to system users consistent\ @@ -46324,9 +40362,6 @@ catalog: - id: ir-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update incident response training content {{\ @@ -46367,17 +40402,6 @@ catalog: - id: ir-2_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-02a.01 class: sp800-53a @@ -46391,17 +40415,6 @@ catalog: - id: ir-2_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-02a.02 class: sp800-53a @@ -46414,17 +40427,6 @@ catalog: - id: ir-2_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-02a.03 class: sp800-53a @@ -46447,17 +40449,6 @@ catalog: - id: ir-2_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-02b.[01] class: sp800-53a @@ -46469,17 +40460,6 @@ catalog: - id: ir-2_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-02b.[02] class: sp800-53a @@ -46548,6 +40528,9 @@ catalog: class: SP800-53-enhancement title: Simulated Events props: + - name: label + value: IR-02(01) + class: zero-padded - name: label value: IR-2(1) - name: label @@ -46567,10 +40550,6 @@ catalog: parts: - id: ir-2.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Incorporate simulated events into incident response training to facilitate the required response by personnel in crisis situations. - id: ir-2.1_gdn @@ -46583,17 +40562,6 @@ catalog: - id: ir-2.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-02(01) class: sp800-53a @@ -46671,6 +40639,9 @@ catalog: - prose: automated mechanisms used in an incident response training environment are defined; props: + - name: label + value: IR-02(02) + class: zero-padded - name: label value: IR-2(2) - name: label @@ -46690,10 +40661,6 @@ catalog: parts: - id: ir-2.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Provide an incident response training environment using\ \ {{ insert: param, ir-02.02_odp }}." - id: ir-2.2_gdn @@ -46706,13 +40673,6 @@ catalog: - id: ir-2.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-02(02) class: sp800-53a @@ -46807,9 +40767,9 @@ catalog: - prose: tests used to test the effectiveness of the incident response capability for the system are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IR-03 + class: zero-padded - name: label value: IR-3 - name: label @@ -46845,10 +40805,6 @@ catalog: parts: - id: ir-3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Test the effectiveness of the incident response capability for\ \ the system {{ insert: param, ir-03_odp.01 }} using the following\ \ tests: {{ insert: param, ir-03_odp.02 }}." @@ -46882,17 +40838,6 @@ catalog: - id: ir-3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-03 class: sp800-53a @@ -46960,6 +40905,9 @@ catalog: class: SP800-53-enhancement title: Coordination with Related Plans props: + - name: label + value: IR-03(02) + class: zero-padded - name: label value: IR-3(2) - name: label @@ -46979,10 +40927,6 @@ catalog: parts: - id: ir-3.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Coordinate incident response testing with organizational elements responsible for related plans. - id: ir-3.2_gdn @@ -46994,17 +40938,6 @@ catalog: - id: ir-3.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-03(02) class: sp800-53a @@ -47080,9 +41013,9 @@ catalog: class: SP800-53 title: Incident Handling props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IR-04 + class: zero-padded - name: label value: IR-4 - name: label @@ -47163,9 +41096,6 @@ catalog: - id: ir-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Implement an incident handling capability for incidents that @@ -47174,9 +41104,6 @@ catalog: - id: ir-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Coordinate incident handling activities with contingency @@ -47184,9 +41111,6 @@ catalog: - id: ir-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Incorporate lessons learned from ongoing incident handling @@ -47195,9 +41119,6 @@ catalog: - id: ir-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Ensure the rigor, intensity, scope, and results of incident @@ -47269,17 +41190,6 @@ catalog: - id: ir-4_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04a.[01] class: sp800-53a @@ -47291,17 +41201,6 @@ catalog: - id: ir-4_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04a.[02] class: sp800-53a @@ -47360,17 +41259,6 @@ catalog: - id: ir-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04b. class: sp800-53a @@ -47389,17 +41277,6 @@ catalog: - id: ir-4_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04c.[01] class: sp800-53a @@ -47412,17 +41289,6 @@ catalog: - id: ir-4_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04c.[02] class: sp800-53a @@ -47437,17 +41303,6 @@ catalog: - id: ir-4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04d. class: sp800-53a @@ -47573,9 +41428,9 @@ catalog: - prose: automated mechanisms used to support the incident handling process are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IR-04(01) + class: zero-padded - name: label value: IR-4(1) - name: label @@ -47592,10 +41447,6 @@ catalog: parts: - id: ir-4.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Support the incident handling process using {{ insert: param,\ \ ir-04.01_odp }}." - id: ir-4.1_gdn @@ -47607,17 +41458,6 @@ catalog: - id: ir-4.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04(01) class: sp800-53a @@ -47710,9 +41550,9 @@ catalog: - prose: system components that require dynamic reconfiguration are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IR-04(02) + class: zero-padded - name: label value: IR-4(2) - name: label @@ -47735,10 +41575,6 @@ catalog: parts: - id: ir-4.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Include the following types of dynamic reconfiguration for\ \ {{ insert: param, ir-04.02_odp.02 }} as part of the incident\ \ response capability: {{ insert: param, ir-04.02_odp.01 }}." @@ -47757,17 +41593,6 @@ catalog: - id: ir-4.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04(02) class: sp800-53a @@ -47852,9 +41677,9 @@ catalog: class: SP800-53-enhancement title: Information Correlation props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IR-04(04) + class: zero-padded - name: label value: IR-4(4) - name: label @@ -47871,10 +41696,6 @@ catalog: parts: - id: ir-4.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Correlate incident information and individual incident responses to achieve an organization-wide perspective on incident awareness and response. @@ -47887,17 +41708,6 @@ catalog: - id: ir-4.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04(04) class: sp800-53a @@ -48012,9 +41822,9 @@ catalog: class: SP800-53-enhancement title: Insider Threats props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IR-04(06) + class: zero-padded - name: label value: IR-4(6) - name: label @@ -48031,10 +41841,6 @@ catalog: parts: - id: ir-4.6_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Implement an incident handling capability for incidents involving insider threats. - id: ir-4.6_gdn @@ -48046,17 +41852,6 @@ catalog: - id: ir-4.6_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-04(06) class: sp800-53a @@ -48141,6 +41936,9 @@ catalog: - prose: the time period within which an integrated incident response team can be deployed is defined; props: + - name: label + value: IR-04(11) + class: zero-padded - name: label value: IR-4(11) - name: label @@ -48159,10 +41957,6 @@ catalog: parts: - id: ir-4.11_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Establish and maintain an integrated incident response team\ \ that can be deployed to any location identified by the organization\ \ in {{ insert: param, ir-04.11_odp }}." @@ -48209,17 +42003,6 @@ catalog: - id: ir-4.11_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-04(11)[01] class: sp800-53a @@ -48231,17 +42014,6 @@ catalog: - id: ir-4.11_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-04(11)[02] class: sp800-53a @@ -48304,6 +42076,9 @@ catalog: class: SP800-53 title: Incident Monitoring props: + - name: label + value: IR-05 + class: zero-padded - name: label value: IR-5 - name: label @@ -48347,10 +42122,6 @@ catalog: parts: - id: ir-5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Track and document incidents. - id: ir-5_gdn name: guidance @@ -48366,17 +42137,6 @@ catalog: - id: ir-5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-05 class: sp800-53a @@ -48486,6 +42246,9 @@ catalog: - prose: automated mechanisms used to analyze incident information are defined; props: + - name: label + value: IR-05(01) + class: zero-padded - name: label value: IR-5(1) - name: label @@ -48505,10 +42268,6 @@ catalog: parts: - id: ir-5.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Track incidents and collect and analyze incident information\ \ using {{ insert: param, ir-5.1_prm_1 }}." - id: ir-5.1_gdn @@ -48520,21 +42279,6 @@ catalog: - id: ir-5.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-05(01) class: sp800-53a @@ -48650,6 +42394,9 @@ catalog: - prose: authorities to whom incident information is to be reported are defined; props: + - name: label + value: IR-06 + class: zero-padded - name: label value: IR-6 - name: label @@ -48688,9 +42435,6 @@ catalog: - id: ir-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Require personnel to report suspected incidents to the organizational\ @@ -48699,9 +42443,6 @@ catalog: - id: ir-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Report incident information to {{ insert: param, ir-06_odp.02\ @@ -48735,17 +42476,6 @@ catalog: - id: ir-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-06a. class: sp800-53a @@ -48758,17 +42488,6 @@ catalog: - id: ir-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-06b. class: sp800-53a @@ -48859,6 +42578,9 @@ catalog: - prose: automated mechanisms used for reporting incidents are defined; props: + - name: label + value: IR-06(01) + class: zero-padded - name: label value: IR-6(1) - name: label @@ -48877,10 +42599,6 @@ catalog: parts: - id: ir-6.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Report incidents using {{ insert: param, ir-06.01_odp }}." - id: ir-6.1_gdn name: guidance @@ -48891,21 +42609,6 @@ catalog: - id: ir-6.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-06(01) class: sp800-53a @@ -48986,6 +42689,9 @@ catalog: class: SP800-53-enhancement title: Supply Chain Coordination props: + - name: label + value: IR-06(03) + class: zero-padded - name: label value: IR-6(3) - name: label @@ -49004,10 +42710,6 @@ catalog: parts: - id: ir-6.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Provide incident information to the provider of the product or service and other organizations involved in the supply chain or supply chain governance for systems or system components related @@ -49029,17 +42731,6 @@ catalog: - id: ir-6.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-06(03) class: sp800-53a @@ -49141,6 +42832,9 @@ catalog: class: SP800-53 title: Incident Response Assistance props: + - name: label + value: IR-07 + class: zero-padded - name: label value: IR-7 - name: label @@ -49177,10 +42871,6 @@ catalog: parts: - id: ir-7_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Provide an incident response support resource, integral to the organizational incident response capability, that offers advice and assistance to users of the system for the handling and reporting of @@ -49201,17 +42891,6 @@ catalog: - id: ir-7_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-07[01] class: sp800-53a @@ -49223,17 +42902,6 @@ catalog: - id: ir-7_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-07[02] class: sp800-53a @@ -49318,6 +42986,9 @@ catalog: - prose: automated mechanisms used to increase the availability of incident response information and support are defined; props: + - name: label + value: IR-07(01) + class: zero-padded - name: label value: IR-7(1) - name: label @@ -49334,10 +43005,6 @@ catalog: parts: - id: ir-7.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Increase the availability of incident response information\ \ and support using {{ insert: param, ir-07.01_odp }}." - id: ir-7.1_gdn @@ -49352,21 +43019,6 @@ catalog: - id: ir-7.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-07(01) class: sp800-53a @@ -49500,6 +43152,9 @@ catalog: - prose: organizational elements to which changes to the incident response plan are communicated are defined; props: + - name: label + value: IR-08 + class: zero-padded - name: label value: IR-8 - name: label @@ -49546,9 +43201,6 @@ catalog: - id: ir-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Develop an incident response plan that:" @@ -49624,9 +43276,6 @@ catalog: - id: ir-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Distribute copies of the incident response plan to {{ insert:\ @@ -49634,9 +43283,6 @@ catalog: - id: ir-8_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Update the incident response plan to address system and organizational @@ -49645,9 +43291,6 @@ catalog: - id: ir-8_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Communicate incident response plan changes to {{ insert:\ @@ -49655,9 +43298,6 @@ catalog: - id: ir-8_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Protect the incident response plan from unauthorized disclosure @@ -49713,13 +43353,6 @@ catalog: - id: ir-8_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.01 class: sp800-53a @@ -49732,13 +43365,6 @@ catalog: - id: ir-8_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.02 class: sp800-53a @@ -49750,13 +43376,6 @@ catalog: - id: ir-8_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.03 class: sp800-53a @@ -49769,13 +43388,6 @@ catalog: - id: ir-8_obj.a.4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.04 class: sp800-53a @@ -49788,13 +43400,6 @@ catalog: - id: ir-8_obj.a.5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.05 class: sp800-53a @@ -49806,13 +43411,6 @@ catalog: - id: ir-8_obj.a.6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.06 class: sp800-53a @@ -49825,13 +43423,6 @@ catalog: - id: ir-8_obj.a.7 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.07 class: sp800-53a @@ -49844,13 +43435,6 @@ catalog: - id: ir-8_obj.a.8 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.08 class: sp800-53a @@ -49862,13 +43446,6 @@ catalog: - id: ir-8_obj.a.9 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.09 class: sp800-53a @@ -49881,13 +43458,6 @@ catalog: - id: ir-8_obj.a.10 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.10 class: sp800-53a @@ -49903,13 +43473,6 @@ catalog: - id: ir-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-08b. class: sp800-53a @@ -49942,17 +43505,6 @@ catalog: - id: ir-8_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-08c. class: sp800-53a @@ -49965,17 +43517,6 @@ catalog: - id: ir-8_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-08d. class: sp800-53a @@ -50008,13 +43549,6 @@ catalog: - id: ir-8_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-08e. class: sp800-53a @@ -50123,6 +43657,9 @@ catalog: guidelines: - prose: actions to be performed are defined; props: + - name: label + value: IR-09 + class: zero-padded - name: label value: IR-9 - name: label @@ -50158,9 +43695,6 @@ catalog: - id: ir-9_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Assigning {{ insert: param, ir-09_odp.01 }} with responsibility\ @@ -50168,9 +43702,6 @@ catalog: - id: ir-9_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Identifying the specific information involved in the system @@ -50178,9 +43709,6 @@ catalog: - id: ir-9_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Alerting {{ insert: param, ir-09_odp.02 }} of the information\ @@ -50189,18 +43717,12 @@ catalog: - id: ir-9_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Isolating the contaminated system or system component; - id: ir-9_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Eradicating the information from the contaminated system @@ -50208,9 +43730,6 @@ catalog: - id: ir-9_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: Identifying other systems or system components that may have @@ -50218,9 +43737,6 @@ catalog: - id: ir-9_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: "Performing the following additional actions: {{ insert:\ @@ -50251,17 +43767,6 @@ catalog: - id: ir-9_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-09a. class: sp800-53a @@ -50273,17 +43778,6 @@ catalog: - id: ir-9_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-09b. class: sp800-53a @@ -50295,17 +43789,6 @@ catalog: - id: ir-9_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-09c. class: sp800-53a @@ -50318,17 +43801,6 @@ catalog: - id: ir-9_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-09d. class: sp800-53a @@ -50340,17 +43812,6 @@ catalog: - id: ir-9_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-09e. class: sp800-53a @@ -50362,17 +43823,6 @@ catalog: - id: ir-9_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-09f. class: sp800-53a @@ -50384,17 +43834,6 @@ catalog: - id: ir-9_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-09g. class: sp800-53a @@ -50487,6 +43926,9 @@ catalog: - prose: frequency at which to provide information spillage response training is defined; props: + - name: label + value: IR-09(02) + class: zero-padded - name: label value: IR-9(2) - name: label @@ -50511,10 +43953,6 @@ catalog: parts: - id: ir-9.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Provide information spillage response training {{ insert:\ \ param, ir-09.02_odp }}." - id: ir-9.2_gdn @@ -50527,13 +43965,6 @@ catalog: - id: ir-9.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-09(02) class: sp800-53a @@ -50605,6 +44036,9 @@ catalog: out assigned tasks while contaminated systems are undergoing corrective actions are defined; props: + - name: label + value: IR-09(03) + class: zero-padded - name: label value: IR-9(3) - name: label @@ -50621,10 +44055,6 @@ catalog: parts: - id: ir-9.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement the following procedures to ensure that organizational\ \ personnel impacted by information spills can continue to carry\ \ out assigned tasks while contaminated systems are undergoing\ @@ -50639,13 +44069,6 @@ catalog: - id: ir-9.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-09(03) class: sp800-53a @@ -50718,6 +44141,9 @@ catalog: - prose: controls employed for personnel exposed to information not within assigned access authorizations are defined; props: + - name: label + value: IR-09(04) + class: zero-padded - name: label value: IR-9(4) - name: label @@ -50734,10 +44160,6 @@ catalog: parts: - id: ir-9.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Employ the following controls for personnel exposed to information\ \ not within assigned access authorizations: {{ insert: param,\ \ ir-09.04_odp }}." @@ -50751,13 +44173,6 @@ catalog: - id: ir-9.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-09(04) class: sp800-53a @@ -50892,6 +44307,9 @@ catalog: - prose: events that would require the maintenance procedures to be reviewed and updated are defined; props: + - name: label + value: MA-01 + class: zero-padded - name: label value: MA-1 - name: label @@ -50929,11 +44347,6 @@ catalog: - id: ma-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -50973,9 +44386,6 @@ catalog: - id: ma-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ma-01_odp.04 }} to manage\ @@ -50984,11 +44394,6 @@ catalog: - id: ma-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current maintenance:" @@ -51048,17 +44453,6 @@ catalog: - id: ma-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-01a.[01] class: sp800-53a @@ -51069,17 +44463,6 @@ catalog: - id: ma-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-01a.[02] class: sp800-53a @@ -51091,13 +44474,6 @@ catalog: - id: ma-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MA-01a.[03] class: sp800-53a @@ -51110,13 +44486,6 @@ catalog: - id: ma-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MA-01a.[04] class: sp800-53a @@ -51135,13 +44504,6 @@ catalog: - id: ma-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MA-01a.01(a) class: sp800-53a @@ -51230,13 +44592,6 @@ catalog: - id: ma-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MA-01a.01(b) class: sp800-53a @@ -51256,17 +44611,6 @@ catalog: - id: ma-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-01b. class: sp800-53a @@ -51286,17 +44630,6 @@ catalog: - id: ma-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-01c.01 class: sp800-53a @@ -51329,17 +44662,6 @@ catalog: - id: ma-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-01c.02 class: sp800-53a @@ -51436,6 +44758,9 @@ catalog: - prose: information to be included in organizational maintenance records is defined; props: + - name: label + value: MA-02 + class: zero-padded - name: label value: MA-2 - name: label @@ -51482,9 +44807,6 @@ catalog: - id: ma-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Schedule, document, and review records of maintenance, repair, @@ -51493,9 +44815,6 @@ catalog: - id: ma-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Approve and monitor all maintenance activities, whether performed @@ -51504,9 +44823,6 @@ catalog: - id: ma-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Require that {{ insert: param, ma-02_odp.01 }} explicitly\ @@ -51516,9 +44832,6 @@ catalog: - id: ma-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Sanitize equipment to remove the following information from\ @@ -51528,9 +44841,6 @@ catalog: - id: ma-2_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Check all potentially impacted controls to verify that the @@ -51539,9 +44849,6 @@ catalog: - id: ma-2_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Include the following information in organizational maintenance\ @@ -51568,21 +44875,6 @@ catalog: - id: ma-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-02a. class: sp800-53a @@ -51629,17 +44921,6 @@ catalog: - id: ma-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-02b. class: sp800-53a @@ -51674,17 +44955,6 @@ catalog: - id: ma-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-02c. class: sp800-53a @@ -51698,17 +44968,6 @@ catalog: - id: ma-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-02d. class: sp800-53a @@ -51721,13 +44980,6 @@ catalog: - id: ma-2_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-02e. class: sp800-53a @@ -51740,13 +44992,6 @@ catalog: - id: ma-2_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-02f. class: sp800-53a @@ -51855,6 +45100,9 @@ catalog: - prose: automated mechanisms used to document maintenance, repair, and replacement actions for the system are defined; props: + - name: label + value: MA-02(02) + class: zero-padded - name: label value: MA-2(2) - name: label @@ -51877,9 +45125,6 @@ catalog: - id: ma-2.2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Schedule, conduct, and document maintenance, repair,\ @@ -51888,9 +45133,6 @@ catalog: - id: ma-2.2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Produce up-to date, accurate, and complete records of @@ -51911,17 +45153,6 @@ catalog: - id: ma-2.2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-02(02)(a) class: sp800-53a @@ -51968,17 +45199,6 @@ catalog: - id: ma-2.2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-02(02)(b) class: sp800-53a @@ -52106,6 +45326,9 @@ catalog: - prose: frequency at which to review previously approved system maintenance tools is defined; props: + - name: label + value: MA-03 + class: zero-padded - name: label value: MA-3 - name: label @@ -52130,9 +45353,6 @@ catalog: - id: ma-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Approve, control, and monitor the use of system maintenance @@ -52140,9 +45360,6 @@ catalog: - id: ma-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review previously approved system maintenance tools {{ insert:\ @@ -52178,21 +45395,6 @@ catalog: - id: ma-3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-03a. class: sp800-53a @@ -52233,21 +45435,6 @@ catalog: - id: ma-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-03b. class: sp800-53a @@ -52322,6 +45509,9 @@ catalog: class: SP800-53-enhancement title: Inspect Tools props: + - name: label + value: MA-03(01) + class: zero-padded - name: label value: MA-3(1) - name: label @@ -52340,10 +45530,6 @@ catalog: parts: - id: ma-3.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Inspect the maintenance tools used by maintenance personnel for improper or unauthorized modifications. - id: ma-3.1_gdn @@ -52357,21 +45543,6 @@ catalog: - id: ma-3.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-03(01) class: sp800-53a @@ -52444,9 +45615,9 @@ catalog: class: SP800-53-enhancement title: Inspect Media props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: MA-03(02) + class: zero-padded - name: label value: MA-3(2) - name: label @@ -52465,10 +45636,6 @@ catalog: parts: - id: ma-3.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Check media containing diagnostic and test programs for malicious code before the media are used in the system. - id: ma-3.2_gdn @@ -52480,21 +45647,6 @@ catalog: - id: ma-3.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-03(02) class: sp800-53a @@ -52573,6 +45725,9 @@ catalog: - prose: personnel or roles who can authorize removal of equipment from the facility is/are defined; props: + - name: label + value: MA-03(03) + class: zero-padded - name: label value: MA-3(3) - name: label @@ -52597,9 +45752,6 @@ catalog: - id: ma-3.3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Verifying that there is no organizational information @@ -52607,27 +45759,18 @@ catalog: - id: ma-3.3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Sanitizing or destroying the equipment; - id: ma-3.3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: Retaining the equipment within the facility; or - id: ma-3.3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (d) prose: "Obtaining an exemption from {{ insert: param, ma-03.03_odp\ @@ -52641,21 +45784,6 @@ catalog: - id: ma-3.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-03(03) class: sp800-53a @@ -52786,6 +45914,9 @@ catalog: class: SP800-53 title: Nonlocal Maintenance props: + - name: label + value: MA-04 + class: zero-padded - name: label value: MA-4 - name: label @@ -52844,18 +45975,12 @@ catalog: - id: ma-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Approve and monitor nonlocal maintenance and diagnostic activities; - id: ma-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Allow the use of nonlocal maintenance and diagnostic tools @@ -52864,9 +45989,6 @@ catalog: - id: ma-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Employ strong authentication in the establishment of nonlocal @@ -52874,9 +45996,6 @@ catalog: - id: ma-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Maintain records for nonlocal maintenance and diagnostic @@ -52884,9 +46003,6 @@ catalog: - id: ma-4_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Terminate session and network connections when nonlocal maintenance @@ -52916,17 +46032,6 @@ catalog: - id: ma-4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-04a. class: sp800-53a @@ -52964,17 +46069,6 @@ catalog: - id: ma-4_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-04b.[01] class: sp800-53a @@ -52986,13 +46080,6 @@ catalog: - id: ma-4_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MA-04b.[02] class: sp800-53a @@ -53007,21 +46094,6 @@ catalog: - id: ma-4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-04c. class: sp800-53a @@ -53033,13 +46105,6 @@ catalog: - id: ma-4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-04d. class: sp800-53a @@ -53051,13 +46116,6 @@ catalog: - id: ma-4_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-04e. class: sp800-53a @@ -53173,6 +46231,9 @@ catalog: class: SP800-53-enhancement title: Comparable Security and Sanitization props: + - name: label + value: MA-04(03) + class: zero-padded - name: label value: MA-4(3) - name: label @@ -53199,9 +46260,6 @@ catalog: - id: ma-4.3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Require that nonlocal maintenance and diagnostic services @@ -53211,9 +46269,6 @@ catalog: - id: ma-4.3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Remove the component to be serviced from the system prior @@ -53239,17 +46294,6 @@ catalog: - id: ma-4.3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-04(03)(a) class: sp800-53a @@ -53293,13 +46337,6 @@ catalog: - id: ma-4.3_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-04(03)(b)[01] class: sp800-53a @@ -53311,13 +46348,6 @@ catalog: - id: ma-4.3_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-04(03)(b)[02] class: sp800-53a @@ -53329,13 +46359,6 @@ catalog: - id: ma-4.3_obj.b-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-04(03)(b)[03] class: sp800-53a @@ -53443,6 +46466,9 @@ catalog: class: SP800-53 title: Maintenance Personnel props: + - name: label + value: MA-05 + class: zero-padded - name: label value: MA-5 - name: label @@ -53485,9 +46511,6 @@ catalog: - id: ma-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish a process for maintenance personnel authorization @@ -53496,9 +46519,6 @@ catalog: - id: ma-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Verify that non-escorted personnel performing maintenance @@ -53506,9 +46526,6 @@ catalog: - id: ma-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Designate organizational personnel with required access authorizations @@ -53540,13 +46557,6 @@ catalog: - id: ma-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MA-05a. class: sp800-53a @@ -53579,21 +46589,6 @@ catalog: - id: ma-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-05b. class: sp800-53a @@ -53605,21 +46600,6 @@ catalog: - id: ma-5_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-05c. class: sp800-53a @@ -53709,6 +46689,9 @@ catalog: the event that a system component cannot be sanitized, removed, or disconnected from the system are defined; props: + - name: label + value: MA-05(01) + class: zero-padded - name: label value: MA-5(1) - name: label @@ -53733,9 +46716,6 @@ catalog: - id: ma-5.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Implement procedures for the use of maintenance personnel\ @@ -53768,9 +46748,6 @@ catalog: - id: ma-5.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Develop and implement {{ insert: param, ma-05.01_odp\ @@ -53801,17 +46778,6 @@ catalog: - id: ma-5.1_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-05(01)(a)(01) class: sp800-53a @@ -53828,17 +46794,6 @@ catalog: - id: ma-5.1_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-05(01)(a)(02) class: sp800-53a @@ -53858,21 +46813,6 @@ catalog: - id: ma-5.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-05(01)(b) class: sp800-53a @@ -53990,6 +46930,9 @@ catalog: - prose: time period within which maintenance support and/or spare parts are to be obtained after a failure are defined; props: + - name: label + value: MA-06 + class: zero-padded - name: label value: MA-6 - name: label @@ -54022,10 +46965,6 @@ catalog: parts: - id: ma-6_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Obtain maintenance support and/or spare parts for {{ insert:\ \ param, ma-06_odp.01 }} within {{ insert: param, ma-06_odp.02 }}\ \ of failure." @@ -54039,21 +46978,6 @@ catalog: - id: ma-6_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-06 class: sp800-53a @@ -54182,6 +47106,9 @@ catalog: - prose: events that would require media protection procedures to be reviewed and updated are defined; props: + - name: label + value: MP-01 + class: zero-padded - name: label value: MP-1 - name: label @@ -54219,11 +47146,6 @@ catalog: - id: mp-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -54263,9 +47185,6 @@ catalog: - id: mp-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, mp-01_odp.04 }} to manage\ @@ -54274,11 +47193,6 @@ catalog: - id: mp-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current media protection:" @@ -54338,17 +47252,6 @@ catalog: - id: mp-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MP-01a.[01] class: sp800-53a @@ -54359,17 +47262,6 @@ catalog: - id: mp-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MP-01a.[02] class: sp800-53a @@ -54381,13 +47273,6 @@ catalog: - id: mp-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MP-01a.[03] class: sp800-53a @@ -54400,13 +47285,6 @@ catalog: - id: mp-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MP-01a.[04] class: sp800-53a @@ -54425,13 +47303,6 @@ catalog: - id: mp-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MP-01a.01(a) class: sp800-53a @@ -54520,13 +47391,6 @@ catalog: - id: mp-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MP-01a.01(b) class: sp800-53a @@ -54545,17 +47409,6 @@ catalog: - id: mp-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MP-01b. class: sp800-53a @@ -54575,17 +47428,6 @@ catalog: - id: mp-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MP-01c.01 class: sp800-53a @@ -54619,17 +47461,6 @@ catalog: - id: mp-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MP-01c.02 class: sp800-53a @@ -54737,6 +47568,9 @@ catalog: - prose: personnel or roles authorized to access non-digital media is/are defined; props: + - name: label + value: MP-02 + class: zero-padded - name: label value: MP-2 - name: label @@ -54785,10 +47619,6 @@ catalog: parts: - id: mp-2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Restrict access to {{ insert: param, mp-2_prm_1 }} to {{ insert:\ \ param, mp-2_prm_2 }}." - id: mp-2_gdn @@ -54814,21 +47644,6 @@ catalog: - id: mp-2_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-02[01] class: sp800-53a @@ -54840,21 +47655,6 @@ catalog: - id: mp-2_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-02[02] class: sp800-53a @@ -54947,6 +47747,9 @@ catalog: guidelines: - prose: controlled areas where media is exempt from marking are defined; props: + - name: label + value: MP-03 + class: zero-padded - name: label value: MP-3 - name: label @@ -54981,9 +47784,6 @@ catalog: - id: mp-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Mark system media indicating the distribution limitations, @@ -54992,9 +47792,6 @@ catalog: - id: mp-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Exempt {{ insert: param, mp-03_odp.01 }} from marking if\ @@ -55035,13 +47832,6 @@ catalog: - id: mp-3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-03a. class: sp800-53a @@ -55054,13 +47844,6 @@ catalog: - id: mp-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-03b. class: sp800-53a @@ -55173,6 +47956,9 @@ catalog: - prose: controlled areas within which to securely store non-digital media are defined; props: + - name: label + value: MP-04 + class: zero-padded - name: label value: MP-4 - name: label @@ -55235,9 +48021,6 @@ catalog: - id: mp-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Physically control and securely store {{ insert: param,\ @@ -55245,9 +48028,6 @@ catalog: - id: mp-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Protect system media types defined in MP-4a until the media @@ -55300,21 +48080,6 @@ catalog: - id: mp-4_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-04a.[01] class: sp800-53a @@ -55325,21 +48090,6 @@ catalog: - id: mp-4_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-04a.[02] class: sp800-53a @@ -55350,21 +48100,6 @@ catalog: - id: mp-4_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-04a.[03] class: sp800-53a @@ -55376,21 +48111,6 @@ catalog: - id: mp-4_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-04a.[04] class: sp800-53a @@ -55405,21 +48125,6 @@ catalog: - id: mp-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-04b. class: sp800-53a @@ -55523,6 +48228,9 @@ catalog: - prose: controls used to control system media outside of controlled areas are defined; props: + - name: label + value: MP-05 + class: zero-padded - name: label value: MP-5 - name: label @@ -55571,9 +48279,6 @@ catalog: - id: mp-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Protect and control {{ insert: param, mp-05_odp.01 }} during\ @@ -55582,9 +48287,6 @@ catalog: - id: mp-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Maintain accountability for system media during transport @@ -55592,9 +48294,6 @@ catalog: - id: mp-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Document activities associated with the transport of system @@ -55602,9 +48301,6 @@ catalog: - id: mp-5_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Restrict the activities associated with the transport of @@ -55656,21 +48352,6 @@ catalog: - id: mp-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-05a. class: sp800-53a @@ -55705,21 +48386,6 @@ catalog: - id: mp-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-05b. class: sp800-53a @@ -55731,13 +48397,6 @@ catalog: - id: mp-5_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MP-05c. class: sp800-53a @@ -55756,17 +48415,6 @@ catalog: - id: mp-5_obj.d-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MP-05d.[01] class: sp800-53a @@ -55778,13 +48426,6 @@ catalog: - id: mp-5_obj.d-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-05d.[02] class: sp800-53a @@ -55906,6 +48547,9 @@ catalog: - prose: sanitization techniques and procedures to be used for sanitization prior to release for reuse are defined; props: + - name: label + value: MP-06 + class: zero-padded - name: label value: MP-6 - name: label @@ -55968,9 +48612,6 @@ catalog: - id: mp-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Sanitize {{ insert: param, mp-6_prm_1 }} prior to disposal,\ @@ -55979,9 +48620,6 @@ catalog: - id: mp-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Employ sanitization mechanisms with the strength and integrity @@ -56024,21 +48662,6 @@ catalog: - id: mp-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-06a. class: sp800-53a @@ -56083,21 +48706,6 @@ catalog: - id: mp-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-06b. class: sp800-53a @@ -56202,6 +48810,9 @@ catalog: class: SP800-53-enhancement title: Review, Approve, Track, Document, and Verify props: + - name: label + value: MP-06(01) + class: zero-padded - name: label value: MP-6(1) - name: label @@ -56218,10 +48829,6 @@ catalog: parts: - id: mp-6.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Review, approve, track, document, and verify media sanitization and disposal actions. parts: @@ -56250,13 +48857,6 @@ catalog: - id: mp-6.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-06(01) class: sp800-53a @@ -56427,6 +49027,9 @@ catalog: - prose: frequency with which to test sanitization procedures is defined; props: + - name: label + value: MP-06(02) + class: zero-padded - name: label value: MP-6(2) - name: label @@ -56443,10 +49046,6 @@ catalog: parts: - id: mp-6.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Test sanitization equipment and procedures {{ insert: param,\ \ mp-6.2_prm_1 }} to ensure that the intended sanitization is\ \ being achieved." @@ -56470,13 +49069,6 @@ catalog: - id: mp-6.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-06(02) class: sp800-53a @@ -56603,6 +49195,9 @@ catalog: - prose: circumstances requiring sanitization of portable storage devices are defined; props: + - name: label + value: MP-06(03) + class: zero-padded - name: label value: MP-6(3) - name: label @@ -56619,10 +49214,6 @@ catalog: parts: - id: mp-6.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Apply nondestructive sanitization techniques to portable\ \ storage devices prior to connecting such devices to the system\ \ under the following circumstances: {{ insert: param, mp-06.03_odp\ @@ -56656,17 +49247,6 @@ catalog: - id: mp-6.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-06(03) class: sp800-53a @@ -56770,6 +49350,9 @@ catalog: - prose: controls to restrict or prohibit the use of specific types of system media on systems or system components are defined; props: + - name: label + value: MP-07 + class: zero-padded - name: label value: MP-7 - name: label @@ -56804,9 +49387,6 @@ catalog: - id: mp-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: " {{ insert: param, mp-07_odp.02 }} the use of {{ insert:\ @@ -56815,9 +49395,6 @@ catalog: - id: mp-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Prohibit the use of portable storage devices in organizational @@ -56857,21 +49434,6 @@ catalog: - id: mp-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-07a. class: sp800-53a @@ -56884,21 +49446,6 @@ catalog: - id: mp-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-07b. class: sp800-53a @@ -57035,6 +49582,9 @@ catalog: - prose: events that would require the physical and environmental protection procedures to be reviewed and updated are defined; props: + - name: label + value: PE-01 + class: zero-padded - name: label value: PE-1 - name: label @@ -57072,11 +49622,6 @@ catalog: - id: pe-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -57117,9 +49662,6 @@ catalog: - id: pe-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, pe-01_odp.04 }} to manage\ @@ -57128,11 +49670,6 @@ catalog: - id: pe-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current physical and environmental\ @@ -57194,17 +49731,6 @@ catalog: - id: pe-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-01a.[01] class: sp800-53a @@ -57216,17 +49742,6 @@ catalog: - id: pe-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-01a.[02] class: sp800-53a @@ -57238,13 +49753,6 @@ catalog: - id: pe-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PE-01a.[03] class: sp800-53a @@ -57258,13 +49766,6 @@ catalog: - id: pe-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PE-01a.[04] class: sp800-53a @@ -57283,13 +49784,6 @@ catalog: - id: pe-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PE-01a.01(a) class: sp800-53a @@ -57379,13 +49873,6 @@ catalog: - id: pe-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PE-01a.01(b) class: sp800-53a @@ -57405,17 +49892,6 @@ catalog: - id: pe-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-01b. class: sp800-53a @@ -57435,17 +49911,6 @@ catalog: - id: pe-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-01c.01 class: sp800-53a @@ -57480,17 +49945,6 @@ catalog: - id: pe-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-01c.02 class: sp800-53a @@ -57579,6 +50033,9 @@ catalog: - prose: frequency at which to review the access list detailing authorized facility access by individuals is defined; props: + - name: label + value: PE-02 + class: zero-padded - name: label value: PE-2 - name: label @@ -57633,9 +50090,6 @@ catalog: - id: pe-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Develop, approve, and maintain a list of individuals with @@ -57643,18 +50097,12 @@ catalog: - id: pe-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Issue authorization credentials for facility access; - id: pe-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Review the access list detailing authorized facility access\ @@ -57662,9 +50110,6 @@ catalog: - id: pe-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Remove individuals from the facility access list when access @@ -57690,17 +50135,6 @@ catalog: - id: pe-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-02a. class: sp800-53a @@ -57744,13 +50178,6 @@ catalog: - id: pe-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-02b. class: sp800-53a @@ -57761,13 +50188,6 @@ catalog: - id: pe-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-02c. class: sp800-53a @@ -57779,13 +50199,6 @@ catalog: - id: pe-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-02d. class: sp800-53a @@ -57933,9 +50346,9 @@ catalog: guidelines: - prose: frequency at which to change keys is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: PE-03 + class: zero-padded - name: label value: PE-3 - name: label @@ -58010,9 +50423,6 @@ catalog: - id: pe-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Enforce physical access authorizations at {{ insert: param,\ @@ -58035,9 +50445,6 @@ catalog: - id: pe-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Maintain physical access audit logs for {{ insert: param,\ @@ -58045,9 +50452,6 @@ catalog: - id: pe-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Control access to areas within the facility designated as\ @@ -58056,9 +50460,6 @@ catalog: - id: pe-3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Escort visitors and control visitor activity {{ insert:\ @@ -58066,18 +50467,12 @@ catalog: - id: pe-3_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Secure keys, combinations, and other physical access devices; - id: pe-3_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Inventory {{ insert: param, pe-03_odp.07 }} every {{ insert:\ @@ -58085,9 +50480,6 @@ catalog: - id: pe-3_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: "Change combinations and keys {{ insert: param, pe-3_prm_9\ @@ -58130,13 +50522,6 @@ catalog: - id: pe-3_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03a.01 class: sp800-53a @@ -58149,17 +50534,6 @@ catalog: - id: pe-3_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03a.02 class: sp800-53a @@ -58175,17 +50549,6 @@ catalog: - id: pe-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-03b. class: sp800-53a @@ -58197,13 +50560,6 @@ catalog: - id: pe-3_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03c. class: sp800-53a @@ -58223,13 +50579,6 @@ catalog: - id: pe-3_obj.d-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03d.[01] class: sp800-53a @@ -58240,17 +50589,6 @@ catalog: - id: pe-3_obj.d-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03d.[02] class: sp800-53a @@ -58265,13 +50603,6 @@ catalog: - id: pe-3_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03e. class: sp800-53a @@ -58312,17 +50643,6 @@ catalog: - id: pe-3_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-03f. class: sp800-53a @@ -58341,13 +50661,6 @@ catalog: - id: pe-3_obj.g-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03g.[01] class: sp800-53a @@ -58360,13 +50673,6 @@ catalog: - id: pe-3_obj.g-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03g.[02] class: sp800-53a @@ -58473,6 +50779,9 @@ catalog: - prose: physical spaces containing one or more components of the system are defined; props: + - name: label + value: PE-03(01) + class: zero-padded - name: label value: PE-3(1) - name: label @@ -58489,10 +50798,6 @@ catalog: parts: - id: pe-3.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Enforce physical access authorizations to the system in\ \ addition to the physical access controls for the facility at\ \ {{ insert: param, pe-03.01_odp }}." @@ -58511,13 +50816,6 @@ catalog: - id: pe-3.1_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03(01)[01] class: sp800-53a @@ -58528,13 +50826,6 @@ catalog: - id: pe-3.1_obj.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03(01)[02] class: sp800-53a @@ -58639,6 +50930,9 @@ catalog: to system distribution and transmission lines within the organizational facility are defined; props: + - name: label + value: PE-04 + class: zero-padded - name: label value: PE-4 - name: label @@ -58673,10 +50967,6 @@ catalog: parts: - id: pe-4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Control physical access to {{ insert: param, pe-04_odp.01 }}\ \ within organizational facilities using {{ insert: param, pe-04_odp.02\ \ }}." @@ -58692,17 +50982,6 @@ catalog: - id: pe-4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-04 class: sp800-53a @@ -58789,6 +51068,9 @@ catalog: - prose: output devices that require physical access control to output are defined; props: + - name: label + value: PE-05 + class: zero-padded - name: label value: PE-5 - name: label @@ -58813,10 +51095,6 @@ catalog: parts: - id: pe-5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Control physical access to output from {{ insert: param, pe-05_odp\ \ }} to prevent unauthorized individuals from obtaining the output." - id: pe-5_gdn @@ -58831,13 +51109,6 @@ catalog: - id: pe-5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-05 class: sp800-53a @@ -58935,6 +51206,9 @@ catalog: - prose: events or potential indication of events requiring physical access logs to be reviewed are defined; props: + - name: label + value: PE-06 + class: zero-padded - name: label value: PE-6 - name: label @@ -58972,9 +51246,6 @@ catalog: - id: pe-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Monitor physical access to the facility where the system @@ -58982,9 +51253,6 @@ catalog: - id: pe-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review physical access logs {{ insert: param, pe-06_odp.01\ @@ -58993,9 +51261,6 @@ catalog: - id: pe-6_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Coordinate results of reviews and investigations with the @@ -59025,17 +51290,6 @@ catalog: - id: pe-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-06a. class: sp800-53a @@ -59054,13 +51308,6 @@ catalog: - id: pe-6_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-06b.[01] class: sp800-53a @@ -59072,13 +51319,6 @@ catalog: - id: pe-6_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-06b.[02] class: sp800-53a @@ -59100,17 +51340,6 @@ catalog: - id: pe-6_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-06c.[01] class: sp800-53a @@ -59122,17 +51351,6 @@ catalog: - id: pe-6_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-06c.[02] class: sp800-53a @@ -59217,6 +51435,9 @@ catalog: class: SP800-53-enhancement title: Intrusion Alarms and Surveillance Equipment props: + - name: label + value: PE-06(01) + class: zero-padded - name: label value: PE-6(1) - name: label @@ -59236,10 +51457,6 @@ catalog: parts: - id: pe-6.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Monitor physical access to the facility where the system resides using physical intrusion alarms and surveillance equipment. - id: pe-6.1_gdn @@ -59256,13 +51473,6 @@ catalog: - id: pe-6.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-06(01) class: sp800-53a @@ -59376,6 +51586,9 @@ catalog: - prose: physical spaces containing one or more components of the system are defined; props: + - name: label + value: PE-06(04) + class: zero-padded - name: label value: PE-6(4) - name: label @@ -59395,10 +51608,6 @@ catalog: parts: - id: pe-6.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Monitor physical access to the system in addition to the\ \ physical access monitoring of the facility at {{ insert: param,\ \ pe-06.04_odp }}." @@ -59414,13 +51623,6 @@ catalog: - id: pe-6.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-06(04) class: sp800-53a @@ -59538,6 +51740,9 @@ catalog: - prose: personnel to whom visitor access records anomalies are reported to is/are defined; props: + - name: label + value: PE-08 + class: zero-padded - name: label value: PE-8 - name: label @@ -59565,9 +51770,6 @@ catalog: - id: pe-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Maintain visitor access records to the facility where the\ @@ -59575,9 +51777,6 @@ catalog: - id: pe-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review visitor access records {{ insert: param, pe-08_odp.02\ @@ -59585,9 +51784,6 @@ catalog: - id: pe-8_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Report anomalies in visitor access records to {{ insert:\ @@ -59611,17 +51807,6 @@ catalog: - id: pe-8_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-08a. class: sp800-53a @@ -59633,13 +51818,6 @@ catalog: - id: pe-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-08b. class: sp800-53a @@ -59651,17 +51829,6 @@ catalog: - id: pe-8_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-08c. class: sp800-53a @@ -59756,6 +51923,9 @@ catalog: - prose: automated mechanisms used to review visitor access records are defined; props: + - name: label + value: PE-08(01) + class: zero-padded - name: label value: PE-8(1) - name: label @@ -59772,10 +51942,6 @@ catalog: parts: - id: pe-8.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Maintain and review visitor access records using {{ insert:\ \ param, pe-8.1_prm_1 }}." - id: pe-8.1_gdn @@ -59796,17 +51962,6 @@ catalog: - id: pe-8.1_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-08(01)[01] class: sp800-53a @@ -59818,13 +51973,6 @@ catalog: - id: pe-8.1_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-08(01)[02] class: sp800-53a @@ -59908,6 +52056,9 @@ catalog: class: SP800-53 title: Power Equipment and Cabling props: + - name: label + value: PE-09 + class: zero-padded - name: label value: PE-9 - name: label @@ -59924,10 +52075,6 @@ catalog: parts: - id: pe-9_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Protect power equipment and power cabling for the system from damage and destruction. - id: pe-9_gdn @@ -59943,13 +52090,6 @@ catalog: - id: pe-9_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-09 class: sp800-53a @@ -60049,6 +52189,9 @@ catalog: - prose: location of emergency shutoff switches or devices by system or system component is defined; props: + - name: label + value: PE-10 + class: zero-padded - name: label value: PE-10 - name: label @@ -60069,9 +52212,6 @@ catalog: - id: pe-10_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Provide the capability of shutting off power to {{ insert:\ @@ -60079,9 +52219,6 @@ catalog: - id: pe-10_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Place emergency shutoff switches or devices in {{ insert:\ @@ -60090,9 +52227,6 @@ catalog: - id: pe-10_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Protect emergency power shutoff capability from unauthorized @@ -60113,17 +52247,6 @@ catalog: - id: pe-10_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-10a. class: sp800-53a @@ -60135,13 +52258,6 @@ catalog: - id: pe-10_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-10b. class: sp800-53a @@ -60153,17 +52269,6 @@ catalog: - id: pe-10_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-10c. class: sp800-53a @@ -60248,6 +52353,9 @@ catalog: - an orderly shutdown of the system - transition of the system to long-term alternate power props: + - name: label + value: PE-11 + class: zero-padded - name: label value: PE-11 - name: label @@ -60268,10 +52376,6 @@ catalog: parts: - id: pe-11_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Provide an uninterruptible power supply to facilitate {{ insert:\ \ param, pe-11_odp }} in the event of a primary power source loss." - id: pe-11_gdn @@ -60292,17 +52396,6 @@ catalog: - id: pe-11_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-11 class: sp800-53a @@ -60384,6 +52477,9 @@ catalog: - manually - automatically props: + - name: label + value: PE-11(01) + class: zero-padded - name: label value: PE-11(1) - name: label @@ -60400,10 +52496,6 @@ catalog: parts: - id: pe-11.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Provide an alternate power supply for the system that is\ \ activated {{ insert: param, pe-11.01_odp }} and that can maintain\ \ minimally required operational capability in the event of an\ @@ -60423,17 +52515,6 @@ catalog: - id: pe-11.1_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-11(01)[01] class: sp800-53a @@ -60445,17 +52526,6 @@ catalog: - id: pe-11.1_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-11(01)[02] class: sp800-53a @@ -60531,6 +52601,9 @@ catalog: class: SP800-53 title: Emergency Lighting props: + - name: label + value: PE-12 + class: zero-padded - name: label value: PE-12 - name: label @@ -60549,10 +52622,6 @@ catalog: parts: - id: pe-12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ and maintain automatic emergency lighting for the system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility. @@ -60575,13 +52644,6 @@ catalog: - id: pe-12_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-12[01] class: sp800-53a @@ -60593,13 +52655,6 @@ catalog: - id: pe-12_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-12[02] class: sp800-53a @@ -60611,13 +52666,6 @@ catalog: - id: pe-12_obj-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-12[03] class: sp800-53a @@ -60629,13 +52677,6 @@ catalog: - id: pe-12_obj-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-12[04] class: sp800-53a @@ -60706,6 +52747,9 @@ catalog: class: SP800-53 title: Fire Protection props: + - name: label + value: PE-13 + class: zero-padded - name: label value: PE-13 - name: label @@ -60722,10 +52766,6 @@ catalog: parts: - id: pe-13_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ and maintain fire detection and suppression systems that are supported by an independent energy source. - id: pe-13_gdn @@ -60748,17 +52788,6 @@ catalog: - id: pe-13_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13[01] class: sp800-53a @@ -60769,17 +52798,6 @@ catalog: - id: pe-13_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13[02] class: sp800-53a @@ -60791,17 +52809,6 @@ catalog: - id: pe-13_obj-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13[03] class: sp800-53a @@ -60812,17 +52819,6 @@ catalog: - id: pe-13_obj-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13[04] class: sp800-53a @@ -60833,17 +52829,6 @@ catalog: - id: pe-13_obj-5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13[05] class: sp800-53a @@ -60855,17 +52840,6 @@ catalog: - id: pe-13_obj-6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13[06] class: sp800-53a @@ -60959,6 +52933,9 @@ catalog: - prose: emergency responders to be notified in the event of a fire are defined; props: + - name: label + value: PE-13(01) + class: zero-padded - name: label value: PE-13(1) - name: label @@ -60975,10 +52952,6 @@ catalog: parts: - id: pe-13.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Employ fire detection systems that activate automatically\ \ and notify {{ insert: param, pe-13.01_odp.01 }} and {{ insert:\ \ param, pe-13.01_odp.02 }} in the event of a fire." @@ -61001,13 +52974,6 @@ catalog: - id: pe-13.1_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13(01)[01] class: sp800-53a @@ -61019,17 +52985,6 @@ catalog: - id: pe-13.1_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13(01)[02] class: sp800-53a @@ -61042,17 +52997,6 @@ catalog: - id: pe-13.1_obj-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13(01)[03] class: sp800-53a @@ -61159,6 +53103,9 @@ catalog: - prose: emergency responders to be notified in the event of a fire are defined; props: + - name: label + value: PE-13(02) + class: zero-padded - name: label value: PE-13(2) - name: label @@ -61179,9 +53126,6 @@ catalog: - id: pe-13.2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Employ fire suppression systems that activate automatically\ @@ -61190,9 +53134,6 @@ catalog: - id: pe-13.2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Employ an automatic fire suppression capability when @@ -61223,13 +53164,6 @@ catalog: - id: pe-13.2_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13(02)(a)[01] class: sp800-53a @@ -61241,17 +53175,6 @@ catalog: - id: pe-13.2_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13(02)(a)[02] class: sp800-53a @@ -61263,17 +53186,6 @@ catalog: - id: pe-13.2_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13(02)(a)[03] class: sp800-53a @@ -61288,17 +53200,6 @@ catalog: - id: pe-13.2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13(02)(b) class: sp800-53a @@ -61422,6 +53323,9 @@ catalog: - prose: frequency at which to monitor environmental control levels is defined; props: + - name: label + value: PE-14 + class: zero-padded - name: label value: PE-14 - name: label @@ -61444,9 +53348,6 @@ catalog: - id: pe-14_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Maintain {{ insert: param, pe-14_odp.01 }} levels within\ @@ -61455,9 +53356,6 @@ catalog: - id: pe-14_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Monitor environmental control levels {{ insert: param, pe-14_odp.04\ @@ -61492,17 +53390,6 @@ catalog: - id: pe-14_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-14a. class: sp800-53a @@ -61515,17 +53402,6 @@ catalog: - id: pe-14_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-14b. class: sp800-53a @@ -61606,6 +53482,9 @@ catalog: monitoring when environmental changes are potentially harmful to personnel or equipment is/are defined; props: + - name: label + value: PE-14(02) + class: zero-padded - name: label value: PE-14(2) - name: label @@ -61622,10 +53501,6 @@ catalog: parts: - id: pe-14.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Employ environmental control monitoring that provides an\ \ alarm or notification of changes potentially harmful to personnel\ \ or equipment to {{ insert: param, pe-14.02_odp }}." @@ -61646,13 +53521,6 @@ catalog: - id: pe-14.2_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-14(02)[01] class: sp800-53a @@ -61663,17 +53531,6 @@ catalog: - id: pe-14.2_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-14(02)[02] class: sp800-53a @@ -61753,6 +53610,9 @@ catalog: class: SP800-53 title: Water Damage Protection props: + - name: label + value: PE-15 + class: zero-padded - name: label value: PE-15 - name: label @@ -61771,10 +53631,6 @@ catalog: parts: - id: pe-15_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. @@ -61796,17 +53652,6 @@ catalog: - id: pe-15_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-15[01] class: sp800-53a @@ -61818,17 +53663,6 @@ catalog: - id: pe-15_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-15[02] class: sp800-53a @@ -61839,17 +53673,6 @@ catalog: - id: pe-15_obj-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-15[03] class: sp800-53a @@ -61860,17 +53683,6 @@ catalog: - id: pe-15_obj-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-15[04] class: sp800-53a @@ -61967,6 +53779,9 @@ catalog: - prose: automated mechanisms used to detect the presence of water near the system are defined; props: + - name: label + value: PE-15(01) + class: zero-padded - name: label value: PE-15(1) - name: label @@ -61983,10 +53798,6 @@ catalog: parts: - id: pe-15.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Detect the presence of water near the system and alert {{\ \ insert: param, pe-15.01_odp.01 }} using {{ insert: param, pe-15.01_odp.02\ \ }}." @@ -62004,13 +53815,6 @@ catalog: - id: pe-15.1_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-15(01)[01] class: sp800-53a @@ -62022,17 +53826,6 @@ catalog: - id: pe-15.1_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-15(01)[02] class: sp800-53a @@ -62128,6 +53921,9 @@ catalog: - prose: types of system components to be authorized and controlled when exiting the facility are defined; props: + - name: label + value: PE-16 + class: zero-padded - name: label value: PE-16 - name: label @@ -62166,9 +53962,6 @@ catalog: - id: pe-16_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Authorize and control {{ insert: param, pe-16_prm_1 }} entering\ @@ -62176,9 +53969,6 @@ catalog: - id: pe-16_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Maintain records of the system components. @@ -62204,17 +53994,6 @@ catalog: - id: pe-16_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-16a.[01] class: sp800-53a @@ -62226,17 +54005,6 @@ catalog: - id: pe-16_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-16a.[02] class: sp800-53a @@ -62248,17 +54016,6 @@ catalog: - id: pe-16_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-16a.[03] class: sp800-53a @@ -62270,17 +54027,6 @@ catalog: - id: pe-16_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-16a.[04] class: sp800-53a @@ -62295,17 +54041,6 @@ catalog: - id: pe-16_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-16b. class: sp800-53a @@ -62396,6 +54131,9 @@ catalog: guidelines: - prose: controls to be employed at alternate work sites are defined; props: + - name: label + value: PE-17 + class: zero-padded - name: label value: PE-17 - name: label @@ -62422,9 +54160,6 @@ catalog: - id: pe-17_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Determine and document the {{ insert: param, pe-17_odp.01\ @@ -62432,9 +54167,6 @@ catalog: - id: pe-17_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Employ the following controls at alternate work sites: {{\ @@ -62442,9 +54174,6 @@ catalog: - id: pe-17_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Assess the effectiveness of controls at alternate work sites; @@ -62452,9 +54181,6 @@ catalog: - id: pe-17_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Provide a means for employees to communicate with information @@ -62480,17 +54206,6 @@ catalog: - id: pe-17_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-17a. class: sp800-53a @@ -62501,17 +54216,6 @@ catalog: - id: pe-17_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-17b. class: sp800-53a @@ -62523,17 +54227,6 @@ catalog: - id: pe-17_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-17c. class: sp800-53a @@ -62545,17 +54238,6 @@ catalog: - id: pe-17_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-17d. class: sp800-53a @@ -62661,6 +54343,9 @@ catalog: - prose: physical and environmental hazards that could result in potential damage to system components within the facility are defined; props: + - name: label + value: PE-18 + class: zero-padded - name: label value: PE-18 - name: label @@ -62685,10 +54370,6 @@ catalog: parts: - id: pe-18_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Position system components within the facility to minimize potential\ \ damage from {{ insert: param, pe-18_odp }} and to minimize the opportunity\ \ for unauthorized access." @@ -62705,17 +54386,6 @@ catalog: - id: pe-18_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-18 class: sp800-53a @@ -62846,6 +54516,9 @@ catalog: - prose: events that would require procedures to be reviewed and updated are defined; props: + - name: label + value: PL-01 + class: zero-padded - name: label value: PL-1 - name: label @@ -62885,11 +54558,6 @@ catalog: - id: pl-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -62928,9 +54596,6 @@ catalog: - id: pl-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, pl-01_odp.04 }} to manage\ @@ -62939,11 +54604,6 @@ catalog: - id: pl-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current planning:" @@ -63002,17 +54662,6 @@ catalog: - id: pl-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-01a.[01] class: sp800-53a @@ -63023,17 +54672,6 @@ catalog: - id: pl-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-01a.[02] class: sp800-53a @@ -63045,13 +54683,6 @@ catalog: - id: pl-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-01a.[03] class: sp800-53a @@ -63064,13 +54695,6 @@ catalog: - id: pl-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-01a.[04] class: sp800-53a @@ -63089,13 +54713,6 @@ catalog: - id: pl-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-01a.01(a) class: sp800-53a @@ -63184,13 +54801,6 @@ catalog: - id: pl-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-01a.01(b) class: sp800-53a @@ -63209,17 +54819,6 @@ catalog: - id: pl-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-01b. class: sp800-53a @@ -63239,17 +54838,6 @@ catalog: - id: pl-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-01c.01 class: sp800-53a @@ -63282,17 +54870,6 @@ catalog: - id: pl-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-01c.02 class: sp800-53a @@ -63392,6 +54969,9 @@ catalog: - prose: frequency to review system security and privacy plans is defined; props: + - name: label + value: PL-02 + class: zero-padded - name: label value: PL-2 - name: label @@ -63497,9 +55077,6 @@ catalog: - id: pl-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Develop security and privacy plans for the system that:" @@ -63613,9 +55190,6 @@ catalog: - id: pl-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Distribute copies of the plans and communicate subsequent\ @@ -63623,18 +55197,12 @@ catalog: - id: pl-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Review the plans {{ insert: param, pl-02_odp.03 }};" - id: pl-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Update the plans to address changes to the system and environment @@ -63643,9 +55211,6 @@ catalog: - id: pl-2_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Protect the plans from unauthorized disclosure and modification. @@ -63740,39 +55305,6 @@ catalog: - id: pl-2_obj.a.1-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.01[01] class: sp800-53a @@ -63784,39 +55316,6 @@ catalog: - id: pl-2_obj.a.1-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.01[02] class: sp800-53a @@ -63904,13 +55403,6 @@ catalog: - id: pl-2_obj.a.4-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.04[01] class: sp800-53a @@ -63923,13 +55415,6 @@ catalog: - id: pl-2_obj.a.4-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.04[02] class: sp800-53a @@ -63944,13 +55429,6 @@ catalog: - id: pl-2_obj.a.5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.05 class: sp800-53a @@ -63985,13 +55463,6 @@ catalog: - id: pl-2_obj.a.6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.06 class: sp800-53a @@ -64026,13 +55497,6 @@ catalog: - id: pl-2_obj.a.7 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.07 class: sp800-53a @@ -64067,13 +55531,6 @@ catalog: - id: pl-2_obj.a.8 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.08 class: sp800-53a @@ -64108,17 +55565,6 @@ catalog: - id: pl-2_obj.a.9 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.09 class: sp800-53a @@ -64161,13 +55607,6 @@ catalog: - id: pl-2_obj.a.10-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.10[01] class: sp800-53a @@ -64180,13 +55619,6 @@ catalog: - id: pl-2_obj.a.10-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.10[02] class: sp800-53a @@ -64201,13 +55633,6 @@ catalog: - id: pl-2_obj.a.11 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.11 class: sp800-53a @@ -64248,13 +55673,6 @@ catalog: - id: pl-2_obj.a.12-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.12[01] class: sp800-53a @@ -64268,13 +55686,6 @@ catalog: - id: pl-2_obj.a.12-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.12[02] class: sp800-53a @@ -64297,17 +55708,6 @@ catalog: - id: pl-2_obj.a.13-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.13[01] class: sp800-53a @@ -64320,17 +55720,6 @@ catalog: - id: pl-2_obj.a.13-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.13[02] class: sp800-53a @@ -64353,17 +55742,6 @@ catalog: - id: pl-2_obj.a.14-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-02a.14[01] class: sp800-53a @@ -64377,17 +55755,6 @@ catalog: - id: pl-2_obj.a.14-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-02a.14[02] class: sp800-53a @@ -64411,17 +55778,6 @@ catalog: - id: pl-2_obj.a.15-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.15[01] class: sp800-53a @@ -64434,17 +55790,6 @@ catalog: - id: pl-2_obj.a.15-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.15[02] class: sp800-53a @@ -64463,17 +55808,6 @@ catalog: - id: pl-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-02b. class: sp800-53a @@ -64506,17 +55840,6 @@ catalog: - id: pl-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-02c. class: sp800-53a @@ -64527,17 +55850,6 @@ catalog: - id: pl-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-02d. class: sp800-53a @@ -64581,17 +55893,6 @@ catalog: - id: pl-2_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-02e. class: sp800-53a @@ -64733,6 +56034,9 @@ catalog: - prose: frequency for individuals to read and re-acknowledge the rules of behavior is defined (if selected); props: + - name: label + value: PL-04 + class: zero-padded - name: label value: PL-4 - name: label @@ -64796,9 +56100,6 @@ catalog: - id: pl-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish and provide to individuals requiring access to @@ -64808,9 +56109,6 @@ catalog: - id: pl-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Receive a documented acknowledgment from such individuals, @@ -64820,9 +56118,6 @@ catalog: - id: pl-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Review and update the rules of behavior {{ insert: param,\ @@ -64830,9 +56125,6 @@ catalog: - id: pl-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Require individuals who have acknowledged a previous version\ @@ -64869,17 +56161,6 @@ catalog: - id: pl-4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-04a. class: sp800-53a @@ -64914,17 +56195,6 @@ catalog: - id: pl-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-04b. class: sp800-53a @@ -64938,17 +56208,6 @@ catalog: - id: pl-4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-04c. class: sp800-53a @@ -64960,17 +56219,6 @@ catalog: - id: pl-4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-04d. class: sp800-53a @@ -65055,6 +56303,9 @@ catalog: class: SP800-53-enhancement title: Social Media and External Site/Application Usage Restrictions props: + - name: label + value: PL-04(01) + class: zero-padded - name: label value: PL-4(1) - name: label @@ -65083,9 +56334,6 @@ catalog: - id: pl-4.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Use of social media, social networking sites, and external @@ -65093,9 +56341,6 @@ catalog: - id: pl-4.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Posting organizational information on public websites; @@ -65103,9 +56348,6 @@ catalog: - id: pl-4.1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: Use of organization-provided identifiers (e.g., email @@ -65135,17 +56377,6 @@ catalog: - id: pl-4.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-04(01)(a) class: sp800-53a @@ -65157,17 +56388,6 @@ catalog: - id: pl-4.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-04(01)(b) class: sp800-53a @@ -65179,17 +56399,6 @@ catalog: - id: pl-4.1_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-04(01)(c) class: sp800-53a @@ -65280,6 +56489,9 @@ catalog: - prose: frequency for review and update to reflect changes in the enterprise architecture; props: + - name: label + value: PL-08 + class: zero-padded - name: label value: PL-8 - name: label @@ -65333,9 +56545,6 @@ catalog: - id: pl-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Develop security and privacy architectures for the system\ @@ -65374,9 +56583,6 @@ catalog: - id: pl-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update the architectures {{ insert: param, pl-08_odp\ @@ -65384,9 +56590,6 @@ catalog: - id: pl-8_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Reflect planned architecture changes in security and privacy @@ -65480,17 +56683,6 @@ catalog: - id: pl-8_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08a.01 class: sp800-53a @@ -65503,17 +56695,6 @@ catalog: - id: pl-8_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08a.02 class: sp800-53a @@ -65526,13 +56707,6 @@ catalog: - id: pl-8_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-08a.03 class: sp800-53a @@ -65567,13 +56741,6 @@ catalog: - id: pl-8_obj.a.4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-08a.04 class: sp800-53a @@ -65611,17 +56778,6 @@ catalog: - id: pl-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-08b. class: sp800-53a @@ -65641,17 +56797,6 @@ catalog: - id: pl-8_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08c.[01] class: sp800-53a @@ -65663,17 +56808,6 @@ catalog: - id: pl-8_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08c.[02] class: sp800-53a @@ -65685,17 +56819,6 @@ catalog: - id: pl-8_obj.c-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08c.[03] class: sp800-53a @@ -65707,17 +56830,6 @@ catalog: - id: pl-8_obj.c-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08c.[04] class: sp800-53a @@ -65729,17 +56841,6 @@ catalog: - id: pl-8_obj.c-5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08c.[05] class: sp800-53a @@ -65751,17 +56852,6 @@ catalog: - id: pl-8_obj.c-6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08c.[06] class: sp800-53a @@ -65863,6 +56953,9 @@ catalog: class: SP800-53 title: Baseline Selection props: + - name: label + value: PL-10 + class: zero-padded - name: label value: PL-10 - name: label @@ -65907,10 +57000,6 @@ catalog: parts: - id: pl-10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Select a control baseline for the system. parts: - id: pl-10_fr @@ -65955,13 +57044,6 @@ catalog: - id: pl-10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-10 class: sp800-53a @@ -66066,6 +57148,9 @@ catalog: class: SP800-53 title: Baseline Tailoring props: + - name: label + value: PL-11 + class: zero-padded - name: label value: PL-11 - name: label @@ -66110,10 +57195,6 @@ catalog: parts: - id: pl-11_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Tailor the selected control baseline by applying specified tailoring actions. - id: pl-11_gdn @@ -66144,17 +57225,6 @@ catalog: - id: pl-11_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-11 class: sp800-53a @@ -66310,6 +57380,9 @@ catalog: - prose: events that would require the personnel security procedures to be reviewed and updated are defined; props: + - name: label + value: PS-01 + class: zero-padded - name: label value: PS-1 - name: label @@ -66345,11 +57418,6 @@ catalog: - id: ps-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -66389,9 +57457,6 @@ catalog: - id: ps-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ps-01_odp.04 }} to manage\ @@ -66400,11 +57465,6 @@ catalog: - id: ps-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current personnel security:" @@ -66464,17 +57524,6 @@ catalog: - id: ps-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-01a.[01] class: sp800-53a @@ -66485,17 +57534,6 @@ catalog: - id: ps-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-01a.[02] class: sp800-53a @@ -66507,13 +57545,6 @@ catalog: - id: ps-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-01a.[03] class: sp800-53a @@ -66526,13 +57557,6 @@ catalog: - id: ps-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-01a.[04] class: sp800-53a @@ -66551,13 +57575,6 @@ catalog: - id: ps-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-01a.01(a) class: sp800-53a @@ -66646,13 +57663,6 @@ catalog: - id: ps-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-01a.01(b) class: sp800-53a @@ -66672,17 +57682,6 @@ catalog: - id: ps-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-01b. class: sp800-53a @@ -66702,17 +57701,6 @@ catalog: - id: ps-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-01c.01 class: sp800-53a @@ -66746,17 +57734,6 @@ catalog: - id: ps-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-01c.02 class: sp800-53a @@ -66847,6 +57824,9 @@ catalog: - prose: the frequency at which to review and update position risk designations is defined; props: + - name: label + value: PS-02 + class: zero-padded - name: label value: PS-2 - name: label @@ -66889,18 +57869,12 @@ catalog: - id: ps-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Assign a risk designation to all organizational positions; - id: ps-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Establish screening criteria for individuals filling those @@ -66908,9 +57882,6 @@ catalog: - id: ps-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Review and update position risk designations {{ insert:\ @@ -66948,17 +57919,6 @@ catalog: - id: ps-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-02a. class: sp800-53a @@ -66969,17 +57929,6 @@ catalog: - id: ps-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-02b. class: sp800-53a @@ -66991,17 +57940,6 @@ catalog: - id: ps-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-02c. class: sp800-53a @@ -67102,6 +58040,9 @@ catalog: - prose: the frequency of rescreening individuals where it is so indicated is defined; props: + - name: label + value: PS-03 + class: zero-padded - name: label value: PS-3 - name: label @@ -67156,9 +58097,6 @@ catalog: - id: ps-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Screen individuals prior to authorizing access to the system; @@ -67166,9 +58104,6 @@ catalog: - id: ps-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Rescreen individuals in accordance with {{ insert: param,\ @@ -67193,17 +58128,6 @@ catalog: - id: ps-3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-03a. class: sp800-53a @@ -67215,17 +58139,6 @@ catalog: - id: ps-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-03b. class: sp800-53a @@ -67316,7 +58229,7 @@ catalog: - id: ps-03.03_odp label: additional personnel screening criteria constraints: - - description: personnel screening criteria - as required by specific + - description: personnel screening criteria – as required by specific information guidelines: - prose: additional personnel screening criteria to be satisfied @@ -67324,6 +58237,9 @@ catalog: transmitting information requiring special protection are defined; props: + - name: label + value: PS-03(03) + class: zero-padded - name: label value: PS-3(3) - name: label @@ -67346,9 +58262,6 @@ catalog: - id: ps-3.3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Have valid access authorizations that are demonstrated @@ -67356,9 +58269,6 @@ catalog: - id: ps-3.3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Satisfy {{ insert: param, ps-03.03_odp }}." @@ -67377,17 +58287,6 @@ catalog: - id: ps-3.3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-03(03)(a) class: sp800-53a @@ -67401,17 +58300,6 @@ catalog: - id: ps-3.3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-03(03)(b) class: sp800-53a @@ -67507,6 +58395,9 @@ catalog: - prose: information security topics to be discussed when conducting exit interviews are defined; props: + - name: label + value: PS-04 + class: zero-padded - name: label value: PS-4 - name: label @@ -67538,9 +58429,6 @@ catalog: - id: ps-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Disable system access within {{ insert: param, ps-04_odp.01\ @@ -67548,9 +58436,6 @@ catalog: - id: ps-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Terminate or revoke any authenticators and credentials associated @@ -67558,9 +58443,6 @@ catalog: - id: ps-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Conduct exit interviews that include a discussion of {{\ @@ -67568,9 +58450,6 @@ catalog: - id: ps-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Retrieve all security-related organizational system-related @@ -67578,9 +58457,6 @@ catalog: - id: ps-4_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Retain access to organizational information and systems formerly @@ -67612,13 +58488,6 @@ catalog: - id: ps-4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-04a. class: sp800-53a @@ -67630,13 +58499,6 @@ catalog: - id: ps-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-04b. class: sp800-53a @@ -67648,17 +58510,6 @@ catalog: - id: ps-4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-04c. class: sp800-53a @@ -67671,17 +58522,6 @@ catalog: - id: ps-4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-04d. class: sp800-53a @@ -67693,17 +58533,6 @@ catalog: - id: ps-4_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-04e. class: sp800-53a @@ -67813,6 +58642,9 @@ catalog: - prose: personnel or roles to be notified upon termination of an individual is/are defined (if selected); props: + - name: label + value: PS-04(02) + class: zero-padded - name: label value: PS-4(2) - name: label @@ -67829,10 +58661,6 @@ catalog: parts: - id: ps-4.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Use {{ insert: param, ps-04.02_odp.01 }} to {{ insert: param,\ \ ps-04.02_odp.02 }}." - id: ps-4.2_gdn @@ -67850,17 +58678,6 @@ catalog: - id: ps-4.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-04(02) class: sp800-53a @@ -67971,6 +58788,9 @@ catalog: or roles when individuals are reassigned or transferred to other positions within the organization is defined; props: + - name: label + value: PS-05 + class: zero-padded - name: label value: PS-5 - name: label @@ -68001,9 +58821,6 @@ catalog: - id: ps-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Review and confirm ongoing operational need for current logical @@ -68013,9 +58830,6 @@ catalog: - id: ps-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Initiate {{ insert: param, ps-05_odp.01 }} within {{ insert:\ @@ -68023,9 +58837,6 @@ catalog: - id: ps-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Modify access authorization as needed to correspond with @@ -68034,9 +58845,6 @@ catalog: - id: ps-5_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Notify {{ insert: param, ps-05_odp.03 }} within {{ insert:\ @@ -68064,17 +58872,6 @@ catalog: - id: ps-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-05a. class: sp800-53a @@ -68088,17 +58885,6 @@ catalog: - id: ps-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-05b. class: sp800-53a @@ -68110,13 +58896,6 @@ catalog: - id: ps-5_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-05c. class: sp800-53a @@ -68128,17 +58907,6 @@ catalog: - id: ps-5_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-05d. class: sp800-53a @@ -68235,6 +59003,9 @@ catalog: - prose: the frequency at which to re-sign access agreements to maintain access to organizational information is defined; props: + - name: label + value: PS-06 + class: zero-padded - name: label value: PS-6 - name: label @@ -68276,9 +59047,6 @@ catalog: - id: ps-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Develop and document access agreements for organizational @@ -68286,9 +59054,6 @@ catalog: - id: ps-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update the access agreements {{ insert: param,\ @@ -68296,9 +59061,6 @@ catalog: - id: ps-6_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Verify that individuals requiring access to organizational\ @@ -68338,13 +59100,6 @@ catalog: - id: ps-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-06a. class: sp800-53a @@ -68356,17 +59111,6 @@ catalog: - id: ps-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-06b. class: sp800-53a @@ -68385,17 +59129,6 @@ catalog: - id: ps-6_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-06c.01 class: sp800-53a @@ -68408,17 +59141,6 @@ catalog: - id: ps-6_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-06c.02 class: sp800-53a @@ -68541,6 +59263,9 @@ catalog: transfers or terminations of external personnel who possess organizational credentials and/or badges or who have system privileges is defined; props: + - name: label + value: PS-07 + class: zero-padded - name: label value: PS-7 - name: label @@ -68590,9 +59315,6 @@ catalog: - id: ps-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish personnel security requirements, including security @@ -68600,9 +59322,6 @@ catalog: - id: ps-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Require external providers to comply with personnel security @@ -68610,18 +59329,12 @@ catalog: - id: ps-7_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Document personnel security requirements; - id: ps-7_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Require external providers to notify {{ insert: param, ps-07_odp.01\ @@ -68632,9 +59345,6 @@ catalog: - id: ps-7_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Monitor provider compliance with personnel security requirements. @@ -68664,17 +59374,6 @@ catalog: - id: ps-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-07a. class: sp800-53a @@ -68686,17 +59385,6 @@ catalog: - id: ps-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-07b. class: sp800-53a @@ -68708,13 +59396,6 @@ catalog: - id: ps-7_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-07c. class: sp800-53a @@ -68725,17 +59406,6 @@ catalog: - id: ps-7_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-07d. class: sp800-53a @@ -68750,17 +59420,6 @@ catalog: - id: ps-7_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-07e. class: sp800-53a @@ -68864,6 +59523,9 @@ catalog: or roles must be notified when a formal employee sanctions process is initiated is defined; props: + - name: label + value: PS-08 + class: zero-padded - name: label value: PS-8 - name: label @@ -68890,9 +59552,6 @@ catalog: - id: ps-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Employ a formal sanctions process for individuals failing @@ -68901,9 +59560,6 @@ catalog: - id: ps-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Notify {{ insert: param, ps-08_odp.01 }} within {{ insert:\ @@ -68928,17 +59584,6 @@ catalog: - id: ps-8_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-08a. class: sp800-53a @@ -68951,17 +59596,6 @@ catalog: - id: ps-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-08b. class: sp800-53a @@ -69059,6 +59693,9 @@ catalog: class: SP800-53 title: Position Descriptions props: + - name: label + value: PS-09 + class: zero-padded - name: label value: PS-9 - name: label @@ -69075,10 +59712,6 @@ catalog: parts: - id: ps-9_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Incorporate security and privacy roles and responsibilities into organizational position descriptions. - id: ps-9_gdn @@ -69090,13 +59723,6 @@ catalog: - id: ps-9_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-09 class: sp800-53a @@ -69245,6 +59871,9 @@ catalog: - prose: events that would require risk assessment procedures to be reviewed and updated are defined; props: + - name: label + value: RA-01 + class: zero-padded - name: label value: RA-1 - name: label @@ -69282,11 +59911,6 @@ catalog: - id: ra-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -69326,9 +59950,6 @@ catalog: - id: ra-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ra-01_odp.04 }} to manage\ @@ -69337,11 +59958,6 @@ catalog: - id: ra-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current risk assessment:" @@ -69401,17 +60017,6 @@ catalog: - id: ra-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-01a.[01] class: sp800-53a @@ -69422,17 +60027,6 @@ catalog: - id: ra-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-01a.[02] class: sp800-53a @@ -69444,13 +60038,6 @@ catalog: - id: ra-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-01a.[03] class: sp800-53a @@ -69463,13 +60050,6 @@ catalog: - id: ra-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-01a.[04] class: sp800-53a @@ -69488,13 +60068,6 @@ catalog: - id: ra-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-01a.01(a) class: sp800-53a @@ -69583,13 +60156,6 @@ catalog: - id: ra-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-01a.01(b) class: sp800-53a @@ -69609,17 +60175,6 @@ catalog: - id: ra-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-01b. class: sp800-53a @@ -69639,17 +60194,6 @@ catalog: - id: ra-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-01c.01 class: sp800-53a @@ -69682,17 +60226,6 @@ catalog: - id: ra-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-01c.02 class: sp800-53a @@ -69769,6 +60302,9 @@ catalog: class: SP800-53 title: Security Categorization props: + - name: label + value: RA-02 + class: zero-padded - name: label value: RA-2 - name: label @@ -69835,9 +60371,6 @@ catalog: - id: ra-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Categorize the system and information it processes, stores, @@ -69845,9 +60378,6 @@ catalog: - id: ra-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Document the security categorization results, including supporting @@ -69855,9 +60385,6 @@ catalog: - id: ra-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Verify that the authorizing official or authorizing official @@ -69907,13 +60434,6 @@ catalog: - id: ra-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-02a. class: sp800-53a @@ -69925,13 +60445,6 @@ catalog: - id: ra-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-02b. class: sp800-53a @@ -69943,17 +60456,6 @@ catalog: - id: ra-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-02c. class: sp800-53a @@ -70064,6 +60566,9 @@ catalog: guidelines: - prose: the frequency to update the risk assessment is defined; props: + - name: label + value: RA-03 + class: zero-padded - name: label value: RA-3 - name: label @@ -70151,9 +60656,6 @@ catalog: - id: ra-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Conduct a risk assessment, including:" @@ -70184,9 +60686,6 @@ catalog: - id: ra-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Integrate risk assessment results and risk management decisions @@ -70195,9 +60694,6 @@ catalog: - id: ra-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Document risk assessment results in {{ insert: param, ra-03_odp.01\ @@ -70205,9 +60701,6 @@ catalog: - id: ra-3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Review risk assessment results {{ insert: param, ra-03_odp.03\ @@ -70215,9 +60708,6 @@ catalog: - id: ra-3_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: "Disseminate risk assessment results to {{ insert: param,\ @@ -70225,9 +60715,6 @@ catalog: - id: ra-3_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Update the risk assessment {{ insert: param, ra-03_odp.05\ @@ -70298,17 +60785,6 @@ catalog: - id: ra-3_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-03a.01 class: sp800-53a @@ -70320,17 +60796,6 @@ catalog: - id: ra-3_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-03a.02 class: sp800-53a @@ -70345,17 +60810,6 @@ catalog: - id: ra-3_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-03a.03 class: sp800-53a @@ -70371,17 +60825,6 @@ catalog: - id: ra-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-03b. class: sp800-53a @@ -70394,13 +60837,6 @@ catalog: - id: ra-3_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-03c. class: sp800-53a @@ -70412,17 +60848,6 @@ catalog: - id: ra-3_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-03d. class: sp800-53a @@ -70434,17 +60859,6 @@ catalog: - id: ra-3_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-03e. class: sp800-53a @@ -70456,17 +60870,6 @@ catalog: - id: ra-3_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-03f. class: sp800-53a @@ -70563,6 +60966,9 @@ catalog: - prose: the frequency at which to update the supply chain risk assessment is defined; props: + - name: label + value: RA-03(01) + class: zero-padded - name: label value: RA-3(1) - name: label @@ -70596,9 +61002,6 @@ catalog: - id: ra-3.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Assess supply chain risks associated with {{ insert:\ @@ -70606,9 +61009,6 @@ catalog: - id: ra-3.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Update the supply chain risk assessment {{ insert: param,\ @@ -70641,17 +61041,6 @@ catalog: - id: ra-3.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-03(01)(a) class: sp800-53a @@ -70663,17 +61052,6 @@ catalog: - id: ra-3.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-03(01)(b) class: sp800-53a @@ -70817,9 +61195,9 @@ catalog: vulnerability scanning process and control assessments is to be shared; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: RA-05 + class: zero-padded - name: label value: RA-5 - name: label @@ -70893,9 +61271,6 @@ catalog: - id: ra-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Monitor and scan for vulnerabilities in the system and hosted\ @@ -70904,9 +61279,6 @@ catalog: - id: ra-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Employ vulnerability monitoring tools and techniques that\ @@ -70934,9 +61306,6 @@ catalog: - id: ra-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Analyze vulnerability scan reports and results from vulnerability @@ -70944,9 +61313,6 @@ catalog: - id: ra-5_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Remediate legitimate vulnerabilities {{ insert: param, ra-05_odp.03\ @@ -70954,9 +61320,6 @@ catalog: - id: ra-5_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: "Share information obtained from the vulnerability monitoring\ @@ -70966,9 +61329,6 @@ catalog: - id: ra-5_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: Employ vulnerability monitoring tools that include the capability @@ -71039,12 +61399,12 @@ catalog: Warnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports - a \"warning\" as part of the compliance scanning of a CSO, - follow guidance surrounding the tracking of compliance findings - during either the assessment phases (initial assessment, annual - assessment or any SCR) or monthly continuous monitoring as - it applies. Guidance on compliance scan findings can be found - by searching on \"Tracking of Compliance Scans\" in FAQs. + a “warning” as part of the compliance scanning of a CSO, follow + guidance surrounding the tracking of compliance findings during + either the assessment phases (initial assessment, annual assessment + or any SCR) or monthly continuous monitoring as it applies. + Guidance on compliance scan findings can be found by searching + on “Tracking of Compliance Scans” in FAQs. - id: ra-5_gdn name: guidance prose: >- @@ -71122,17 +61482,6 @@ catalog: - id: ra-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05a. class: sp800-53a @@ -71167,17 +61516,6 @@ catalog: - id: ra-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-05b. class: sp800-53a @@ -71187,17 +61525,6 @@ catalog: - id: ra-5_obj.b.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05b.01 class: sp800-53a @@ -71211,17 +61538,6 @@ catalog: - id: ra-5_obj.b.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05b.02 class: sp800-53a @@ -71235,17 +61551,6 @@ catalog: - id: ra-5_obj.b.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05b.03 class: sp800-53a @@ -71262,17 +61567,6 @@ catalog: - id: ra-5_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05c. class: sp800-53a @@ -71284,17 +61578,6 @@ catalog: - id: ra-5_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05d. class: sp800-53a @@ -71307,17 +61590,6 @@ catalog: - id: ra-5_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05e. class: sp800-53a @@ -71330,17 +61602,6 @@ catalog: - id: ra-5_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05f. class: sp800-53a @@ -71453,9 +61714,9 @@ catalog: - prose: the frequency for updating the system vulnerabilities to be scanned is defined (if selected); props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: RA-05(02) + class: zero-padded - name: label value: RA-5(2) - name: label @@ -71477,10 +61738,6 @@ catalog: parts: - id: ra-5.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Update the system vulnerabilities to be scanned {{ insert:\ \ param, ra-05.02_odp.01 }}." - id: ra-5.2_gdn @@ -71494,17 +61751,6 @@ catalog: - id: ra-5.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05(02) class: sp800-53a @@ -71590,9 +61836,9 @@ catalog: class: SP800-53-enhancement title: Breadth and Depth of Coverage props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: RA-05(03) + class: zero-padded - name: label value: RA-5(3) - name: label @@ -71612,10 +61858,6 @@ catalog: parts: - id: ra-5.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Define the breadth and depth of vulnerability scanning coverage. - id: ra-5.3_gdn name: guidance @@ -71634,17 +61876,6 @@ catalog: - id: ra-5.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05(03) class: sp800-53a @@ -71737,6 +61968,9 @@ catalog: - prose: corrective actions to be taken if information about the system is discoverable are defined; props: + - name: label + value: RA-05(04) + class: zero-padded - name: label value: RA-5(4) - name: label @@ -71760,10 +61994,6 @@ catalog: parts: - id: ra-5.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Determine information about the system that is discoverable\ \ and take {{ insert: param, ra-05.04_odp }}." - id: ra-5.4_gdn @@ -71788,17 +62018,6 @@ catalog: - id: ra-5.4_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05(04)[01] class: sp800-53a @@ -71809,17 +62028,6 @@ catalog: - id: ra-5.4_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05(04)[02] class: sp800-53a @@ -71939,6 +62147,9 @@ catalog: - prose: vulnerability scanning activities selected for privileged access authorization to system components are defined; props: + - name: label + value: RA-05(05) + class: zero-padded - name: label value: RA-5(5) - name: label @@ -71958,10 +62169,6 @@ catalog: parts: - id: ra-5.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement privileged access authorization to {{ insert:\ \ param, ra-05.05_odp.01 }} for {{ insert: param, ra-05.05_odp.02\ \ }}." @@ -71977,17 +62184,6 @@ catalog: - id: ra-5.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05(05) class: sp800-53a @@ -72106,6 +62302,9 @@ catalog: - prose: a time period for a potential previous exploit of a system is defined; props: + - name: label + value: RA-05(08) + class: zero-padded - name: label value: RA-5(8) - name: label @@ -72129,10 +62328,6 @@ catalog: parts: - id: ra-5.8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Review historic audit logs to determine if a vulnerability\ \ identified in a {{ insert: param, ra-05.08_odp.01 }} has been\ \ previously exploited within an {{ insert: param, ra-05.08_odp.02\ @@ -72161,17 +62356,6 @@ catalog: - id: ra-5.8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05(08) class: sp800-53a @@ -72263,6 +62447,9 @@ catalog: class: SP800-53-enhancement title: Public Disclosure Program props: + - name: label + value: RA-05(11) + class: zero-padded - name: label value: RA-5(11) - name: label @@ -72282,10 +62469,6 @@ catalog: parts: - id: ra-5.11_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Establish a public reporting channel for receiving reports of vulnerabilities in organizational systems and system components. - id: ra-5.11_gdn @@ -72299,17 +62482,6 @@ catalog: - id: ra-5.11_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05(11) class: sp800-53a @@ -72403,6 +62575,9 @@ catalog: class: SP800-53 title: Risk Response props: + - name: label + value: RA-07 + class: zero-padded - name: label value: RA-7 - name: label @@ -72446,10 +62621,6 @@ catalog: parts: - id: ra-7_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Respond to findings from security and privacy assessments, monitoring, and audits in accordance with organizational risk tolerance. - id: ra-7_gdn @@ -72469,17 +62640,6 @@ catalog: - id: ra-7_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-07 class: sp800-53a @@ -72606,6 +62766,9 @@ catalog: - prose: decision points in the system development life cycle when a criticality analysis is to be performed are defined; props: + - name: label + value: RA-09 + class: zero-padded - name: label value: RA-9 - name: label @@ -72644,10 +62807,6 @@ catalog: parts: - id: ra-9_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Identify critical system components and functions by performing\ \ a criticality analysis for {{ insert: param, ra-09_odp.01 }} at\ \ {{ insert: param, ra-09_odp.02 }}." @@ -72697,17 +62856,6 @@ catalog: - id: ra-9_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-09 class: sp800-53a @@ -72847,6 +62995,9 @@ catalog: - prose: events that would require the system and services acquisition procedures to be reviewed and updated are defined; props: + - name: label + value: SA-01 + class: zero-padded - name: label value: SA-1 - name: label @@ -72888,11 +63039,6 @@ catalog: - id: sa-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -72933,9 +63079,6 @@ catalog: - id: sa-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, sa-01_odp.04 }} to manage\ @@ -72944,11 +63087,6 @@ catalog: - id: sa-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current system and services acquisition:" @@ -73009,17 +63147,6 @@ catalog: - id: sa-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-01a.[01] class: sp800-53a @@ -73031,17 +63158,6 @@ catalog: - id: sa-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-01a.[02] class: sp800-53a @@ -73053,13 +63169,6 @@ catalog: - id: sa-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-01a.[03] class: sp800-53a @@ -73073,13 +63182,6 @@ catalog: - id: sa-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-01a.[04] class: sp800-53a @@ -73098,13 +63200,6 @@ catalog: - id: sa-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-01a.01(a) class: sp800-53a @@ -73194,13 +63289,6 @@ catalog: - id: sa-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-01a.01(b) class: sp800-53a @@ -73220,17 +63308,6 @@ catalog: - id: sa-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-01b. class: sp800-53a @@ -73250,17 +63327,6 @@ catalog: - id: sa-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-01c.01 class: sp800-53a @@ -73294,17 +63360,6 @@ catalog: - id: sa-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-01c.02 class: sp800-53a @@ -73394,6 +63449,9 @@ catalog: class: SP800-53 title: Allocation of Resources props: + - name: label + value: SA-02 + class: zero-padded - name: label value: SA-2 - name: label @@ -73433,9 +63491,6 @@ catalog: - id: sa-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Determine the high-level information security and privacy @@ -73444,9 +63499,6 @@ catalog: - id: sa-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Determine, document, and allocate the resources required @@ -73455,9 +63507,6 @@ catalog: - id: sa-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Establish a discrete line item for information security and @@ -73484,17 +63533,6 @@ catalog: - id: sa-2_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-02a.[01] class: sp800-53a @@ -73507,17 +63545,6 @@ catalog: - id: sa-2_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-02a.[02] class: sp800-53a @@ -73540,17 +63567,6 @@ catalog: - id: sa-2_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-02b.[01] class: sp800-53a @@ -73563,17 +63579,6 @@ catalog: - id: sa-2_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-02b.[02] class: sp800-53a @@ -73596,17 +63601,6 @@ catalog: - id: sa-2_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-02c.[01] class: sp800-53a @@ -73618,17 +63612,6 @@ catalog: - id: sa-2_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-02c.[02] class: sp800-53a @@ -73737,6 +63720,9 @@ catalog: guidelines: - prose: system development life cycle is defined; props: + - name: label + value: SA-03 + class: zero-padded - name: label value: SA-3 - name: label @@ -73798,9 +63784,6 @@ catalog: - id: sa-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Acquire, develop, and manage the system using {{ insert:\ @@ -73809,9 +63792,6 @@ catalog: - id: sa-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Define and document information security and privacy roles @@ -73819,9 +63799,6 @@ catalog: - id: sa-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Identify individuals having information security and privacy @@ -73829,9 +63806,6 @@ catalog: - id: sa-3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Integrate the organizational information security and privacy @@ -73891,17 +63865,6 @@ catalog: - id: sa-3_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03a.[01] class: sp800-53a @@ -73914,17 +63877,6 @@ catalog: - id: sa-3_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03a.[02] class: sp800-53a @@ -73947,17 +63899,6 @@ catalog: - id: sa-3_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03b.[01] class: sp800-53a @@ -73969,17 +63910,6 @@ catalog: - id: sa-3_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03b.[02] class: sp800-53a @@ -74001,17 +63931,6 @@ catalog: - id: sa-3_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03c.[01] class: sp800-53a @@ -74023,17 +63942,6 @@ catalog: - id: sa-3_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03c.[02] class: sp800-53a @@ -74055,17 +63963,6 @@ catalog: - id: sa-3_obj.d-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03d.[01] class: sp800-53a @@ -74077,17 +63974,6 @@ catalog: - id: sa-3_obj.d-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03d.[02] class: sp800-53a @@ -74215,6 +64101,9 @@ catalog: guidelines: - prose: contract language is defined (if selected); props: + - name: label + value: SA-04 + class: zero-padded - name: label value: SA-4 - name: label @@ -74310,63 +64199,42 @@ catalog: - id: sa-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Security and privacy functional requirements; - id: sa-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Strength of mechanism requirements; - id: sa-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Security and privacy assurance requirements; - id: sa-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Controls needed to satisfy the security and privacy requirements. - id: sa-4_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Security and privacy documentation requirements; - id: sa-4_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: Requirements for protecting security and privacy documentation; - id: sa-4_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: Description of the system development environment and environment @@ -74374,9 +64242,6 @@ catalog: - id: sa-4_smt.h name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: h. prose: Allocation of responsibility or identification of parties @@ -74385,9 +64250,6 @@ catalog: - id: sa-4_smt.i name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: i. prose: Acceptance criteria. @@ -74479,39 +64341,6 @@ catalog: - id: sa-4_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04a.[01] class: sp800-53a @@ -74525,39 +64354,6 @@ catalog: - id: sa-4_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04a.[02] class: sp800-53a @@ -74574,17 +64370,6 @@ catalog: - id: sa-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04b. class: sp800-53a @@ -74672,17 +64457,6 @@ catalog: - id: sa-4_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04e. class: sp800-53a @@ -74719,17 +64493,6 @@ catalog: - id: sa-4_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04f. class: sp800-53a @@ -74767,17 +64530,6 @@ catalog: - id: sa-4_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04g. class: sp800-53a @@ -74792,17 +64544,6 @@ catalog: - id: sa-4_obj.h name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04h. class: sp800-53a @@ -74854,17 +64595,6 @@ catalog: - id: sa-4_obj.i name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04i. class: sp800-53a @@ -74971,6 +64701,9 @@ catalog: class: SP800-53-enhancement title: Functional Properties of Controls props: + - name: label + value: SA-04(01) + class: zero-padded - name: label value: SA-4(1) - name: label @@ -74990,10 +64723,6 @@ catalog: parts: - id: sa-4.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Require the developer of the system, system component, or system service to provide a description of the functional properties of the controls to be implemented. @@ -75007,17 +64736,6 @@ catalog: - id: sa-4.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04(01) class: sp800-53a @@ -75140,6 +64858,9 @@ catalog: guidelines: - prose: level of detail is defined; props: + - name: label + value: SA-04(02) + class: zero-padded - name: label value: SA-4(2) - name: label @@ -75159,10 +64880,6 @@ catalog: parts: - id: sa-4.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Require the developer of the system, system component, or\ \ system service to provide design and implementation information\ \ for the controls that includes: {{ insert: param, sa-04.02_odp.01\ @@ -75188,17 +64905,6 @@ catalog: - id: sa-4.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04(02) class: sp800-53a @@ -75310,6 +65016,9 @@ catalog: - prose: security configurations for the system, component, or service are defined; props: + - name: label + value: SA-04(05) + class: zero-padded - name: label value: SA-4(5) - name: label @@ -75335,9 +65044,6 @@ catalog: - id: sa-4.5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Deliver the system, component, or service with {{ insert:\ @@ -75345,9 +65051,6 @@ catalog: - id: sa-4.5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Use the configurations as the default for any subsequent @@ -75369,17 +65072,6 @@ catalog: - id: sa-4.5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-04(05)(a) class: sp800-53a @@ -75392,17 +65084,6 @@ catalog: - id: sa-4.5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-04(05)(b) class: sp800-53a @@ -75495,6 +65176,9 @@ catalog: class: SP800-53-enhancement title: Functions, Ports, Protocols, and Services in Use props: + - name: label + value: SA-04(09) + class: zero-padded - name: label value: SA-4(9) - name: label @@ -75518,10 +65202,6 @@ catalog: parts: - id: sa-4.9_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Require the developer of the system, system component, or system service to identify the functions, ports, protocols, and services intended for organizational use. @@ -75545,17 +65225,6 @@ catalog: - id: sa-4.9_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04(09) class: sp800-53a @@ -75692,6 +65361,9 @@ catalog: class: SP800-53-enhancement title: Use of Approved PIV Products props: + - name: label + value: SA-04(10) + class: zero-padded - name: label value: SA-4(10) - name: label @@ -75717,10 +65389,6 @@ catalog: parts: - id: sa-4.10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ only information technology products on the FIPS 201-approved products list for Personal Identity Verification (PIV) capability implemented within organizational systems. @@ -75733,17 +65401,6 @@ catalog: - id: sa-4.10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04(10) class: sp800-53a @@ -75852,6 +65509,9 @@ catalog: - prose: personnel or roles to distribute system documentation to is/are defined; props: + - name: label + value: SA-05 + class: zero-padded - name: label value: SA-5 - name: label @@ -75913,9 +65573,6 @@ catalog: - id: sa-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Obtain or develop administrator documentation for the system,\ @@ -75945,9 +65602,6 @@ catalog: - id: sa-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Obtain or develop user documentation for the system, system\ @@ -75978,9 +65632,6 @@ catalog: - id: sa-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Document attempts to obtain system, system component, or\ @@ -75990,9 +65641,6 @@ catalog: - id: sa-5_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Distribute documentation to {{ insert: param, sa-05_odp.02\ @@ -76034,17 +65682,6 @@ catalog: - id: sa-5_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05a.01 class: sp800-53a @@ -76101,17 +65738,6 @@ catalog: - id: sa-5_obj.a.2-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05a.02[01] class: sp800-53a @@ -76125,17 +65751,6 @@ catalog: - id: sa-5_obj.a.2-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05a.02[02] class: sp800-53a @@ -76149,17 +65764,6 @@ catalog: - id: sa-5_obj.a.2-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05a.02[03] class: sp800-53a @@ -76173,17 +65777,6 @@ catalog: - id: sa-5_obj.a.2-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05a.02[04] class: sp800-53a @@ -76200,17 +65793,6 @@ catalog: - id: sa-5_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05a.03 class: sp800-53a @@ -76264,17 +65846,6 @@ catalog: - id: sa-5_obj.b.1-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.01[01] class: sp800-53a @@ -76287,17 +65858,6 @@ catalog: - id: sa-5_obj.b.1-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.01[02] class: sp800-53a @@ -76311,17 +65871,6 @@ catalog: - id: sa-5_obj.b.1-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.01[03] class: sp800-53a @@ -76334,17 +65883,6 @@ catalog: - id: sa-5_obj.b.1-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.01[04] class: sp800-53a @@ -76368,17 +65906,6 @@ catalog: - id: sa-5_obj.b.2-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.02[01] class: sp800-53a @@ -76392,17 +65919,6 @@ catalog: - id: sa-5_obj.b.2-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.02[02] class: sp800-53a @@ -76427,17 +65943,6 @@ catalog: - id: sa-5_obj.b.3-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.03[01] class: sp800-53a @@ -76451,17 +65956,6 @@ catalog: - id: sa-5_obj.b.3-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.03[02] class: sp800-53a @@ -76488,17 +65982,6 @@ catalog: - id: sa-5_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-05c.[01] class: sp800-53a @@ -76511,17 +65994,6 @@ catalog: - id: sa-5_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-05c.[02] class: sp800-53a @@ -76538,17 +66010,6 @@ catalog: - id: sa-5_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-05d. class: sp800-53a @@ -76668,6 +66129,9 @@ catalog: guidelines: - prose: privacy engineering principles are defined; props: + - name: label + value: SA-08 + class: zero-padded - name: label value: SA-8 - name: label @@ -76741,10 +66205,6 @@ catalog: parts: - id: sa-8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Apply the following systems security and privacy engineering\ \ principles in the specification, design, development, implementation,\ \ and modification of the system and system components: {{ insert:\ @@ -76795,17 +66255,6 @@ catalog: - id: sa-8_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[01] class: sp800-53a @@ -76817,17 +66266,6 @@ catalog: - id: sa-8_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[02] class: sp800-53a @@ -76839,17 +66277,6 @@ catalog: - id: sa-8_obj-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[03] class: sp800-53a @@ -76861,17 +66288,6 @@ catalog: - id: sa-8_obj-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[04] class: sp800-53a @@ -76883,17 +66299,6 @@ catalog: - id: sa-8_obj-5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[05] class: sp800-53a @@ -76905,17 +66310,6 @@ catalog: - id: sa-8_obj-6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[06] class: sp800-53a @@ -76927,17 +66321,6 @@ catalog: - id: sa-8_obj-7 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[07] class: sp800-53a @@ -76949,17 +66332,6 @@ catalog: - id: sa-8_obj-8 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[08] class: sp800-53a @@ -76971,17 +66343,6 @@ catalog: - id: sa-8_obj-9 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[09] class: sp800-53a @@ -76993,17 +66354,6 @@ catalog: - id: sa-8_obj-10 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[10] class: sp800-53a @@ -77128,9 +66478,9 @@ catalog: - prose: processes, methods, and techniques employed to monitor control compliance by external service providers are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SA-09 + class: zero-padded - name: label value: SA-9 - name: label @@ -77186,9 +66536,6 @@ catalog: - id: sa-9_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Require that providers of external system services comply\ @@ -77197,9 +66544,6 @@ catalog: - id: sa-9_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Define and document organizational oversight and user roles @@ -77208,9 +66552,6 @@ catalog: - id: sa-9_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Employ the following processes, methods, and techniques\ @@ -77256,17 +66597,6 @@ catalog: - id: sa-9_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-09a.[01] class: sp800-53a @@ -77278,17 +66608,6 @@ catalog: - id: sa-9_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-09a.[02] class: sp800-53a @@ -77300,13 +66619,6 @@ catalog: - id: sa-9_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-09a.[03] class: sp800-53a @@ -77328,13 +66640,6 @@ catalog: - id: sa-9_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-09b.[01] class: sp800-53a @@ -77346,13 +66651,6 @@ catalog: - id: sa-9_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-09b.[02] class: sp800-53a @@ -77367,17 +66665,6 @@ catalog: - id: sa-9_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-09c. class: sp800-53a @@ -77498,6 +66785,9 @@ catalog: - prose: personnel or roles that approve the acquisition or outsourcing of dedicated information security services is/are defined; props: + - name: label + value: SA-09(01) + class: zero-padded - name: label value: SA-9(1) - name: label @@ -77527,9 +66817,6 @@ catalog: - id: sa-9.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Conduct an organizational assessment of risk prior to @@ -77538,9 +66825,6 @@ catalog: - id: sa-9.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Verify that the acquisition or outsourcing of dedicated\ @@ -77563,17 +66847,6 @@ catalog: - id: sa-9.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-09(01)(a) class: sp800-53a @@ -77586,17 +66859,6 @@ catalog: - id: sa-9.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-09(01)(b) class: sp800-53a @@ -77715,6 +66977,9 @@ catalog: - prose: external system services that require the identification of functions, ports, protocols, and other services are defined; props: + - name: label + value: SA-09(02) + class: zero-padded - name: label value: SA-9(2) - name: label @@ -77738,10 +67003,6 @@ catalog: parts: - id: sa-9.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Require providers of the following external system services\ \ to identify the functions, ports, protocols, and other services\ \ required for the use of such services: {{ insert: param, sa-09.02_odp\ @@ -77756,17 +67017,6 @@ catalog: - id: sa-9.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-09(02) class: sp800-53a @@ -77874,6 +67124,9 @@ catalog: - prose: "requirements or conditions for restricting the location\ \ of {{ insert: param, sa-09.05_odp.01 }} are defined;" props: + - name: label + value: SA-09(05) + class: zero-padded - name: label value: SA-9(5) - name: label @@ -77897,10 +67150,6 @@ catalog: parts: - id: sa-9.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Restrict the location of {{ insert: param, sa-09.05_odp.01\ \ }} to {{ insert: param, sa-09.05_odp.02 }} based on {{ insert:\ \ param, sa-09.05_odp.03 }}." @@ -77924,17 +67173,6 @@ catalog: - id: sa-9.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-09(05) class: sp800-53a @@ -78064,6 +67302,9 @@ catalog: - prose: personnel to whom security flaws and flaw resolutions within the system, component, or service are reported is/are defined; props: + - name: label + value: SA-10 + class: zero-padded - name: label value: SA-10 - name: label @@ -78125,9 +67366,6 @@ catalog: - id: sa-10_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Perform configuration management during system, component,\ @@ -78135,9 +67373,6 @@ catalog: - id: sa-10_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Document, manage, and control the integrity of changes to\ @@ -78145,9 +67380,6 @@ catalog: - id: sa-10_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Implement only organization-approved changes to the system, @@ -78155,9 +67387,6 @@ catalog: - id: sa-10_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Document approved changes to the system, component, or service @@ -78166,9 +67395,6 @@ catalog: - id: sa-10_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: "Track security flaws and flaw resolution within the system,\ @@ -78223,17 +67449,6 @@ catalog: - id: sa-10_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-10a. class: sp800-53a @@ -78247,21 +67462,6 @@ catalog: - id: sa-10_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-10b. class: sp800-53a @@ -78308,17 +67508,6 @@ catalog: - id: sa-10_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-10c. class: sp800-53a @@ -78331,17 +67520,6 @@ catalog: - id: sa-10_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-10d. class: sp800-53a @@ -78388,17 +67566,6 @@ catalog: - id: sa-10_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-10e. class: sp800-53a @@ -78559,6 +67726,9 @@ catalog: - prose: "depth and coverage of {{ insert: param, sa-11_odp.01 }}\ \ testing/evaluation is defined;" props: + - name: label + value: SA-11 + class: zero-padded - name: label value: SA-11 - name: label @@ -78619,9 +67789,6 @@ catalog: - id: sa-11_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Develop and implement a plan for ongoing security and privacy @@ -78629,9 +67796,6 @@ catalog: - id: sa-11_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Perform {{ insert: param, sa-11_odp.01 }} testing/evaluation\ @@ -78640,9 +67804,6 @@ catalog: - id: sa-11_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Produce evidence of the execution of the assessment plan @@ -78650,18 +67811,12 @@ catalog: - id: sa-11_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Implement a verifiable flaw remediation process; and - id: sa-11_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Correct flaws identified during testing and evaluation. @@ -78720,21 +67875,6 @@ catalog: - id: sa-11_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11a.[01] class: sp800-53a @@ -78748,21 +67888,6 @@ catalog: - id: sa-11_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11a.[02] class: sp800-53a @@ -78776,21 +67901,6 @@ catalog: - id: sa-11_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11a.[03] class: sp800-53a @@ -78803,21 +67913,6 @@ catalog: - id: sa-11_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11a.[04] class: sp800-53a @@ -78834,17 +67929,6 @@ catalog: - id: sa-11_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11b. class: sp800-53a @@ -78859,17 +67943,6 @@ catalog: - id: sa-11_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-11c. class: sp800-53a @@ -78906,17 +67979,6 @@ catalog: - id: sa-11_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11d. class: sp800-53a @@ -78929,17 +67991,6 @@ catalog: - id: sa-11_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11e. class: sp800-53a @@ -79066,9 +68117,9 @@ catalog: class: SP800-53-enhancement title: Static Code Analysis props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SA-11(01) + class: zero-padded - name: label value: SA-11(1) - name: label @@ -79088,10 +68139,6 @@ catalog: parts: - id: sa-11.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Require the developer of the system, system component, or system service to employ static code analysis tools to identify common flaws and document the results of the analysis. @@ -79136,17 +68183,6 @@ catalog: - id: sa-11.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(01) class: sp800-53a @@ -79332,6 +68368,9 @@ catalog: - prose: acceptance criteria to be met by produced evidence for vulnerability analyses are defined; props: + - name: label + value: SA-11(02) + class: zero-padded - name: label value: SA-11(2) - name: label @@ -79365,9 +68404,6 @@ catalog: - id: sa-11.2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Uses the following contextual information: {{ insert:\ @@ -79375,9 +68411,6 @@ catalog: - id: sa-11.2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Employs the following tools and methods: {{ insert:\ @@ -79385,9 +68418,6 @@ catalog: - id: sa-11.2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: "Conducts the modeling and analyses at the following\ @@ -79395,9 +68425,6 @@ catalog: - id: sa-11.2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (d) prose: "Produces evidence that meets the following acceptance\ @@ -79432,17 +68459,6 @@ catalog: - id: sa-11.2_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(a)[01] class: sp800-53a @@ -79456,17 +68472,6 @@ catalog: - id: sa-11.2_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(a)[02] class: sp800-53a @@ -79481,17 +68486,6 @@ catalog: - id: sa-11.2_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(a)[03] class: sp800-53a @@ -79506,17 +68500,6 @@ catalog: - id: sa-11.2_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(a)[04] class: sp800-53a @@ -79541,17 +68524,6 @@ catalog: - id: sa-11.2_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(b)[01] class: sp800-53a @@ -79565,17 +68537,6 @@ catalog: - id: sa-11.2_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(b)[02] class: sp800-53a @@ -79590,17 +68551,6 @@ catalog: - id: sa-11.2_obj.b-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(b)[03] class: sp800-53a @@ -79615,17 +68565,6 @@ catalog: - id: sa-11.2_obj.b-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(b)[04] class: sp800-53a @@ -79650,17 +68589,6 @@ catalog: - id: sa-11.2_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(c)[01] class: sp800-53a @@ -79674,17 +68602,6 @@ catalog: - id: sa-11.2_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(c)[02] class: sp800-53a @@ -79709,17 +68626,6 @@ catalog: - id: sa-11.2_obj.d-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-11(02)(d)[01] class: sp800-53a @@ -79734,17 +68640,6 @@ catalog: - id: sa-11.2_obj.d-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-11(02)(d)[02] class: sp800-53a @@ -79759,17 +68654,6 @@ catalog: - id: sa-11.2_obj.d-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-11(02)(d)[03] class: sp800-53a @@ -79784,17 +68668,6 @@ catalog: - id: sa-11.2_obj.d-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-11(02)(d)[04] class: sp800-53a @@ -79937,6 +68810,9 @@ catalog: - prose: privacy requirements to be satisfied by the process, standards, tools, tool options, and tool configurations are defined; props: + - name: label + value: SA-15 + class: zero-padded - name: label value: SA-15 - name: label @@ -79984,9 +68860,6 @@ catalog: - id: sa-15_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Require the developer of the system, system component, or\ @@ -80022,9 +68895,6 @@ catalog: - id: sa-15_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review the development process, standards, tools, tool options,\ @@ -80066,17 +68936,6 @@ catalog: - id: sa-15_obj.a.1-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-15a.01[01] class: sp800-53a @@ -80089,17 +68948,6 @@ catalog: - id: sa-15_obj.a.1-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-15a.01[02] class: sp800-53a @@ -80115,17 +68963,6 @@ catalog: - id: sa-15_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-15a.02 class: sp800-53a @@ -80162,17 +68999,6 @@ catalog: - id: sa-15_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-15a.03 class: sp800-53a @@ -80209,21 +69035,6 @@ catalog: - id: sa-15_obj.a.4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-15a.04 class: sp800-53a @@ -80247,17 +69058,6 @@ catalog: - id: sa-15_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-15b.[01] class: sp800-53a @@ -80274,17 +69074,6 @@ catalog: - id: sa-15_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-15b.[02] class: sp800-53a @@ -80423,6 +69212,9 @@ catalog: guidelines: - prose: the depth of criticality analysis is defined; props: + - name: label + value: SA-15(03) + class: zero-padded - name: label value: SA-15(3) - name: label @@ -80450,9 +69242,6 @@ catalog: - id: sa-15.3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "At the following decision points in the system development\ @@ -80460,9 +69249,6 @@ catalog: - id: sa-15.3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "At the following level of rigor: {{ insert: param, sa-15.3_prm_2\ @@ -80485,17 +69271,6 @@ catalog: - id: sa-15.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-15(03) class: sp800-53a @@ -80661,6 +69436,9 @@ catalog: by the developer of the system, system component, or system service is defined; props: + - name: label + value: SA-16 + class: zero-padded - name: label value: SA-16 - name: label @@ -80688,10 +69466,6 @@ catalog: parts: - id: sa-16_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Require the developer of the system, system component, or system\ \ service to provide the following training on the correct use and\ \ operation of the implemented security and privacy functions, controls,\ @@ -80711,17 +69485,6 @@ catalog: - id: sa-16_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-16 class: sp800-53a @@ -80817,6 +69580,9 @@ catalog: class: SP800-53 title: Developer Security and Privacy Architecture and Design props: + - name: label + value: SA-17 + class: zero-padded - name: label value: SA-17 - name: label @@ -80861,9 +69627,6 @@ catalog: - id: sa-17_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Is consistent with the organization’s security and privacy @@ -80872,9 +69635,6 @@ catalog: - id: sa-17_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Accurately and completely describes the required security @@ -80883,9 +69643,6 @@ catalog: - id: sa-17_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Expresses how individual security and privacy functions, @@ -80925,17 +69682,6 @@ catalog: - id: sa-17_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-17(a)[01] class: sp800-53a @@ -80950,17 +69696,6 @@ catalog: - id: sa-17_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-17(a)[02] class: sp800-53a @@ -80985,17 +69720,6 @@ catalog: - id: sa-17_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-17(b)[01] class: sp800-53a @@ -81010,17 +69734,6 @@ catalog: - id: sa-17_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-17(b)[02] class: sp800-53a @@ -81045,17 +69758,6 @@ catalog: - id: sa-17_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-17(c)[01] class: sp800-53a @@ -81070,17 +69772,6 @@ catalog: - id: sa-17_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-17(c)[02] class: sp800-53a @@ -81192,6 +69883,9 @@ catalog: - prose: additional personnel screening criteria for the developer are defined; props: + - name: label + value: SA-21 + class: zero-padded - name: label value: SA-21 - name: label @@ -81227,9 +69921,6 @@ catalog: - id: sa-21_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Has appropriate access authorizations as determined by assigned\ @@ -81237,9 +69928,6 @@ catalog: - id: sa-21_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Satisfies the following additional personnel screening criteria:\ @@ -81274,17 +69962,6 @@ catalog: - id: sa-21_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-21a. class: sp800-53a @@ -81297,17 +69974,6 @@ catalog: - id: sa-21_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-21b. class: sp800-53a @@ -81419,6 +70085,9 @@ catalog: guidelines: - prose: support from external providers is defined (if selected); props: + - name: label + value: SA-22 + class: zero-padded - name: label value: SA-22 - name: label @@ -81444,9 +70113,6 @@ catalog: - id: sa-22_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Replace system components when support for the components @@ -81455,9 +70121,6 @@ catalog: - id: sa-22_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Provide the following options for alternative sources for\ @@ -81502,17 +70165,6 @@ catalog: - id: sa-22_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-22a. class: sp800-53a @@ -81524,17 +70176,6 @@ catalog: - id: sa-22_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-22b. class: sp800-53a @@ -81680,6 +70321,9 @@ catalog: - prose: events that would require the system and communications protection procedures to be reviewed and updated are defined; props: + - name: label + value: SC-01 + class: zero-padded - name: label value: SC-1 - name: label @@ -81715,11 +70359,6 @@ catalog: - id: sc-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -81760,9 +70399,6 @@ catalog: - id: sc-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, sc-01_odp.04 }} to manage\ @@ -81771,11 +70407,6 @@ catalog: - id: sc-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current system and communications\ @@ -81837,17 +70468,6 @@ catalog: - id: sc-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-01a.[01] class: sp800-53a @@ -81859,17 +70479,6 @@ catalog: - id: sc-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-01a.[02] class: sp800-53a @@ -81881,13 +70490,6 @@ catalog: - id: sc-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SC-01a.[03] class: sp800-53a @@ -81901,13 +70503,6 @@ catalog: - id: sc-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SC-01a.[04] class: sp800-53a @@ -81926,13 +70521,6 @@ catalog: - id: sc-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SC-01a.01(a) class: sp800-53a @@ -82022,13 +70610,6 @@ catalog: - id: sc-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SC-01a.01(b) class: sp800-53a @@ -82048,17 +70629,6 @@ catalog: - id: sc-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-01b. class: sp800-53a @@ -82078,17 +70648,6 @@ catalog: - id: sc-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-01c.01 class: sp800-53a @@ -82123,17 +70682,6 @@ catalog: - id: sc-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-01c.02 class: sp800-53a @@ -82218,6 +70766,9 @@ catalog: class: SP800-53 title: Separation of System and User Functionality props: + - name: label + value: SC-02 + class: zero-padded - name: label value: SC-2 - name: label @@ -82251,10 +70802,6 @@ catalog: parts: - id: sc-2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Separate user functionality, including user interface services, from system management functionality. - id: sc-2_gdn @@ -82280,17 +70827,6 @@ catalog: - id: sc-2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-02 class: sp800-53a @@ -82359,6 +70895,9 @@ catalog: class: SP800-53 title: Security Function Isolation props: + - name: label + value: SC-03 + class: zero-padded - name: label value: SC-3 - name: label @@ -82406,10 +70945,6 @@ catalog: parts: - id: sc-3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Isolate security functions from nonsecurity functions. - id: sc-3_gdn name: guidance @@ -82435,17 +70970,6 @@ catalog: - id: sc-3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-03 class: sp800-53a @@ -82523,6 +71047,9 @@ catalog: class: SP800-53 title: Information in Shared System Resources props: + - name: label + value: SC-04 + class: zero-padded - name: label value: SC-4 - name: label @@ -82543,10 +71070,6 @@ catalog: parts: - id: sc-4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Prevent unauthorized and unintended information transfer via shared system resources. - id: sc-4_gdn @@ -82570,17 +71093,6 @@ catalog: - id: sc-4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-04 class: sp800-53a @@ -82699,6 +71211,9 @@ catalog: - prose: controls to achieve the denial-of-service objective by type of denial-of-service event are defined; props: + - name: label + value: SC-05 + class: zero-padded - name: label value: SC-5 - name: label @@ -82729,9 +71244,6 @@ catalog: - id: sc-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: " {{ insert: param, sc-05_odp.02 }} the effects of the following\ @@ -82740,9 +71252,6 @@ catalog: - id: sc-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Employ the following controls to achieve the denial-of-service\ @@ -82771,17 +71280,6 @@ catalog: - id: sc-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-05a. class: sp800-53a @@ -82793,13 +71291,6 @@ catalog: - id: sc-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-05b. class: sp800-53a @@ -82895,9 +71386,9 @@ catalog: - physically - logically props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-07 + class: zero-padded - name: label value: SC-7 - name: label @@ -82978,9 +71469,6 @@ catalog: - id: sc-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Monitor and control communications at the external managed @@ -82989,9 +71477,6 @@ catalog: - id: sc-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Implement subnetworks for publicly accessible system components\ @@ -83000,9 +71485,6 @@ catalog: - id: sc-7_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Connect to external networks or systems only through managed @@ -83065,17 +71547,6 @@ catalog: - id: sc-7_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-07a.[01] class: sp800-53a @@ -83087,17 +71558,6 @@ catalog: - id: sc-7_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-07a.[02] class: sp800-53a @@ -83109,17 +71569,6 @@ catalog: - id: sc-7_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-07a.[03] class: sp800-53a @@ -83131,17 +71580,6 @@ catalog: - id: sc-7_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-07a.[04] class: sp800-53a @@ -83156,21 +71594,6 @@ catalog: - id: sc-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07b. class: sp800-53a @@ -83183,21 +71606,6 @@ catalog: - id: sc-7_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07c. class: sp800-53a @@ -83280,9 +71688,9 @@ catalog: class: SP800-53-enhancement title: Access Points props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-07(03) + class: zero-padded - name: label value: SC-7(3) - name: label @@ -83299,10 +71707,6 @@ catalog: parts: - id: sc-7.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Limit the number of external network connections to the system. - id: sc-7.3_gdn name: guidance @@ -83320,21 +71724,6 @@ catalog: - id: sc-7.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(03) class: sp800-53a @@ -83433,9 +71822,9 @@ catalog: - prose: the frequency at which to review exceptions to traffic flow policy is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-07(04) + class: zero-padded - name: label value: SC-7(4) - name: label @@ -83466,9 +71855,6 @@ catalog: - id: sc-7.4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Implement a managed interface for each external telecommunication @@ -83476,18 +71862,12 @@ catalog: - id: sc-7.4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Establish a traffic flow policy for each managed interface; - id: sc-7.4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: Protect the confidentiality and integrity of the information @@ -83495,9 +71875,6 @@ catalog: - id: sc-7.4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (d) prose: Document each exception to the traffic flow policy with @@ -83506,9 +71883,6 @@ catalog: - id: sc-7.4_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (e) prose: "Review exceptions to the traffic flow policy {{ insert:\ @@ -83517,9 +71891,6 @@ catalog: - id: sc-7.4_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (f) prose: Prevent unauthorized exchange of control plane traffic @@ -83527,9 +71898,6 @@ catalog: - id: sc-7.4_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (g) prose: Publish information to enable remote networks to detect @@ -83538,9 +71906,6 @@ catalog: - id: sc-7.4_smt.h name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (h) prose: Filter unauthorized control plane traffic from external @@ -83564,21 +71929,6 @@ catalog: - id: sc-7.4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(04)(a) class: sp800-53a @@ -83590,17 +71940,6 @@ catalog: - id: sc-7.4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-07(04)(b) class: sp800-53a @@ -83612,17 +71951,6 @@ catalog: - id: sc-7.4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(04)(c) class: sp800-53a @@ -83655,17 +71983,6 @@ catalog: - id: sc-7.4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-07(04)(d) class: sp800-53a @@ -83678,17 +71995,6 @@ catalog: - id: sc-7.4_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-07(04)(e) class: sp800-53a @@ -83722,21 +72028,6 @@ catalog: - id: sc-7.4_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(04)(f) class: sp800-53a @@ -83748,21 +72039,6 @@ catalog: - id: sc-7.4_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(04)(g) class: sp800-53a @@ -83774,21 +72050,6 @@ catalog: - id: sc-7.4_obj.h name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(04)(h) class: sp800-53a @@ -83911,9 +72172,9 @@ catalog: by default and network communications traffic is allowed by exception are defined (if selected). props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-07(05) + class: zero-padded - name: label value: SC-7(5) - name: label @@ -83930,10 +72191,6 @@ catalog: parts: - id: sc-7.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Deny network communications traffic by default and allow\ \ network communications traffic by exception {{ insert: param,\ \ sc-07.05_odp.01 }}." @@ -83960,21 +72217,6 @@ catalog: - id: sc-7.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(05) class: sp800-53a @@ -84080,9 +72322,9 @@ catalog: - prose: safeguards to securely provision split tunneling are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-07(07) + class: zero-padded - name: label value: SC-7(7) - name: label @@ -84099,10 +72341,6 @@ catalog: parts: - id: sc-7.7_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Prevent split tunneling for remote devices connecting to\ \ organizational systems unless the split tunnel is securely provisioned\ \ using {{ insert: param, sc-07.07_odp }}." @@ -84131,21 +72369,6 @@ catalog: - id: sc-7.7_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(07) class: sp800-53a @@ -84247,9 +72470,9 @@ catalog: - prose: external networks to which internal communications traffic is to be routed are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-07(08) + class: zero-padded - name: label value: SC-7(8) - name: label @@ -84268,10 +72491,6 @@ catalog: parts: - id: sc-7.8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Route {{ insert: param, sc-07.08_odp.01 }} to {{ insert:\ \ param, sc-07.08_odp.02 }} through authenticated proxy servers\ \ at managed interfaces." @@ -84297,21 +72516,6 @@ catalog: - id: sc-7.8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(08) class: sp800-53a @@ -84402,6 +72606,9 @@ catalog: guidelines: - prose: the frequency for conducting exfiltration tests is defined; props: + - name: label + value: SC-07(10) + class: zero-padded - name: label value: SC-7(10) - name: label @@ -84428,18 +72635,12 @@ catalog: - id: sc-7.10_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Prevent the exfiltration of information; and - id: sc-7.10_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Conduct exfiltration tests {{ insert: param, sc-07.10_odp\ @@ -84476,21 +72677,6 @@ catalog: - id: sc-7.10_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(10)(a) class: sp800-53a @@ -84501,17 +72687,6 @@ catalog: - id: sc-7.10_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-07(10)(b) class: sp800-53a @@ -84605,9 +72780,9 @@ catalog: - prose: system components where host-based boundary protection mechanisms are to be implemented are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-07(12) + class: zero-padded - name: label value: SC-7(12) - name: label @@ -84624,10 +72799,6 @@ catalog: parts: - id: sc-7.12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement {{ insert: param, sc-07.12_odp.01 }} at {{ insert:\ \ param, sc-07.12_odp.02 }}." - id: sc-7.12_gdn @@ -84639,21 +72810,6 @@ catalog: - id: sc-7.12_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(12) class: sp800-53a @@ -84735,9 +72891,9 @@ catalog: class: SP800-53-enhancement title: Fail Secure props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-07(18) + class: zero-padded - name: label value: SC-7(18) - name: label @@ -84763,10 +72919,6 @@ catalog: parts: - id: sc-7.18_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Prevent systems from entering unsecure states in the event of an operational failure of a boundary protection device. - id: sc-7.18_gdn @@ -84784,21 +72936,6 @@ catalog: - id: sc-7.18_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(18) class: sp800-53a @@ -84885,9 +73022,9 @@ catalog: - prose: system components to be dynamically isolated from other system components are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-07(20) + class: zero-padded - name: label value: SC-7(20) - name: label @@ -84904,10 +73041,6 @@ catalog: parts: - id: sc-7.20_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Provide the capability to dynamically isolate {{ insert:\ \ param, sc-07.20_odp }} from other system components." - id: sc-7.20_gdn @@ -84922,21 +73055,6 @@ catalog: - id: sc-7.20_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(20) class: sp800-53a @@ -85037,9 +73155,9 @@ catalog: system components isolated by boundary protection mechanisms are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-07(21) + class: zero-padded - name: label value: SC-7(21) - name: label @@ -85064,10 +73182,6 @@ catalog: parts: - id: sc-7.21_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Employ boundary protection mechanisms to isolate {{ insert:\ \ param, sc-07.21_odp.01 }} supporting {{ insert: param, sc-07.21_odp.02\ \ }}." @@ -85092,21 +73206,6 @@ catalog: - id: sc-7.21_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(21) class: sp800-53a @@ -85202,9 +73301,9 @@ catalog: - confidentiality - integrity props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-08 + class: zero-padded - name: label value: SC-8 - name: label @@ -85265,10 +73364,6 @@ catalog: parts: - id: sc-8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Protect the {{ insert: param, sc-08_odp }} of transmitted information." parts: - id: sc-8_fr @@ -85305,7 +73400,7 @@ catalog: * From a load balancer to a compute instance - * Flows from management tools required for their work - e.g. + * Flows from management tools required for their work – e.g. log collection, scanning, etc. @@ -85350,10 +73445,10 @@ catalog: Controlled Access Area (CAA): Data will be considered physically - protected, and in a CAA if it meets Section 2.3 of the DHS's + protected, and in a CAA if it meets Section 2.3 of the DHS’s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet - Section 2.3 of the DHS' recommended practice by satisfactory + Section 2.3 of the DHS’ recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3). @@ -85413,21 +73508,6 @@ catalog: - id: sc-8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-08 class: sp800-53a @@ -85514,6 +73594,9 @@ catalog: - prevent unauthorized disclosure of information - detect changes to information props: + - name: label + value: SC-08(01) + class: zero-padded - name: label value: SC-8(1) - name: label @@ -85534,10 +73617,6 @@ catalog: parts: - id: sc-8.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement cryptographic mechanisms to {{ insert: param,\ \ sc-08.01_odp }} during transmission." parts: @@ -85597,21 +73676,6 @@ catalog: - id: sc-8.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-08(01) class: sp800-53a @@ -85706,6 +73770,9 @@ catalog: a network connection associated with a communication session is defined; props: + - name: label + value: SC-10 + class: zero-padded - name: label value: SC-10 - name: label @@ -85724,10 +73791,6 @@ catalog: parts: - id: sc-10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Terminate the network connection associated with a communications\ \ session at the end of the session or after {{ insert: param, sc-10_odp\ \ }} of inactivity." @@ -85744,21 +73807,6 @@ catalog: - id: sc-10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-10 class: sp800-53a @@ -85839,9 +73887,9 @@ catalog: - prose: requirements for key generation, distribution, storage, access, and destruction are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-12 + class: zero-padded - name: label value: SC-12 - name: label @@ -85900,8 +73948,6 @@ catalog: rel: related - href: "#sc-11" rel: related - - href: "#sc-12" - rel: related - href: "#sc-13" rel: related - href: "#sc-17" @@ -85919,10 +73965,6 @@ catalog: parts: - id: sc-12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Establish and manage cryptographic keys when cryptography is\ \ employed within the system in accordance with the following key\ \ management requirements: {{ insert: param, sc-12_odp }}." @@ -85970,21 +74012,6 @@ catalog: - id: sc-12_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-12 class: sp800-53a @@ -86088,6 +74115,9 @@ catalog: class: SP800-53-enhancement title: Availability props: + - name: label + value: SC-12(01) + class: zero-padded - name: label value: SC-12(1) - name: label @@ -86107,10 +74137,6 @@ catalog: parts: - id: sc-12.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Maintain availability of information in the event of the loss of cryptographic keys by users. - id: sc-12.1_gdn @@ -86121,17 +74147,6 @@ catalog: - id: sc-12.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-12(01) class: sp800-53a @@ -86221,9 +74236,9 @@ catalog: - prose: types of cryptography for each specified cryptographic use are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-13 + class: zero-padded - name: label value: SC-13 - name: label @@ -86302,18 +74317,12 @@ catalog: - id: sc-13_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Determine the {{ insert: param, sc-13_odp.01 }} ; and" - id: sc-13_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Implement the following types of cryptography required for\ @@ -86429,17 +74438,6 @@ catalog: - id: sc-13_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-13a. class: sp800-53a @@ -86450,21 +74448,6 @@ catalog: - id: sc-13_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-13b. class: sp800-53a @@ -86551,6 +74534,9 @@ catalog: guidelines: - prose: exceptions where remote activation is to be allowed are defined; props: + - name: label + value: SC-15 + class: zero-padded - name: label value: SC-15 - name: label @@ -86573,9 +74559,6 @@ catalog: - id: sc-15_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Prohibit remote activation of collaborative computing devices\ @@ -86584,9 +74567,6 @@ catalog: - id: sc-15_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Provide an explicit indication of use to users physically @@ -86619,17 +74599,6 @@ catalog: - id: sc-15_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-15a. class: sp800-53a @@ -86642,21 +74611,6 @@ catalog: - id: sc-15_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-15b. class: sp800-53a @@ -86746,6 +74700,9 @@ catalog: - prose: a certificate policy for issuing public key certificates is defined; props: + - name: label + value: SC-17 + class: zero-padded - name: label value: SC-17 - name: label @@ -86783,9 +74740,6 @@ catalog: - id: sc-17_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Issue public key certificates under an {{ insert: param,\ @@ -86794,9 +74748,6 @@ catalog: - id: sc-17_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Include only approved trust anchors in trust stores or certificate @@ -86821,17 +74772,6 @@ catalog: - id: sc-17_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-17a. class: sp800-53a @@ -86844,21 +74784,6 @@ catalog: - id: sc-17_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-17b. class: sp800-53a @@ -86933,6 +74858,9 @@ catalog: class: SP800-53 title: Mobile Code props: + - name: label + value: SC-18 + class: zero-padded - name: label value: SC-18 - name: label @@ -86963,9 +74891,6 @@ catalog: - id: sc-18_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Define acceptable and unacceptable mobile code and mobile @@ -86973,9 +74898,6 @@ catalog: - id: sc-18_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Authorize, monitor, and control the use of mobile code within @@ -87006,13 +74928,6 @@ catalog: - id: sc-18_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SC-18a. class: sp800-53a @@ -87063,17 +74978,6 @@ catalog: - id: sc-18_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-18b. class: sp800-53a @@ -87191,6 +75095,9 @@ catalog: class: SP800-53 title: Secure Name/Address Resolution Service (Authoritative Source) props: + - name: label + value: SC-20 + class: zero-padded - name: label value: SC-20 - name: label @@ -87227,9 +75134,6 @@ catalog: - id: sc-20_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Provide additional data origin authentication and integrity @@ -87239,9 +75143,6 @@ catalog: - id: sc-20_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Provide the means to indicate the security status of child @@ -87316,21 +75217,6 @@ catalog: - id: sc-20_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-20a. class: sp800-53a @@ -87372,21 +75258,6 @@ catalog: - id: sc-20_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-20b.[01] class: sp800-53a @@ -87400,21 +75271,6 @@ catalog: - id: sc-20_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-20b.[02] class: sp800-53a @@ -87495,9 +75351,9 @@ catalog: class: SP800-53 title: Secure Name/Address Resolution Service (Recursive or Caching Resolver) props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-21 + class: zero-padded - name: label value: SC-21 - name: label @@ -87518,10 +75374,6 @@ catalog: parts: - id: sc-21_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Request and perform data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources. @@ -87589,21 +75441,6 @@ catalog: - id: sc-21_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-21 class: sp800-53a @@ -87727,6 +75564,9 @@ catalog: class: SP800-53 title: Architecture and Provisioning for Name/Address Resolution Service props: + - name: label + value: SC-22 + class: zero-padded - name: label value: SC-22 - name: label @@ -87751,10 +75591,6 @@ catalog: parts: - id: sc-22_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Ensure the systems that collectively provide name/address resolution service for an organization are fault-tolerant and implement internal and external role separation. @@ -87777,21 +75613,6 @@ catalog: - id: sc-22_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-22 class: sp800-53a @@ -87906,6 +75727,9 @@ catalog: class: SP800-53 title: Session Authenticity props: + - name: label + value: SC-23 + class: zero-padded - name: label value: SC-23 - name: label @@ -87936,10 +75760,6 @@ catalog: parts: - id: sc-23_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Protect the authenticity of communications sessions. - id: sc-23_gdn name: guidance @@ -87953,21 +75773,6 @@ catalog: - id: sc-23_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-23 class: sp800-53a @@ -88048,6 +75853,9 @@ catalog: - prose: system state information to be preserved in the event of a system failure is defined; props: + - name: label + value: SC-24 + class: zero-padded - name: label value: SC-24 - name: label @@ -88081,10 +75889,6 @@ catalog: parts: - id: sc-24_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Fail to a {{ insert: param, sc-24_odp.02 }} for the following\ \ failures on the indicated components while preserving {{ insert:\ \ param, sc-24_odp.03 }} in failure: {{ insert: param, sc-24_odp.01\ @@ -88103,21 +75907,6 @@ catalog: - id: sc-24_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-24 class: sp800-53a @@ -88210,9 +75999,9 @@ catalog: guidelines: - prose: information at rest requiring protection is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-28 + class: zero-padded - name: label value: SC-28 - name: label @@ -88283,10 +76072,6 @@ catalog: parts: - id: sc-28_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Protect the {{ insert: param, sc-28_odp.01 }} of the following\ \ information at rest: {{ insert: param, sc-28_odp.02 }}." parts: @@ -88342,21 +76127,6 @@ catalog: - id: sc-28_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-28 class: sp800-53a @@ -88451,6 +76221,9 @@ catalog: - prose: system components or media requiring cryptographic protection is/are defined; props: + - name: label + value: SC-28(01) + class: zero-padded - name: label value: SC-28(1) - name: label @@ -88473,10 +76246,6 @@ catalog: parts: - id: sc-28.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement cryptographic mechanisms to prevent unauthorized\ \ disclosure and modification of the following information at\ \ rest on {{ insert: param, sc-28.01_odp.02 }}: {{ insert: param,\ @@ -88527,21 +76296,6 @@ catalog: - id: sc-28.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-28(01) class: sp800-53a @@ -88643,6 +76397,9 @@ catalog: class: SP800-53 title: Process Isolation props: + - name: label + value: SC-39 + class: zero-padded - name: label value: SC-39 - name: label @@ -88678,10 +76435,6 @@ catalog: parts: - id: sc-39_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Maintain a separate execution domain for each executing system process. - id: sc-39_gdn @@ -88702,21 +76455,6 @@ catalog: - id: sc-39_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-39 class: sp800-53a @@ -88778,6 +76516,9 @@ catalog: class: SP800-53 title: System Time Synchronization props: + - name: label + value: SC-45 + class: zero-padded - name: label value: SC-45 - name: label @@ -88802,10 +76543,6 @@ catalog: parts: - id: sc-45_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Synchronize system clocks within and between systems and system components. - id: sc-45_gdn @@ -88828,21 +76565,6 @@ catalog: - id: sc-45_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-45 class: sp800-53a @@ -88935,9 +76657,9 @@ catalog: - prose: the time period to compare the internal system clocks with the authoritative time source is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-45(01) + class: zero-padded - name: label value: SC-45(1) - name: label @@ -88958,9 +76680,6 @@ catalog: - id: sc-45.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Compare the internal system clocks {{ insert: param,\ @@ -88969,9 +76688,6 @@ catalog: - id: sc-45.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Synchronize the internal system clocks to the authoritative\ @@ -89021,17 +76737,6 @@ catalog: - id: sc-45.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-45(01)(a) class: sp800-53a @@ -89044,13 +76749,6 @@ catalog: - id: sc-45.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-45(01)(b) class: sp800-53a @@ -89186,6 +76884,9 @@ catalog: - prose: events that would require the system and information integrity procedures to be reviewed and updated are defined; props: + - name: label + value: SI-01 + class: zero-padded - name: label value: SI-1 - name: label @@ -89221,11 +76922,6 @@ catalog: - id: si-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -89266,9 +76962,6 @@ catalog: - id: si-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, si-01_odp.04 }} to manage\ @@ -89277,11 +76970,6 @@ catalog: - id: si-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current system and information integrity:" @@ -89342,17 +77030,6 @@ catalog: - id: si-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-01a.[01] class: sp800-53a @@ -89364,17 +77041,6 @@ catalog: - id: si-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-01a.[02] class: sp800-53a @@ -89386,13 +77052,6 @@ catalog: - id: si-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SI-01a.[03] class: sp800-53a @@ -89406,13 +77065,6 @@ catalog: - id: si-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SI-01a.[04] class: sp800-53a @@ -89431,13 +77083,6 @@ catalog: - id: si-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SI-01a.01(a) class: sp800-53a @@ -89527,13 +77172,6 @@ catalog: - id: si-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SI-01a.01(b) class: sp800-53a @@ -89553,17 +77191,6 @@ catalog: - id: si-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-01b. class: sp800-53a @@ -89583,17 +77210,6 @@ catalog: - id: si-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-01c.01 class: sp800-53a @@ -89628,17 +77244,6 @@ catalog: - id: si-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-01c.02 class: sp800-53a @@ -89727,6 +77332,9 @@ catalog: - prose: time period within which to install security-relevant software updates after the release of the updates is defined; props: + - name: label + value: SI-02 + class: zero-padded - name: label value: SI-2 - name: label @@ -89789,18 +77397,12 @@ catalog: - id: si-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Identify, report, and correct system flaws; - id: si-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Test software and firmware updates related to flaw remediation @@ -89808,9 +77410,6 @@ catalog: - id: si-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Install security-relevant software and firmware updates\ @@ -89819,9 +77418,6 @@ catalog: - id: si-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Incorporate flaw remediation into the organizational configuration @@ -89868,21 +77464,6 @@ catalog: - id: si-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-02a. class: sp800-53a @@ -89923,17 +77504,6 @@ catalog: - id: si-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-02b. class: sp800-53a @@ -89988,17 +77558,6 @@ catalog: - id: si-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-02c. class: sp800-53a @@ -90031,17 +77590,6 @@ catalog: - id: si-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-02d. class: sp800-53a @@ -90172,6 +77720,9 @@ catalog: software and firmware updates are installed on system components is defined; props: + - name: label + value: SI-02(02) + class: zero-padded - name: label value: SI-2(2) - name: label @@ -90192,10 +77743,6 @@ catalog: parts: - id: si-2.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Determine if system components have applicable security-relevant\ \ software and firmware updates installed using {{ insert: param,\ \ si-02.02_odp.01 }} {{ insert: param, si-02.02_odp.02 }}." @@ -90206,21 +77753,6 @@ catalog: - id: si-2.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-02(02) class: sp800-53a @@ -90313,6 +77845,9 @@ catalog: guidelines: - prose: the benchmarks for taking corrective actions are defined; props: + - name: label + value: SI-02(03) + class: zero-padded - name: label value: SI-2(3) - name: label @@ -90333,9 +77868,6 @@ catalog: - id: si-2.3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Measure the time between flaw identification and flaw @@ -90343,9 +77875,6 @@ catalog: - id: si-2.3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Establish the following benchmarks for taking corrective\ @@ -90368,21 +77897,6 @@ catalog: - id: si-2.3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-02(03)(a) class: sp800-53a @@ -90394,17 +77908,6 @@ catalog: - id: si-2.3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-02(03)(b) class: sp800-53a @@ -90545,9 +78048,9 @@ catalog: - prose: personnel or roles to be alerted when malicious code is detected is/are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-03 + class: zero-padded - name: label value: SI-3 - name: label @@ -90613,9 +78116,6 @@ catalog: - id: si-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Implement {{ insert: param, si-03_odp.01 }} malicious code\ @@ -90624,9 +78124,6 @@ catalog: - id: si-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Automatically update malicious code protection mechanisms @@ -90635,9 +78132,6 @@ catalog: - id: si-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Configure malicious code protection mechanisms to:" @@ -90663,9 +78157,6 @@ catalog: - id: si-3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Address the receipt of false positives during malicious code @@ -90726,17 +78217,6 @@ catalog: - id: si-3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-03a. class: sp800-53a @@ -90771,17 +78251,6 @@ catalog: - id: si-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-03b. class: sp800-53a @@ -90808,17 +78277,6 @@ catalog: - id: si-3_obj.c.1-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-03c.01[01] class: sp800-53a @@ -90831,17 +78289,6 @@ catalog: - id: si-3_obj.c.1-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-03c.01[02] class: sp800-53a @@ -90866,17 +78313,6 @@ catalog: - id: si-3_obj.c.2-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-03c.02[01] class: sp800-53a @@ -90889,17 +78325,6 @@ catalog: - id: si-3_obj.c.2-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-03c.02[02] class: sp800-53a @@ -90918,17 +78343,6 @@ catalog: - id: si-3_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-03d. class: sp800-53a @@ -91079,6 +78493,9 @@ catalog: - prose: a frequency for providing system monitoring to personnel or roles is defined (if selected); props: + - name: label + value: SI-04 + class: zero-padded - name: label value: SI-4 - name: label @@ -91195,9 +78612,6 @@ catalog: - id: si-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Monitor the system to detect:" @@ -91219,9 +78633,6 @@ catalog: - id: si-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Identify unauthorized use of the system through the following\ @@ -91229,9 +78640,6 @@ catalog: - id: si-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Invoke internal monitoring capabilities or deploy monitoring\ @@ -91254,18 +78662,12 @@ catalog: - id: si-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Analyze detected events and anomalies; - id: si-4_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Adjust the level of system monitoring activity when there @@ -91274,9 +78676,6 @@ catalog: - id: si-4_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: Obtain legal opinion regarding system monitoring activities; @@ -91284,9 +78683,6 @@ catalog: - id: si-4_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: "Provide {{ insert: param, si-04_odp.03 }} to {{ insert:\ @@ -91364,21 +78760,6 @@ catalog: - id: si-4_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04a.01 class: sp800-53a @@ -91391,21 +78772,6 @@ catalog: - id: si-4_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04a.02 class: sp800-53a @@ -91452,17 +78818,6 @@ catalog: - id: si-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04b. class: sp800-53a @@ -91481,21 +78836,6 @@ catalog: - id: si-4_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04c.01 class: sp800-53a @@ -91508,21 +78848,6 @@ catalog: - id: si-4_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04c.02 class: sp800-53a @@ -91539,17 +78864,6 @@ catalog: - id: si-4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04d. class: sp800-53a @@ -91580,17 +78894,6 @@ catalog: - id: si-4_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04e. class: sp800-53a @@ -91603,17 +78906,6 @@ catalog: - id: si-4_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04f. class: sp800-53a @@ -91625,21 +78917,6 @@ catalog: - id: si-4_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04g. class: sp800-53a @@ -91738,9 +79015,9 @@ catalog: class: SP800-53-enhancement title: System-wide Intrusion Detection System props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-04(01) + class: zero-padded - name: label value: SI-4(1) - name: label @@ -91763,10 +79040,6 @@ catalog: parts: - id: si-4.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Connect and configure individual intrusion detection tools into a system-wide intrusion detection system. - id: si-4.1_gdn @@ -91786,17 +79059,6 @@ catalog: - id: si-4.1_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04(01)[01] class: sp800-53a @@ -91808,17 +79070,6 @@ catalog: - id: si-4.1_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04(01)[02] class: sp800-53a @@ -91916,9 +79167,9 @@ catalog: class: SP800-53-enhancement title: Automated Tools and Mechanisms for Real-time Analysis props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-04(02) + class: zero-padded - name: label value: SI-4(2) - name: label @@ -91942,10 +79193,6 @@ catalog: parts: - id: si-4.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ automated tools and mechanisms to support near real-time analysis of events. - id: si-4.2_gdn @@ -91964,21 +79211,6 @@ catalog: - id: si-4.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04(02) class: sp800-53a @@ -92123,6 +79355,9 @@ catalog: are to be monitored in outbound communications traffic are defined; props: + - name: label + value: SI-04(04) + class: zero-padded - name: label value: SI-4(4) - name: label @@ -92146,9 +79381,6 @@ catalog: - id: si-4.4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Determine criteria for unusual or unauthorized activities @@ -92156,9 +79388,6 @@ catalog: - id: si-4.4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Monitor inbound and outbound communications traffic\ @@ -92185,17 +79414,6 @@ catalog: - id: si-4.4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04(04)(a) class: sp800-53a @@ -92228,21 +79446,6 @@ catalog: - id: si-4.4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04(04)(b) class: sp800-53a @@ -92380,6 +79583,9 @@ catalog: guidelines: - prose: compromise indicators are defined; props: + - name: label + value: SI-04(05) + class: zero-padded - name: label value: SI-4(5) - name: label @@ -92405,10 +79611,6 @@ catalog: parts: - id: si-4.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Alert {{ insert: param, si-04.05_odp.01 }} when the following\ \ system-generated indications of compromise or potential compromise\ \ occur: {{ insert: param, si-04.05_odp.02 }}." @@ -92442,21 +79644,6 @@ catalog: - id: si-4.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04(05) class: sp800-53a @@ -92580,9 +79767,9 @@ catalog: - prose: system monitoring tools and mechanisms to be provided access to encrypted communications traffic are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-04(10) + class: zero-padded - name: label value: SI-4(10) - name: label @@ -92602,10 +79789,6 @@ catalog: parts: - id: si-4.10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Make provisions so that {{ insert: param, si-04.10_odp.01\ \ }} is visible to {{ insert: param, si-04.10_odp.02 }}." parts: @@ -92632,17 +79815,6 @@ catalog: - id: si-4.10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04(10) class: sp800-53a @@ -92747,6 +79919,9 @@ catalog: - prose: interior points within the system where communications traffic is to be analyzed are defined; props: + - name: label + value: SI-04(11) + class: zero-padded - name: label value: SI-4(11) - name: label @@ -92769,10 +79944,6 @@ catalog: parts: - id: si-4.11_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Analyze outbound communications traffic at the external\ \ interfaces to the system and selected {{ insert: param, si-04.11_odp\ \ }} to discover anomalies." @@ -92788,21 +79959,6 @@ catalog: - id: si-4.11_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04(11) class: sp800-53a @@ -92944,6 +80100,9 @@ catalog: guidelines: - prose: activities that trigger alerts to personnel or are defined; props: + - name: label + value: SI-04(12) + class: zero-padded - name: label value: SI-4(12) - name: label @@ -92966,10 +80125,6 @@ catalog: parts: - id: si-4.12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Alert {{ insert: param, si-04.12_odp.01 }} using {{ insert:\ \ param, si-04.12_odp.02 }} when the following indications of\ \ inappropriate or unusual activities with security or privacy\ @@ -92991,21 +80146,6 @@ catalog: - id: si-4.12_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04(12) class: sp800-53a @@ -93126,6 +80266,9 @@ catalog: class: SP800-53-enhancement title: Wireless Intrusion Detection props: + - name: label + value: SI-04(14) + class: zero-padded - name: label value: SI-4(14) - name: label @@ -93149,10 +80292,6 @@ catalog: parts: - id: si-4.14_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ a wireless intrusion detection system to identify rogue wireless devices and to detect attack attempts and potential compromises or breaches to the system. @@ -93168,17 +80307,6 @@ catalog: - id: si-4.14_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04(14) class: sp800-53a @@ -93307,9 +80435,9 @@ catalog: class: SP800-53-enhancement title: Correlate Monitoring Information props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-04(16) + class: zero-padded - name: label value: SI-4(16) - name: label @@ -93334,10 +80462,6 @@ catalog: parts: - id: si-4.16_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Correlate information from monitoring tools and mechanisms employed throughout the system. - id: si-4.16_gdn @@ -93358,17 +80482,6 @@ catalog: - id: si-4.16_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04(16) class: sp800-53a @@ -93476,6 +80589,9 @@ catalog: - prose: interior points within the system where communications traffic is to be analyzed are defined; props: + - name: label + value: SI-04(18) + class: zero-padded - name: label value: SI-4(18) - name: label @@ -93498,10 +80614,6 @@ catalog: parts: - id: si-4.18_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Analyze outbound communications traffic at external interfaces\ \ to the system and at the following interior points to detect\ \ covert exfiltration of information: {{ insert: param, si-04.18_odp\ @@ -93514,17 +80626,6 @@ catalog: - id: si-4.18_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04(18) class: sp800-53a @@ -93662,9 +80763,9 @@ catalog: - prose: sources that identify individuals who pose an increased level of risk are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-04(19) + class: zero-padded - name: label value: SI-4(19) - name: label @@ -93684,10 +80785,6 @@ catalog: parts: - id: si-4.19_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement {{ insert: param, si-04.19_odp.01 }} of individuals\ \ who have been identified by {{ insert: param, si-04.19_odp.02\ \ }} as posing an increased level of risk." @@ -93704,17 +80801,6 @@ catalog: - id: si-4.19_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04(19) class: sp800-53a @@ -93823,9 +80909,9 @@ catalog: guidelines: - prose: additional monitoring of privileged users is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-04(20) + class: zero-padded - name: label value: SI-4(20) - name: label @@ -93847,10 +80933,6 @@ catalog: parts: - id: si-4.20_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement the following additional monitoring of privileged\ \ users: {{ insert: param, si-04.20_odp }}." - id: si-4.20_gdn @@ -93866,21 +80948,6 @@ catalog: - id: si-4.20_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04(20) class: sp800-53a @@ -93992,6 +81059,9 @@ catalog: by authorization or approval processes is/are defined (if selected); props: + - name: label + value: SI-04(22) + class: zero-padded - name: label value: SI-4(22) - name: label @@ -94017,9 +81087,6 @@ catalog: - id: si-4.22_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Detect network services that have not been authorized\ @@ -94027,9 +81094,6 @@ catalog: - id: si-4.22_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: " {{ insert: param, si-04.22_odp.02 }} when detected." @@ -94049,21 +81113,6 @@ catalog: - id: si-4.22_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04(22)(a) class: sp800-53a @@ -94075,17 +81124,6 @@ catalog: - id: si-4.22_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04(22)(b) class: sp800-53a @@ -94208,9 +81246,9 @@ catalog: - prose: system components where host-based monitoring is to be implemented are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-04(23) + class: zero-padded - name: label value: SI-4(23) - name: label @@ -94234,10 +81272,6 @@ catalog: parts: - id: si-4.23_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement the following host-based monitoring mechanisms\ \ at {{ insert: param, si-04.23_odp.02 }}: {{ insert: param, si-04.23_odp.01\ \ }}." @@ -94251,21 +81285,6 @@ catalog: - id: si-4.23_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04(23) class: sp800-53a @@ -94401,6 +81420,9 @@ catalog: - prose: external organizations to whom security alerts, advisories, and directives are to be disseminated are defined (if selected); props: + - name: label + value: SI-05 + class: zero-padded - name: label value: SI-5 - name: label @@ -94430,9 +81452,6 @@ catalog: - id: si-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Receive system security alerts, advisories, and directives\ @@ -94440,9 +81459,6 @@ catalog: - id: si-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Generate internal security alerts, advisories, and directives @@ -94450,9 +81466,6 @@ catalog: - id: si-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Disseminate security alerts, advisories, and directives\ @@ -94460,9 +81473,6 @@ catalog: - id: si-5_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Implement security directives in accordance with established @@ -94501,21 +81511,6 @@ catalog: - id: si-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-05a. class: sp800-53a @@ -94527,17 +81522,6 @@ catalog: - id: si-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-05b. class: sp800-53a @@ -94549,21 +81533,6 @@ catalog: - id: si-5_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-05c. class: sp800-53a @@ -94575,17 +81544,6 @@ catalog: - id: si-5_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-05d. class: sp800-53a @@ -94689,6 +81647,9 @@ catalog: - prose: automated mechanisms used to broadcast security alert and advisory information throughout the organization are defined; props: + - name: label + value: SI-05(01) + class: zero-padded - name: label value: SI-5(1) - name: label @@ -94708,10 +81669,6 @@ catalog: parts: - id: si-5.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Broadcast security alert and advisory information throughout\ \ the organization using {{ insert: param, si-05.01_odp }}." - id: si-5.1_gdn @@ -94728,17 +81685,6 @@ catalog: - id: si-5.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-05(01) class: sp800-53a @@ -94893,9 +81839,9 @@ catalog: - prose: alternative action(s) to be performed when anomalies are discovered are defined (if selected); props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-06 + class: zero-padded - name: label value: SI-6 - name: label @@ -94927,9 +81873,6 @@ catalog: - id: si-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Verify the correct operation of {{ insert: param, si-6_prm_1\ @@ -94937,9 +81880,6 @@ catalog: - id: si-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Perform the verification of the functions specified in SI-6a\ @@ -94947,9 +81887,6 @@ catalog: - id: si-6_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Alert {{ insert: param, si-06_odp.06 }} to failed security\ @@ -94957,9 +81894,6 @@ catalog: - id: si-6_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: " {{ insert: param, si-06_odp.07 }} when anomalies are discovered." @@ -94982,17 +81916,6 @@ catalog: - id: si-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-06a. class: sp800-53a @@ -95025,17 +81948,6 @@ catalog: - id: si-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-06b. class: sp800-53a @@ -95068,17 +81980,6 @@ catalog: - id: si-6_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-06c. class: sp800-53a @@ -95111,17 +82012,6 @@ catalog: - id: si-6_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-06d. class: sp800-53a @@ -95262,9 +82152,9 @@ catalog: - prose: actions to be taken when unauthorized changes to information are detected are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-07 + class: zero-padded - name: label value: SI-7 - name: label @@ -95349,9 +82239,6 @@ catalog: - id: si-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Employ integrity verification tools to detect unauthorized\ @@ -95360,9 +82247,6 @@ catalog: - id: si-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Take the following actions when unauthorized changes to\ @@ -95390,17 +82274,6 @@ catalog: - id: si-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-07a. class: sp800-53a @@ -95444,17 +82317,6 @@ catalog: - id: si-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-07b. class: sp800-53a @@ -95669,9 +82531,9 @@ catalog: - prose: frequency with which to perform an integrity check (of information) is defined (if selected); props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-07(01) + class: zero-padded - name: label value: SI-7(1) - name: label @@ -95691,10 +82553,6 @@ catalog: parts: - id: si-7.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Perform an integrity check of {{ insert: param, si-7.1_prm_1\ \ }} {{ insert: param, si-7.1_prm_2 }}." - id: si-7.1_gdn @@ -95706,21 +82564,6 @@ catalog: - id: si-7.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-07(01) class: sp800-53a @@ -95849,6 +82692,9 @@ catalog: upon discovering discrepancies during integrity verification is/are defined; props: + - name: label + value: SI-07(02) + class: zero-padded - name: label value: SI-7(2) - name: label @@ -95868,10 +82714,6 @@ catalog: parts: - id: si-7.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Employ automated tools that provide notification to {{ insert:\ \ param, si-07.02_odp }} upon discovering discrepancies during\ \ integrity verification." @@ -95888,21 +82730,6 @@ catalog: - id: si-7.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-07(02) class: sp800-53a @@ -96025,6 +82852,9 @@ catalog: - prose: controls to be implemented automatically when integrity violations are discovered are defined (if selected); props: + - name: label + value: SI-07(05) + class: zero-padded - name: label value: SI-7(5) - name: label @@ -96044,10 +82874,6 @@ catalog: parts: - id: si-7.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Automatically {{ insert: param, si-07.05_odp.01 }} when\ \ integrity violations are discovered." - id: si-7.5_gdn @@ -96063,21 +82889,6 @@ catalog: - id: si-7.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-07(05) class: sp800-53a @@ -96183,6 +82994,9 @@ catalog: guidelines: - prose: security-relevant changes to the system are defined; props: + - name: label + value: SI-07(07) + class: zero-padded - name: label value: SI-7(7) - name: label @@ -96212,10 +83026,6 @@ catalog: parts: - id: si-7.7_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Incorporate the detection of the following unauthorized\ \ changes into the organizational incident response capability:\ \ {{ insert: param, si-07.07_odp }}." @@ -96231,17 +83041,6 @@ catalog: - id: si-7.7_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-07(07) class: sp800-53a @@ -96348,6 +83147,9 @@ catalog: - prose: software or firmware components to be authenticated by cryptographic mechanisms prior to installation are defined; props: + - name: label + value: SI-07(15) + class: zero-padded - name: label value: SI-7(15) - name: label @@ -96373,10 +83175,6 @@ catalog: parts: - id: si-7.15_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement cryptographic mechanisms to authenticate the following\ \ software or firmware components prior to installation: {{ insert:\ \ param, si-07.15_odp }}." @@ -96391,17 +83189,6 @@ catalog: - id: si-7.15_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-07(15) class: sp800-53a @@ -96488,6 +83275,9 @@ catalog: class: SP800-53 title: Spam Protection props: + - name: label + value: SI-08 + class: zero-padded - name: label value: SI-8 - name: label @@ -96522,9 +83312,6 @@ catalog: - id: si-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Employ spam protection mechanisms at system entry and exit @@ -96532,9 +83319,6 @@ catalog: - id: si-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Update spam protection mechanisms when new releases are available @@ -96587,17 +83371,6 @@ catalog: - id: si-8_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-08a. class: sp800-53a @@ -96652,17 +83425,6 @@ catalog: - id: si-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-08b. class: sp800-53a @@ -96756,6 +83518,9 @@ catalog: - prose: the frequency at which to automatically update spam protection mechanisms is defined; props: + - name: label + value: SI-08(02) + class: zero-padded - name: label value: SI-8(2) - name: label @@ -96772,10 +83537,6 @@ catalog: parts: - id: si-8.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Automatically update spam protection mechanisms {{ insert:\ \ param, si-08.02_odp }}." - id: si-8.2_gdn @@ -96786,17 +83547,6 @@ catalog: - id: si-8.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-08(02) class: sp800-53a @@ -96894,9 +83644,9 @@ catalog: - prose: information inputs to the system requiring validity checks are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-10 + class: zero-padded - name: label value: SI-10 - name: label @@ -96916,10 +83666,6 @@ catalog: parts: - id: si-10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Check the validity of the following information inputs: {{ insert:\ \ param, si-10_odp }}." parts: @@ -96960,13 +83706,6 @@ catalog: - id: si-10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-10 class: sp800-53a @@ -97070,6 +83809,9 @@ catalog: - prose: personnel or roles to whom error messages are to be revealed is/are defined; props: + - name: label + value: SI-11 + class: zero-padded - name: label value: SI-11 - name: label @@ -97098,9 +83840,6 @@ catalog: - id: si-11_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Generate error messages that provide information necessary @@ -97109,9 +83848,6 @@ catalog: - id: si-11_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Reveal error messages only to {{ insert: param, si-11_odp\ @@ -97138,13 +83874,6 @@ catalog: - id: si-11_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-11a. class: sp800-53a @@ -97157,13 +83886,6 @@ catalog: - id: si-11_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-11b. class: sp800-53a @@ -97259,6 +83981,9 @@ catalog: class: SP800-53 title: Information Management and Retention props: + - name: label + value: SI-12 + class: zero-padded - name: label value: SI-12 - name: label @@ -97339,10 +84064,6 @@ catalog: parts: - id: si-12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Manage and retain information within the system and information output from the system in accordance with applicable laws, executive orders, directives, regulations, policies, standards, guidelines and @@ -97375,17 +84096,6 @@ catalog: - id: si-12_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-12 class: sp800-53a @@ -97550,6 +84260,9 @@ catalog: - prose: controls to be implemented to protect the system memory from unauthorized code execution are defined; props: + - name: label + value: SI-16 + class: zero-padded - name: label value: SI-16 - name: label @@ -97573,10 +84286,6 @@ catalog: parts: - id: si-16_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement the following controls to protect the system memory\ \ from unauthorized code execution: {{ insert: param, si-16_odp }}." - id: si-16_gdn @@ -97590,17 +84299,6 @@ catalog: - id: si-16_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-16 class: sp800-53a @@ -97745,6 +84443,9 @@ catalog: - prose: events that require the supply chain risk management procedures to be reviewed and updated are defined; props: + - name: label + value: SR-01 + class: zero-padded - name: label value: SR-1 - name: label @@ -97792,11 +84493,6 @@ catalog: - id: sr-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -97837,9 +84533,6 @@ catalog: - id: sr-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, sr-01_odp.04 }} to manage\ @@ -97848,11 +84541,6 @@ catalog: - id: sr-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current supply chain risk management:" @@ -97914,17 +84602,6 @@ catalog: - id: sr-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-01a.[01] class: sp800-53a @@ -97936,17 +84613,6 @@ catalog: - id: sr-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-01a.[02] class: sp800-53a @@ -97958,13 +84624,6 @@ catalog: - id: sr-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-01a.[03] class: sp800-53a @@ -97978,13 +84637,6 @@ catalog: - id: sr-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-01a.[04] class: sp800-53a @@ -98003,13 +84655,6 @@ catalog: - id: sr-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-01a.01(a) class: sp800-53a @@ -98099,13 +84744,6 @@ catalog: - id: sr-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-01a.01(b) class: sp800-53a @@ -98125,17 +84763,6 @@ catalog: - id: sr-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-01b. class: sp800-53a @@ -98155,17 +84782,6 @@ catalog: - id: sr-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-01c.01 class: sp800-53a @@ -98200,17 +84816,6 @@ catalog: - id: sr-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-01c.02 class: sp800-53a @@ -98310,6 +84915,9 @@ catalog: - prose: the frequency at which to review and update the supply chain risk management plan is defined; props: + - name: label + value: SR-02 + class: zero-padded - name: label value: SR-2 - name: label @@ -98379,9 +84987,6 @@ catalog: - id: sr-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Develop a plan for managing supply chain risks associated\ @@ -98392,9 +84997,6 @@ catalog: - id: sr-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update the supply chain risk management plan\ @@ -98403,9 +85005,6 @@ catalog: - id: sr-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Protect the supply chain risk management plan from unauthorized @@ -98475,17 +85074,6 @@ catalog: - id: sr-2_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-02a.[01] class: sp800-53a @@ -98496,13 +85084,6 @@ catalog: - id: sr-2_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[02] class: sp800-53a @@ -98515,13 +85096,6 @@ catalog: - id: sr-2_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[03] class: sp800-53a @@ -98534,13 +85108,6 @@ catalog: - id: sr-2_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[04] class: sp800-53a @@ -98553,13 +85120,6 @@ catalog: - id: sr-2_obj.a-5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[05] class: sp800-53a @@ -98572,13 +85132,6 @@ catalog: - id: sr-2_obj.a-6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[06] class: sp800-53a @@ -98591,13 +85144,6 @@ catalog: - id: sr-2_obj.a-7 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[07] class: sp800-53a @@ -98610,13 +85156,6 @@ catalog: - id: sr-2_obj.a-8 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[08] class: sp800-53a @@ -98629,13 +85168,6 @@ catalog: - id: sr-2_obj.a-9 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[09] class: sp800-53a @@ -98651,17 +85183,6 @@ catalog: - id: sr-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-02b. class: sp800-53a @@ -98674,17 +85195,6 @@ catalog: - id: sr-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SR-02c. class: sp800-53a @@ -98849,6 +85359,9 @@ catalog: guidelines: - prose: supply chain risk management activities are defined; props: + - name: label + value: SR-02(01) + class: zero-padded - name: label value: SR-2(1) - name: label @@ -98868,10 +85381,6 @@ catalog: parts: - id: sr-2.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Establish a supply chain risk management team consisting\ \ of {{ insert: param, sr-02.01_odp.01 }} to lead and support\ \ the following SCRM activities: {{ insert: param, sr-02.01_odp.02\ @@ -98900,17 +85409,6 @@ catalog: - id: sr-2.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-02(01) class: sp800-53a @@ -99015,6 +85513,9 @@ catalog: - prose: the document identifying the selected and implemented supply chain processes and controls is defined (if selected); props: + - name: label + value: SR-03 + class: zero-padded - name: label value: SR-3 - name: label @@ -99099,9 +85600,6 @@ catalog: - id: sr-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Establish a process or processes to identify and address\ @@ -99111,9 +85609,6 @@ catalog: - id: sr-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Employ the following controls to protect against supply\ @@ -99123,9 +85618,6 @@ catalog: - id: sr-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Document the selected and implemented supply chain processes\ @@ -99178,17 +85670,6 @@ catalog: - id: sr-3_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-03a.[01] class: sp800-53a @@ -99202,17 +85683,6 @@ catalog: - id: sr-3_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-03a.[02] class: sp800-53a @@ -99229,17 +85699,6 @@ catalog: - id: sr-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SR-03b. class: sp800-53a @@ -99253,17 +85712,6 @@ catalog: - id: sr-3_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SR-03c. class: sp800-53a @@ -99378,6 +85826,9 @@ catalog: to protect against, identify, and mitigate supply chain risks are defined; props: + - name: label + value: SR-05 + class: zero-padded - name: label value: SR-5 - name: label @@ -99439,10 +85890,6 @@ catalog: parts: - id: sr-5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Employ the following acquisition strategies, contract tools,\ \ and procurement methods to protect against, identify, and mitigate\ \ supply chain risks: {{ insert: param, sr-05_odp }}." @@ -99472,21 +85919,6 @@ catalog: - id: sr-5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SR-05 class: sp800-53a @@ -99637,6 +86069,9 @@ catalog: risks associated with suppliers or contractors and the systems, system components, or system services they provide is defined; props: + - name: label + value: SR-06 + class: zero-padded - name: label value: SR-6 - name: label @@ -99684,10 +86119,6 @@ catalog: parts: - id: sr-6_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Assess and review the supply chain-related risks associated\ \ with suppliers or contractors and the system, system component,\ \ or system service they provide {{ insert: param, sr-06_odp }}." @@ -99725,17 +86156,6 @@ catalog: - id: sr-6_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SR-06 class: sp800-53a @@ -99838,6 +86258,9 @@ catalog: - prose: information for which agreements and procedures are to be established are defined (if selected); props: + - name: label + value: SR-08 + class: zero-padded - name: label value: SR-8 - name: label @@ -99875,10 +86298,6 @@ catalog: parts: - id: sr-8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Establish agreements and procedures with entities involved in\ \ the supply chain for the system, system component, or system service\ \ for the {{ insert: param, sr-08_odp.01 }}." @@ -99909,17 +86328,6 @@ catalog: - id: sr-8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-08 class: sp800-53a @@ -100007,6 +86415,9 @@ catalog: class: SP800-53 title: Tamper Resistance and Detection props: + - name: label + value: SR-09 + class: zero-padded - name: label value: SR-9 - name: label @@ -100046,10 +86457,6 @@ catalog: parts: - id: sr-9_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Implement a tamper protection program for the system, system component, or system service. parts: @@ -100076,17 +86483,6 @@ catalog: - id: sr-9_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-09 class: sp800-53a @@ -100188,6 +86584,9 @@ catalog: class: SP800-53-enhancement title: Multiple Stages of System Development Life Cycle props: + - name: label + value: SR-09(01) + class: zero-padded - name: label value: SR-9(1) - name: label @@ -100209,10 +86608,6 @@ catalog: parts: - id: sr-9.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ anti-tamper technologies, tools, and techniques throughout the system development life cycle. - id: sr-9.1_gdn @@ -100229,17 +86624,6 @@ catalog: - id: sr-9.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-09(01) class: sp800-53a @@ -100376,6 +86760,9 @@ catalog: - prose: indications of the need for an inspection of systems or system components are defined (if selected); props: + - name: label + value: SR-10 + class: zero-padded - name: label value: SR-10 - name: label @@ -100413,10 +86800,6 @@ catalog: parts: - id: sr-10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Inspect the following systems or system components {{ insert:\ \ param, sr-10_odp.02 }} to detect tampering: {{ insert: param, sr-10_odp.01\ \ }}." @@ -100431,17 +86814,6 @@ catalog: - id: sr-10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-10 class: sp800-53a @@ -100557,6 +86929,9 @@ catalog: - prose: personnel or roles to whom counterfeit system components are to be reported is/are defined (if selected); props: + - name: label + value: SR-11 + class: zero-padded - name: label value: SR-11 - name: label @@ -100590,9 +86965,6 @@ catalog: - id: sr-11_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Develop and implement anti-counterfeit policy and procedures @@ -100601,9 +86973,6 @@ catalog: - id: sr-11_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Report counterfeit system components to {{ insert: param,\ @@ -100644,17 +87013,6 @@ catalog: - id: sr-11_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11a.[01] class: sp800-53a @@ -100665,17 +87023,6 @@ catalog: - id: sr-11_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11a.[02] class: sp800-53a @@ -100686,17 +87033,6 @@ catalog: - id: sr-11_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11a.[03] class: sp800-53a @@ -100708,17 +87044,6 @@ catalog: - id: sr-11_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11a.[04] class: sp800-53a @@ -100733,17 +87058,6 @@ catalog: - id: sr-11_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11b. class: sp800-53a @@ -100870,6 +87184,9 @@ catalog: system components (including hardware, software, and firmware) is/are defined; props: + - name: label + value: SR-11(01) + class: zero-padded - name: label value: SR-11(1) - name: label @@ -100891,10 +87208,6 @@ catalog: parts: - id: sr-11.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Train {{ insert: param, sr-11.01_odp }} to detect counterfeit\ \ system components (including hardware, software, and firmware)." - id: sr-11.1_gdn @@ -100903,17 +87216,6 @@ catalog: - id: sr-11.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11(01) class: sp800-53a @@ -101016,6 +87318,9 @@ catalog: - prose: system components requiring configuration control are defined; props: + - name: label + value: SR-11(02) + class: zero-padded - name: label value: SR-11(2) - name: label @@ -101043,10 +87348,6 @@ catalog: parts: - id: sr-11.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Maintain configuration control over the following system\ \ components awaiting service or repair and serviced or repaired\ \ components awaiting return to service: {{ insert: param, sr-11.02_odp\ @@ -101057,17 +87358,6 @@ catalog: - id: sr-11.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11(02) class: sp800-53a @@ -101180,6 +87470,9 @@ catalog: - prose: techniques and methods for disposing of data, documentation, tools, or system components are defined; props: + - name: label + value: SR-12 + class: zero-padded - name: label value: SR-12 - name: label @@ -101199,10 +87492,6 @@ catalog: parts: - id: sr-12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Dispose of {{ insert: param, sr-12_odp.01 }} using the following\ \ techniques and methods: {{ insert: param, sr-12_odp.02 }}." - id: sr-12_gdn @@ -101223,17 +87512,6 @@ catalog: - id: sr-12_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-12 class: sp800-53a diff --git a/dist/content/rev5/baselines/yaml/FedRAMP_rev5_HIGH-baseline_profile.yaml b/dist/content/rev5/baselines/yaml/FedRAMP_rev5_HIGH-baseline_profile.yaml index a845c9387..4d5f418e5 100644 --- a/dist/content/rev5/baselines/yaml/FedRAMP_rev5_HIGH-baseline_profile.yaml +++ b/dist/content/rev5/baselines/yaml/FedRAMP_rev5_HIGH-baseline_profile.yaml @@ -1,11 +1,11 @@ --- profile: - uuid: 2ef3cdd1-6928-494b-b2ef-593e774fae38 + uuid: 8ed4b202-ef72-45d1-a0a1-21342469d481 metadata: title: FedRAMP Rev 5 High Baseline published: 2023-08-31T00:00:00Z - last-modified: 2024-01-11T23:40:17Z - version: 5.1.1+fedramp-20240111-0 + last-modified: 2023-12-18T15:22:59Z + version: 5.1.1+20231218-1 oscal-version: 1.1.1 roles: - id: prepared-by @@ -1100,7 +1100,7 @@ profile: positions - param-id: ps-03.03_odp constraints: - - description: personnel screening criteria - as required by specific information + - description: personnel screening criteria – as required by specific information - param-id: ps-04_odp.01 constraints: - description: one (1) hour @@ -1397,1100 +1397,6 @@ profile: constraints: - description: all alters: - - control-id: ac-1 - adds: - - position: starting - by-id: ac-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ac-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: ac-10 - adds: - - position: starting - by-id: ac-10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-11 - adds: - - position: starting - by-id: ac-11_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-11_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-11_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-11_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-11.1 - adds: - - position: starting - by-id: ac-11.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-11.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-12 - adds: - - position: starting - by-id: ac-12_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-14 - adds: - - position: starting - by-id: ac-14_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-14_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-14_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-14_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-17 - adds: - - position: starting - by-id: ac-17_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-17_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-17_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-17_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-17.1 - adds: - - position: starting - by-id: ac-17.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-17.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-17.2 - adds: - - position: starting - by-id: ac-17.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-17.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-17.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-17.3 - adds: - - position: starting - by-id: ac-17.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-17.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-17.4 - adds: - - position: starting - by-id: ac-17.4_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-17.4_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-17.4_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-17.4_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-17.4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-17.4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-17.4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-18 - adds: - - position: starting - by-id: ac-18_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-18_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-18_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-18_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-18.1 - adds: - - position: starting - by-id: ac-18.1_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-18.1_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-18.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-18.3 - adds: - - position: starting - by-id: ac-18.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-18.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-18.4 - adds: - - position: starting - by-id: ac-18.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-18.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-18.5 - adds: - - position: starting - by-id: ac-18.5_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-18.5_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-18.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-19 - adds: - - position: starting - by-id: ac-19_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-19_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-19_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-19_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-19.5 - adds: - - position: starting - by-id: ac-19.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-19.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-2 - adds: - - position: starting - by-id: ac-2_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-2_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-2_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.i.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.i.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.i.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.j - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.k-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.k-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.l - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.i - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.j - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.k - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.l - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-2.1 - adds: - - position: starting - by-id: ac-2.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-2.11 - adds: - - position: starting - by-id: ac-2.11_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.11_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.11 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-2.13 - adds: - - position: starting - by-id: ac-2.13_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.13_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.13 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-2.2 - adds: - - position: starting - by-id: ac-2.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ac-2.3 adds: - position: ending @@ -2524,120 +1430,6 @@ profile: value: "Guidance:" prose: For DoD clouds, see DoD cloud website for specific DoD requirements that go above and beyond FedRAMP https://public.cyber.mil/dccs/. - - position: starting - by-id: ac-2.3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.3_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.3_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-2.4 - adds: - - position: starting - by-id: ac-2.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.4 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ac-2.5 adds: - position: ending @@ -2653,120 +1445,6 @@ profile: - name: label value: "Guidance:" prose: Should use a shorter timeframe than AC-12. - - position: starting - by-id: ac-2.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-2.7 - adds: - - position: starting - by-id: ac-2.7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.7_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.7_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.7_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.7_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.7 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ac-2.9 adds: - position: ending @@ -2782,32 +1460,6 @@ profile: - name: label value: "Requirement:" prose: Required if shared/group accounts are deployed. - - position: starting - by-id: ac-2.9_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-2.9_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.9 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ac-2.12 adds: - position: ending @@ -2829,312 +1481,6 @@ profile: - name: label value: "(b) Requirement:" prose: Required for privileged accounts. - - position: starting - by-id: ac-2.12_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.12_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.12_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.12_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.12 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-20.1 - adds: - - position: starting - by-id: ac-20.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-20.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-20.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-20.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-20.2 - adds: - - position: starting - by-id: ac-20.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-20.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-21 - adds: - - position: starting - by-id: ac-21_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-21_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-21_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-21_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-22 - adds: - - position: starting - by-id: ac-22_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-22_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-22_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-22_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-22_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-22_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-22_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-22_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-3 - adds: - - position: starting - by-id: ac-3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-4 - adds: - - position: starting - by-id: ac-4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-4.21 - adds: - - position: starting - by-id: ac-4.21_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-4.21_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ac-4.4 adds: - position: ending @@ -3152,26 +1498,6 @@ profile: prose: The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf) and M-22-09 (https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf). - - position: starting - by-id: ac-4.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-4.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ac-5 adds: - position: ending @@ -3188,136 +1514,6 @@ profile: value: "Guidance:" prose: CSPs have the option to provide a separation of duties matrix as an attachment to the SSP. - - position: starting - by-id: ac-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-6 - adds: - - position: starting - by-id: ac-6_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-6_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-6 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-6.1 - adds: - - position: starting - by-id: ac-6.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-6.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-6.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-6.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-6.10 - adds: - - position: starting - by-id: ac-6.10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-6.10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-6.10 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ac-6.2 adds: - position: ending @@ -3337,190 +1533,6 @@ profile: \ (i.e., permissions, privileges), setting events to be audited,\ \ and setting intrusion detection parameters, system programming,\ \ system and security administration, other privileged functions." - - position: starting - by-id: ac-6.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-6.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-6.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-6.3 - adds: - - position: starting - by-id: ac-6.3_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-6.3_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-6.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-6.3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-6.5 - adds: - - position: starting - by-id: ac-6.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-6.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-6.5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-6.7 - adds: - - position: starting - by-id: ac-6.7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-6.7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-6.7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-6.7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-6.8 - adds: - - position: starting - by-id: ac-6.8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-6.8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-6.8 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-6.9 - adds: - - position: starting - by-id: ac-6.9_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-6.9_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ac-7 adds: - position: ending @@ -3536,46 +1548,6 @@ profile: - name: label value: "Requirement:" prose: In alignment with NIST SP 800-63B. - - position: starting - by-id: ac-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ac-8 adds: - position: ending @@ -3622,102 +1594,6 @@ profile: prose: If performed as part of a Configuration Baseline check, then the % of items requiring setting that are checked and that pass (or fail) check can be provided. - - position: starting - by-id: ac-8_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-8_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-8_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-8_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-8_obj.a.4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-8_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-8_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ac-20 adds: - position: ending @@ -3748,746 +1624,6 @@ profile: SA-9 describes the responsibilities of external system owners. These responsibilities would typically be captured in the agreement required by CA-3. - - position: starting - by-id: ac-20_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-20_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-20_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-20_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: at-1 - adds: - - position: starting - by-id: at-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: at-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: at-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: at-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: at-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: at-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: at-2 - adds: - - position: starting - by-id: at-2_obj.a.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_obj.a.1-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_obj.a.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_obj.a.1-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: at-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: at-2.2 - adds: - - position: starting - by-id: at-2.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: at-2.3 - adds: - - position: starting - by-id: at-2.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: at-3 - adds: - - position: starting - by-id: at-3_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-3_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: at-3_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: at-4 - adds: - - position: starting - by-id: at-4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: at-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: au-1 - adds: - - position: starting - by-id: au-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: au-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: au-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: au-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: au-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: au-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: au-10 - adds: - - position: starting - by-id: au-10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-10 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-12 - adds: - - position: starting - by-id: au-12_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-12_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-12_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-12_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-12_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-12_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-12 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-12.1 - adds: - - position: starting - by-id: au-12.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-12.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-12.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-12.3 - adds: - - position: starting - by-id: au-12.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-12.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-12.3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: au-2 adds: - position: ending @@ -4511,176 +1647,6 @@ profile: value: "(e) Guidance:" prose: Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO. - - position: starting - by-id: au-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-2_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-2_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-2_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-2_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-3 - adds: - - position: starting - by-id: au-3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: au-3.1 adds: - position: ending @@ -4698,164 +1664,6 @@ profile: prose: For client-server transactions, the number of bytes sent and received gives bidirectional transfer information that can be helpful during an investigation or inquiry. - - position: starting - by-id: au-3.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-3.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-4 - adds: - - position: starting - by-id: au-4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-4 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-5 - adds: - - position: starting - by-id: au-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-5.1 - adds: - - position: starting - by-id: au-5.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-5.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-5.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-5.2 - adds: - - position: starting - by-id: au-5.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-5.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-5.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: au-6 adds: - position: ending @@ -4874,184 +1682,6 @@ profile: be documented and accepted by the JAB/AO. In multi-tenant environments, capability and means for providing review, analysis, and reporting to consumer for data pertaining to consumer shall be documented. - - position: starting - by-id: au-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-6_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-6_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-6 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-6.1 - adds: - - position: starting - by-id: au-6.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-6.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-6.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-6.3 - adds: - - position: starting - by-id: au-6.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-6.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-6.3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-6.4 - adds: - - position: starting - by-id: au-6.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-6.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-6.4 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-6.5 - adds: - - position: starting - by-id: au-6.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-6.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-6.5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: au-6.6 adds: - position: ending @@ -5068,240 +1698,6 @@ profile: value: "Requirement:" prose: Coordination between service provider and consumer shall be documented and accepted by the JAB/AO. - - position: starting - by-id: au-6.6_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-6.6_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-6.6 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-6.7 - adds: - - position: starting - by-id: au-6.7_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-6.7_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-6.7 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-7 - adds: - - position: starting - by-id: au-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: au-7.1 - adds: - - position: starting - by-id: au-7.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-7.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: au-8 - adds: - - position: starting - by-id: au-8_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-8 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-9 - adds: - - position: starting - by-id: au-9_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-9_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-9_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-9_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: au-9.2 - adds: - - position: starting - by-id: au-9.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-9.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: au-9.3 adds: - position: ending @@ -5319,26 +1715,6 @@ profile: prose: Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.) - - position: starting - by-id: au-9.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-9.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: au-11 adds: - position: ending @@ -5370,186 +1746,6 @@ profile: value: "Guidance:" prose: The service provider is encouraged to align with M-21-31 where possible - - position: starting - by-id: au-11_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-11_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-11 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-9.4 - adds: - - position: starting - by-id: au-9.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-9.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ca-1 - adds: - - position: starting - by-id: ca-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ca-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - control-id: ca-2 adds: - position: ending @@ -5565,142 +1761,6 @@ profile: - name: label value: "Guidance:" prose: Reference FedRAMP Annual Assessment Guidance. - - position: starting - by-id: ca-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-2_obj.b.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2_obj.b.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2_obj.b.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-2_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-2_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-2_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ca-2.1 adds: - position: ending @@ -5716,26 +1776,6 @@ profile: - name: label value: "Requirement:" prose: For JAB Authorization, must use an accredited 3PAO. - - position: starting - by-id: ca-2.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ca-2.2 adds: - position: ending @@ -5751,128 +1791,6 @@ profile: - name: label value: "Requirement:" prose: To include 'announced', 'vulnerability scanning' - - position: starting - by-id: ca-2.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ca-2.3 - adds: - - position: starting - by-id: ca-2.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ca-3 - adds: - - position: starting - by-id: ca-3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-3_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ca-3.6 - adds: - - position: starting - by-id: ca-3.6_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-3.6_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ca-5 adds: - position: ending @@ -5894,46 +1812,6 @@ profile: - name: label value: "Guidance:" prose: Reference FedRAMP-POAM-Template - - position: starting - by-id: ca-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ca-6 adds: - position: ending @@ -5954,116 +1832,6 @@ profile: the types of changes to the information system or the environment of operations that would impact the risk posture. The types of changes are approved and accepted by the JAB/AO. - - position: starting - by-id: ca-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-6_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-6_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-6_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-6_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-6_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-6_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-6_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ca-7 adds: - position: ending @@ -6102,272 +1870,6 @@ profile: Monitoring Plan. CSPs should reference the FedRAMP Continuous Monitoring Strategy Guide when developing the Continuous Monitoring Plan. - - position: starting - by-id: ca-7_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ca-7.1 - adds: - - position: starting - by-id: ca-7.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ca-7.4 - adds: - - position: starting - by-id: ca-7.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7.4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7.4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7.4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7.4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7.4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7.4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ca-8 adds: - position: ending @@ -6383,48 +1885,6 @@ profile: - name: label value: "Guidance:" prose: Reference the FedRAMP Penetration Test Guidance. - - position: starting - by-id: ca-8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ca-8.1 - adds: - - position: starting - by-id: ca-8.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-8.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ca-8.2 adds: - position: ending @@ -6432,7 +1892,7 @@ profile: parts: - id: ca-8.2_fr name: item - title: CA-8(2) Additional FedRAMP Requirements and Guidance + title: CM-2 Additional FedRAMP Requirements and Guidance parts: - id: ca-8.2_fr_gdn.1 name: guidance @@ -6443,362 +1903,6 @@ profile: See the FedRAMP Documents page> Penetration Test Guidance https://www.FedRAMP.gov/documents/ - - position: starting - by-id: ca-8.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-8.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-8.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ca-9 - adds: - - position: starting - by-id: ca-9_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-9_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-9_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-9_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-9_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-9_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-9_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-9_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-1 - adds: - - position: starting - by-id: cm-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: cm-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: cm-10 - adds: - - position: starting - by-id: cm-10_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-10_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-10_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-10_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-10_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-10_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-11 - adds: - - position: starting - by-id: cm-11_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-11_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-11_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-11_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-11_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-11_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cm-2 adds: - position: ending @@ -6815,152 +1919,6 @@ profile: value: "(b)(1) Guidance:" prose: Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F. - - position: starting - by-id: cm-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-2_obj.b.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-2_obj.b.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-2_obj.b.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-2.2 - adds: - - position: starting - by-id: cm-2.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-2.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-2.3 - adds: - - position: starting - by-id: cm-2.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-2.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-2.7 - adds: - - position: starting - by-id: cm-2.7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-2.7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-2.7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-2.7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cm-3 adds: - position: ending @@ -6987,622 +1945,6 @@ profile: - name: label value: "(e) Guidance:" prose: In accordance with record retention policies and procedures. - - position: starting - by-id: cm-3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-3_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-3_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3_obj.g-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3_obj.g-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-3_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-3_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-3_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-3.1 - adds: - - position: starting - by-id: cm-3.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3.1_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3.1_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3.1_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3.1_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-3.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-3.1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-3.1_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-3.1_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-3.1_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-3.2 - adds: - - position: starting - by-id: cm-3.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-3.4 - adds: - - position: starting - by-id: cm-3.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-3.6 - adds: - - position: starting - by-id: cm-3.6_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3.6_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-4 - adds: - - position: starting - by-id: cm-4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-4.1 - adds: - - position: starting - by-id: cm-4.1_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-4.1_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-4.1_obj-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-4.1_obj-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-4.1_obj-5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-4.1_obj-6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-4.1_obj-7 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-4.1_obj-8 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-4.1_obj-9 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-4.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-4.2 - adds: - - position: starting - by-id: cm-4.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-4.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-5 - adds: - - position: starting - by-id: cm-5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: cm-5.1 - adds: - - position: starting - by-id: cm-5.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-5.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-5.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-5.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-5.5 - adds: - - position: starting - by-id: cm-5.5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-5.5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-5.5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-5.5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cm-6 adds: - position: ending @@ -7647,7 +1989,7 @@ profile: of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are - then documented in the CSP's Plan of Action and Milestones + then documented in the CSP’s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable. @@ -7658,140 +2000,6 @@ profile: CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests. - - position: starting - by-id: cm-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-6_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-6_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-6_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-6_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-6 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: cm-6.1 - adds: - - position: starting - by-id: cm-6.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-6.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-6.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: cm-6.2 - adds: - - position: starting - by-id: cm-6.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-6.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-6.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: cm-7 adds: - position: ending @@ -7811,96 +2019,6 @@ profile: ports, protocols, and/or services or establishes its own list of prohibited or restricted functions, ports, protocols, and/or services if STIGs or CIS is not available. - - position: starting - by-id: cm-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-7 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: cm-7.1 - adds: - - position: starting - by-id: cm-7.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-7.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-7.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-7.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-7.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: cm-7.2 adds: - position: ending @@ -7923,92 +2041,6 @@ profile: (i.e. allow-listing). This control is not to be based off of strictly written policy on what is allowed or not allowed to run. - - position: starting - by-id: cm-7.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-7.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-7.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: cm-7.5 - adds: - - position: starting - by-id: cm-7.5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-7.5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-7.5_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-7.5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-7.5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-7.5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-7.5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: cm-8 adds: - position: ending @@ -8024,208 +2056,6 @@ profile: - name: label value: "Requirement:" prose: must be provided at least monthly or when there is a change. - - position: starting - by-id: cm-8_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8_obj.a.4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8_obj.a.5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-8 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: cm-8.1 - adds: - - position: starting - by-id: cm-8.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-8.2 - adds: - - position: starting - by-id: cm-8.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-8.3 - adds: - - position: starting - by-id: cm-8.3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-8.3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-8.3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-8.3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-8.4 - adds: - - position: starting - by-id: cm-8.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cm-9 adds: - position: ending @@ -8241,124 +2071,6 @@ profile: Management of Information Systems, provides guidelines for the implementation of CM controls as well as a sample CMP outline in Appendix D of the Guide - - position: starting - by-id: cm-9_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-9_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-9_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-9_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-9_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-9_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-9_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-9_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-9_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-9_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-9_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-9_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-9_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cm-12 adds: - position: ending @@ -8374,94 +2086,6 @@ profile: - name: label value: "Requirement:" prose: According to FedRAMP Authorization Boundary Guidance - - position: starting - by-id: cm-12_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-12_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-12_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-12_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-12_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-12_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-12_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-12_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cm-12.1 adds: - position: ending @@ -8477,22 +2101,6 @@ profile: - name: label value: "Requirement:" prose: According to FedRAMP Authorization Boundary Guidance. - - position: starting - by-id: cm-12.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-12.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cm-14 adds: - position: ending @@ -8506,236 +2114,6 @@ profile: prose: If digital signatures/certificates are unavailable, alternative cryptographic integrity checks (hashes, self-signed certs, etc.) can be utilized. - - position: starting - by-id: cm-14_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-14_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-1 - adds: - - position: starting - by-id: cp-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: cp-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: cp-10 - adds: - - position: starting - by-id: cp-10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-10.2 - adds: - - position: starting - by-id: cp-10.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-10.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-10.4 - adds: - - position: starting - by-id: cp-10.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-10.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cp-2 adds: - position: ending @@ -8759,394 +2137,6 @@ profile: value: "Requirement:" prose: "CSPs must use the FedRAMP Information System Contingency\ \ Plan (ISCP) Template (available on the fedramp.gov: https://www.fedramp.gov/assets/resources/templates/SSP-A06-FedRAMP-ISCP-Template.docx)." - - position: starting - by-id: cp-2_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.a.4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.a.5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.a.6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.a.7 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.e-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.e-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-2_obj.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-2.1 - adds: - - position: starting - by-id: cp-2.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-2.2 - adds: - - position: starting - by-id: cp-2.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-2.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-2.3 - adds: - - position: starting - by-id: cp-2.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-2.5 - adds: - - position: starting - by-id: cp-2.5_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-2.5_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-2.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-2.8 - adds: - - position: starting - by-id: cp-2.8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2.8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cp-3 adds: - position: ending @@ -9169,114 +2159,6 @@ profile: applies to their respective level. Newly hired critical contingency personnel must take this more in-depth training within 60 days of hire date when the training will have more impact. - - position: starting - by-id: cp-3_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-3_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-3_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-3_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-3_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-3.1 - adds: - - position: starting - by-id: cp-3.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-3.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cp-4 adds: - position: ending @@ -9303,344 +2185,6 @@ profile: test results with the security package within the Contingency Plan-designated appendix (Appendix G, Contingency Plan Test Report). - - position: starting - by-id: cp-4_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-4_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-4_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-4 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: cp-4.1 - adds: - - position: starting - by-id: cp-4.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-4.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-4.2 - adds: - - position: starting - by-id: cp-4.2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-4.2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-4.2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-4.2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-6 - adds: - - position: starting - by-id: cp-6_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-6_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-6.1 - adds: - - position: starting - by-id: cp-6.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-6.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-6.2 - adds: - - position: starting - by-id: cp-6.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-6.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-6.3 - adds: - - position: starting - by-id: cp-6.3_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-6.3_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-6.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cp-7 adds: - position: ending @@ -9657,96 +2201,6 @@ profile: value: "(a) Requirement:" prose: The service provider defines a time period consistent with the recovery time objectives and business impact analysis. - - position: starting - by-id: cp-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-7_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-7_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-7_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-7_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cp-7.1 adds: - position: ending @@ -9767,110 +2221,6 @@ profile: concern. For one particular type of threat (i.e., hostile cyber attack), the degree of separation between sites will be less relevant. - - position: starting - by-id: cp-7.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-7.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-7.2 - adds: - - position: starting - by-id: cp-7.2_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-7.2_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-7.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-7.3 - adds: - - position: starting - by-id: cp-7.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-7.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-7.4 - adds: - - position: starting - by-id: cp-7.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-7.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cp-8 adds: - position: ending @@ -9887,186 +2237,6 @@ profile: value: "Requirement:" prose: The service provider defines a time period consistent with the recovery time objectives and business impact analysis. - - position: starting - by-id: cp-8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-8.1 - adds: - - position: starting - by-id: cp-8.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-8.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-8.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-8.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-8.2 - adds: - - position: starting - by-id: cp-8.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-8.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-8.3 - adds: - - position: starting - by-id: cp-8.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-8.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-8.4 - adds: - - position: starting - by-id: cp-8.4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-8.4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-8.4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-8.4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-8.4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-8.4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cp-9 adds: - position: ending @@ -10111,216 +2281,6 @@ profile: of information system documentation including security information (at least one of which is available online) or provides an equivalent alternative. - - position: starting - by-id: cp-9_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-9_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-9_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-9_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-9.1 - adds: - - position: starting - by-id: cp-9.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-9.2 - adds: - - position: starting - by-id: cp-9.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-9.3 - adds: - - position: starting - by-id: cp-9.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-9.5 - adds: - - position: starting - by-id: cp-9.5_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9.5_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cp-9.8 adds: - position: ending @@ -10338,232 +2298,6 @@ profile: prose: Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.) - - position: starting - by-id: cp-9.8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9.8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-1 - adds: - - position: starting - by-id: ia-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ia-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ia-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ia-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ia-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ia-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ia-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ia-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ia-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ia-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ia-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: ia-12.2 - adds: - - position: starting - by-id: ia-12.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-12.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-12.3 - adds: - - position: starting - by-id: ia-12.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-12.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-12.4 - adds: - - position: starting - by-id: ia-12.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-12.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ia-2 adds: - position: ending @@ -10605,54 +2339,6 @@ profile: processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system. - - position: starting - by-id: ia-2_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ia-2.1 adds: - position: ending @@ -10682,28 +2368,6 @@ profile: value: "Guidance:" prose: Multi-factor authentication to subsequent components in the same user domain is not required. - - position: starting - by-id: ia-2.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ia-2.2 adds: - position: ending @@ -10733,52 +2397,6 @@ profile: value: "Guidance:" prose: Multi-factor authentication to subsequent components in the same user domain is not required. - - position: starting - by-id: ia-2.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ia-2.5 - adds: - - position: starting - by-id: ia-2.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2.5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ia-2.6 adds: - position: ending @@ -10802,52 +2420,6 @@ profile: value: "Guidance:" prose: See SC-13 Guidance for more information on FIPS-validated or NSA-approved cryptography. - - position: starting - by-id: ia-2.6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2.6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2.6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2.6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2.6 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ia-2.12 adds: - position: ending @@ -10864,192 +2436,6 @@ profile: value: "Guidance:" prose: Include Common Access Card (CAC), i.e., the DoD technical implementation of PIV/FIPS 201/HSPD-12. - - position: starting - by-id: ia-2.12_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2.12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2.12 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ia-2.8 - adds: - - position: starting - by-id: ia-2.8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2.8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2.8 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ia-3 - adds: - - position: starting - by-id: ia-3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-4 - adds: - - position: starting - by-id: ia-4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-4 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ia-4.4 - adds: - - position: starting - by-id: ia-4.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-4.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ia-5 adds: - position: ending @@ -11076,206 +2462,6 @@ profile: parties, such as a browser. For example, a SAML assertion can be encrypted using XML-Encryption, or an OpenID Connect ID Token can be encrypted using JSON Web Encryption (JWE). - - position: starting - by-id: ia-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.h-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.h-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.i - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.i - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ia-5.1 adds: - position: ending @@ -11301,7 +2487,7 @@ profile: - name: label value: "(h) Requirement:" prose: >- - For cases where technology doesn't allow multi-factor + For cases where technology doesn’t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters. @@ -11319,218 +2505,6 @@ profile: prose: Note that (c) and (d) require the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13). - - position: starting - by-id: ia-5.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-5.2 - adds: - - position: starting - by-id: ia-5.2_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.2_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.2_obj.b.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.2_obj.b.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-5.6 - adds: - - position: starting - by-id: ia-5.6_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.6_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ia-5.7 adds: - position: ending @@ -11548,22 +2522,6 @@ profile: prose: In this context, prohibited static storage refers to any storage where unencrypted authenticators, such as passwords, persist beyond the time required to complete the access process. - - position: starting - by-id: ia-5.7_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.7_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ia-5.8 adds: - position: ending @@ -11581,26 +2539,6 @@ profile: prose: If a single user authentication domain is used to access multiple systems, such as in single-sign-on, then only a single authenticator is required. - - position: starting - by-id: ia-5.8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ia-5.13 adds: - position: ending @@ -11618,26 +2556,6 @@ profile: prose: For components subject to configuration baseline(s) (such as STIG or CIS,) the time period should conform to the baseline standard. - - position: starting - by-id: ia-5.13_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.13_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ia-11 adds: - position: ending @@ -11658,30 +2576,6 @@ profile: * AAL3 (high baseline) * 12 hours or * 15 minutes of inactivity - - position: starting - by-id: ia-11_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-11_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ia-12 adds: - position: ending @@ -11698,70 +2592,6 @@ profile: value: "Guidance:" prose: In accordance with NIST SP 800-63A Enrollment and Identity Proofing - - position: starting - by-id: ia-12_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-12_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-12_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-12_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-12_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-12_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ia-12.5 adds: - position: ending @@ -11778,426 +2608,6 @@ profile: value: "Guidance:" prose: In accordance with NIST SP 800-63A Enrollment and Identity Proofing - - position: starting - by-id: ia-12.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-12.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-6 - adds: - - position: starting - by-id: ia-6_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-6_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-7 - adds: - - position: starting - by-id: ia-7_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-7_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-8 - adds: - - position: starting - by-id: ia-8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-8.1 - adds: - - position: starting - by-id: ia-8.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-8.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-8.2 - adds: - - position: starting - by-id: ia-8.2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-8.2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-8.2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-8.2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-8.4 - adds: - - position: starting - by-id: ia-8.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-8.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-1 - adds: - - position: starting - by-id: ir-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ir-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: ir-2 - adds: - - position: starting - by-id: ir-2_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-2_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-2_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-2_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-2_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-2.1 - adds: - - position: starting - by-id: ir-2.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-2.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-2.2 - adds: - - position: starting - by-id: ir-2.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-2.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ir-3 adds: - position: ending @@ -12219,54 +2629,6 @@ profile: tests (see CA-8). The service provider provides test plans to the JAB/AO annually. Test plans are approved and accepted by the JAB/AO prior to test commencing. - - position: starting - by-id: ir-3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ir-3.2 - adds: - - position: starting - by-id: ir-3.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-3.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ir-4 adds: - position: ending @@ -12296,316 +2658,6 @@ profile: incident handling meet personnel security requirements commensurate with the criticality/sensitivity of the information being processed, stored, and transmitted by the information system. - - position: starting - by-id: ir-4_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-4 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ir-4.1 - adds: - - position: starting - by-id: ir-4.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-4.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ir-4.11 - adds: - - position: starting - by-id: ir-4.11_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-4.11_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-4.11_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-4.2 - adds: - - position: starting - by-id: ir-4.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-4.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ir-4.4 - adds: - - position: starting - by-id: ir-4.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-4.4 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ir-4.6 - adds: - - position: starting - by-id: ir-4.6_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-4.6_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-4.6 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ir-5 - adds: - - position: starting - by-id: ir-5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-5.1 - adds: - - position: starting - by-id: ir-5.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-5.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ir-6 adds: - position: ending @@ -12622,156 +2674,6 @@ profile: value: "Requirement:" prose: Reports security incident information according to FedRAMP Incident Communications Procedure. - - position: starting - by-id: ir-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-6.1 - adds: - - position: starting - by-id: ir-6.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-6.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-6.3 - adds: - - position: starting - by-id: ir-6.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-6.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-7 - adds: - - position: starting - by-id: ir-7_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-7_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-7_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-7.1 - adds: - - position: starting - by-id: ir-7.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-7.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ir-8 adds: - position: ending @@ -12799,1318 +2701,6 @@ profile: personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel. - - position: starting - by-id: ir-8_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.7 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.8 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.9 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.10 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-8_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-8_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-8_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-8_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-8_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-8_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-9 - adds: - - position: starting - by-id: ir-9_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-9_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-9_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-9_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-9_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-9_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-9_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-9_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-9_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-9_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-9_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-9_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-9_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-9_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-9.2 - adds: - - position: starting - by-id: ir-9.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-9.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-9.3 - adds: - - position: starting - by-id: ir-9.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-9.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-9.4 - adds: - - position: starting - by-id: ir-9.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-9.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-1 - adds: - - position: starting - by-id: ma-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ma-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ma-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ma-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ma-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ma-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: ma-2 - adds: - - position: starting - by-id: ma-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-2_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-2_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-2_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-2_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-2.2 - adds: - - position: starting - by-id: ma-2.2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-2.2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-2.2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-2.2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-3 - adds: - - position: starting - by-id: ma-3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-3.1 - adds: - - position: starting - by-id: ma-3.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-3.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-3.2 - adds: - - position: starting - by-id: ma-3.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-3.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-3.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ma-3.3 - adds: - - position: starting - by-id: ma-3.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-3.3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-3.3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-3.3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-3.3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-4 - adds: - - position: starting - by-id: ma-4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-4_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-4_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ma-4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-4_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-4_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-4.3 - adds: - - position: starting - by-id: ma-4.3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-4.3_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-4.3_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-4.3_obj.b-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-4.3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-4.3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-5 - adds: - - position: starting - by-id: ma-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ma-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-5_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-5.1 - adds: - - position: starting - by-id: ma-5.1_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-5.1_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-5.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-5.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-5.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-6 - adds: - - position: starting - by-id: ma-6_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-6_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: mp-1 - adds: - - position: starting - by-id: mp-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: mp-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: mp-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: mp-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: mp-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: mp-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: mp-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: mp-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: mp-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: mp-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: mp-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: mp-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: mp-2 - adds: - - position: starting - by-id: mp-2_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-2_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: mp-3 adds: - position: ending @@ -14126,38 +2716,6 @@ profile: - name: label value: "(b) Guidance:" prose: Second parameter not-applicable - - position: starting - by-id: mp-3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: mp-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: mp-4 adds: - position: ending @@ -14174,108 +2732,6 @@ profile: value: "(a) Requirement:" prose: The service provider defines controlled areas within facilities where the information and information system reside. - - position: starting - by-id: mp-4_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-4_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-4_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-4_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: mp-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: mp-5 adds: - position: ending @@ -14293,150 +2749,6 @@ profile: prose: The service provider defines security measures to protect digital and non-digital media in transport. The security measures are approved and accepted by the JAB/AO. - - position: starting - by-id: mp-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-5_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: mp-5_obj.d-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: mp-5_obj.d-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: mp-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: mp-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: mp-5_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: mp-6 - adds: - - position: starting - by-id: mp-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: mp-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: mp-6.1 adds: - position: ending @@ -14452,22 +2764,6 @@ profile: - name: label value: "Requirement:" prose: Must comply with NIST SP 800-88 - - position: starting - by-id: mp-6.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-6.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: mp-6.2 adds: - position: ending @@ -14484,22 +2780,6 @@ profile: value: "Guidance:" prose: Equipment and procedures may be tested or validated for effectiveness - - position: starting - by-id: mp-6.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-6.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: mp-6.3 adds: - position: ending @@ -14515,576 +2795,6 @@ profile: - name: label value: "Requirement:" prose: Must comply with NIST SP 800-88 - - position: starting - by-id: mp-6.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-6.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: mp-7 - adds: - - position: starting - by-id: mp-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: mp-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-1 - adds: - - position: starting - by-id: pe-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pe-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pe-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pe-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pe-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: pe-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: pe-10 - adds: - - position: starting - by-id: pe-10_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-10_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-10_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-10_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-10_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-10_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-11 - adds: - - position: starting - by-id: pe-11_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-11_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-11.1 - adds: - - position: starting - by-id: pe-11.1_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-11.1_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-11.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-12 - adds: - - position: starting - by-id: pe-12_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-12_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-12_obj-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-12_obj-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-13 - adds: - - position: starting - by-id: pe-13_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13_obj-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13_obj-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13_obj-5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13_obj-6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-13.1 - adds: - - position: starting - by-id: pe-13.1_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13.1_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13.1_obj-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-13.2 - adds: - - position: starting - by-id: pe-13.2_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13.2_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13.2_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13.2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13.2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-13.2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: pe-14 adds: - position: ending @@ -15101,1570 +2811,6 @@ profile: value: "(a) Requirement:" prose: The service provider measures temperature at server inlets and humidity levels by dew point. - - position: starting - by-id: pe-14_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-14_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-14_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-14_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-14.2 - adds: - - position: starting - by-id: pe-14.2_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-14.2_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-14.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-15 - adds: - - position: starting - by-id: pe-15_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-15_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-15_obj-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-15_obj-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-15_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-15.1 - adds: - - position: starting - by-id: pe-15.1_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-15.1_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-15.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-16 - adds: - - position: starting - by-id: pe-16_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-16_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-16_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-16_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-16_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-16_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-16_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-17 - adds: - - position: starting - by-id: pe-17_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-17_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-17_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-17_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-17_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-17_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-17_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-17_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-18 - adds: - - position: starting - by-id: pe-18_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-18_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-2 - adds: - - position: starting - by-id: pe-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-3 - adds: - - position: starting - by-id: pe-3_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-3_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.d-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.d-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-3_obj.g-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.g-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: pe-3.1 - adds: - - position: starting - by-id: pe-3.1_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3.1_obj.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-4 - adds: - - position: starting - by-id: pe-4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-5 - adds: - - position: starting - by-id: pe-5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-6 - adds: - - position: starting - by-id: pe-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-6_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-6_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-6_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-6_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-6_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-6.1 - adds: - - position: starting - by-id: pe-6.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-6.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-6.4 - adds: - - position: starting - by-id: pe-6.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-6.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-8 - adds: - - position: starting - by-id: pe-8_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-8_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-8_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-8.1 - adds: - - position: starting - by-id: pe-8.1_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-8.1_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-8.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-9 - adds: - - position: starting - by-id: pe-9_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-9_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pl-1 - adds: - - position: starting - by-id: pl-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: pl-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: pl-11 - adds: - - position: starting - by-id: pl-11_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-11_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pl-2 - adds: - - position: starting - by-id: pl-2_obj.a.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.4-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.4-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.7 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.8 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.9 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.10-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.10-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.11 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.12-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.12-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.13-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.13-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.14-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-2_obj.a.14-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-2_obj.a.15-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.15-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-2_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-2_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pl-4 - adds: - - position: starting - by-id: pl-4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pl-4.1 - adds: - - position: starting - by-id: pl-4.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-4.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-4.1_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-4.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-4.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-4.1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: pl-8 adds: - position: ending @@ -16681,170 +2827,6 @@ profile: value: "(b) Guidance:" prose: Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F. - - position: starting - by-id: pl-8_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-8_obj.a.4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-8_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.c-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.c-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.c-5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.c-6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-8_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: pl-10 adds: - position: ending @@ -16860,910 +2842,6 @@ profile: - name: label value: "Requirement:" prose: Select the appropriate FedRAMP Baseline - - position: starting - by-id: pl-10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-1 - adds: - - position: starting - by-id: ps-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ps-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: ps-2 - adds: - - position: starting - by-id: ps-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-3 - adds: - - position: starting - by-id: ps-3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-3.3 - adds: - - position: starting - by-id: ps-3.3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-3.3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-3.3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-3.3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-4 - adds: - - position: starting - by-id: ps-4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-4_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-4_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-4.2 - adds: - - position: starting - by-id: ps-4.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-4.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-5 - adds: - - position: starting - by-id: ps-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-5_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-5_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-5_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-6 - adds: - - position: starting - by-id: ps-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-6_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-6_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-6_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-7 - adds: - - position: starting - by-id: ps-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-7_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-7_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-7_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-7_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-7_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-7_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-8 - adds: - - position: starting - by-id: ps-8_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-9 - adds: - - position: starting - by-id: ps-9_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-9_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ra-1 - adds: - - position: starting - by-id: ra-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ra-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: ra-2 - adds: - - position: starting - by-id: ra-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ra-3 adds: - position: ending @@ -17787,192 +2865,6 @@ profile: value: "(e) Requirement:" prose: Include all Authorizing Officials; for JAB authorizations to include FedRAMP. - - position: starting - by-id: ra-3_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-3_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-3_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-3_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-3_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-3_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-3_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-3_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-3_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ra-3.1 - adds: - - position: starting - by-id: ra-3.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-3.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-3.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-3.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ra-5 adds: - position: ending @@ -18042,316 +2934,12 @@ profile: Warnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a - \"warning\" as part of the compliance scanning of a CSO, follow + “warning” as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching - on \"Tracking of Compliance Scans\" in FAQs. - - position: starting - by-id: ra-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-5_obj.b.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.b.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.b.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ra-5.11 - adds: - - position: starting - by-id: ra-5.11_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5.11_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ra-5.2 - adds: - - position: starting - by-id: ra-5.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ra-5.3 - adds: - - position: starting - by-id: ra-5.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5.3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ra-5.4 - adds: - - position: starting - by-id: ra-5.4_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5.4_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ra-5.5 - adds: - - position: starting - by-id: ra-5.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. + on “Tracking of Compliance Scans” in FAQs. - control-id: ra-5.8 adds: - position: ending @@ -18368,1180 +2956,6 @@ profile: value: "Requirement:" prose: This enhancement is required for all high (or critical) vulnerability scan findings. - - position: starting - by-id: ra-5.8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5.8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ra-7 - adds: - - position: starting - by-id: ra-7_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-7_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ra-9 - adds: - - position: starting - by-id: ra-9_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-9_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-1 - adds: - - position: starting - by-id: sa-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: sa-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: sa-11 - adds: - - position: starting - by-id: sa-11_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-11_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-11_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-11_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-11_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-11_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-11.2 - adds: - - position: starting - by-id: sa-11.2_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.b-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.b-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.d-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-11.2_obj.d-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-11.2_obj.d-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-11.2_obj.d-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-11.2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-11.2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-11.2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-11.2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-15 - adds: - - position: starting - by-id: sa-15_obj.a.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-15_obj.a.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-15_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-15_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-15_obj.a.4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-15_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-15_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-15_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-15_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-15.3 - adds: - - position: starting - by-id: sa-15.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-15.3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-15.3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-16 - adds: - - position: starting - by-id: sa-16_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-16_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-17 - adds: - - position: starting - by-id: sa-17_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-17_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-17_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-17_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-17_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-17_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-17_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-17_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-17_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-2 - adds: - - position: starting - by-id: sa-2_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-2_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-2_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-2_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-2_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-2_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-21 - adds: - - position: starting - by-id: sa-21_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-21_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-21_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-21_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-22 - adds: - - position: starting - by-id: sa-22_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-22_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-22_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-22_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-3 - adds: - - position: starting - by-id: sa-3_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.d-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.d-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sa-4 adds: - position: ending @@ -19573,228 +2987,6 @@ profile: See https://www.niap-ccevs.org/Product/index.cfm or https://www.commoncriteriaportal.org/products/. - - position: starting - by-id: sa-4_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.i - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.i - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sa-10 adds: - position: ending @@ -19812,110 +3004,6 @@ profile: prose: track security flaws and flaw resolution within the system, component, or service and report findings to organization-defined personnel, to include FedRAMP. - - position: starting - by-id: sa-10_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-10_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-10_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-10_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-10_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-10_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-10_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-10_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-10_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-10_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sa-11.1 adds: - position: ending @@ -19939,1256 +3027,6 @@ profile: If Static code analysis cannot be performed (for example, when the source code is not available), then dynamic code analysis must be performed (see SA-11 (8)) - - position: starting - by-id: sa-11.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-11.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: sa-4.1 - adds: - - position: starting - by-id: sa-4.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-4.10 - adds: - - position: starting - by-id: sa-4.10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4.10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-4.2 - adds: - - position: starting - by-id: sa-4.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-4.5 - adds: - - position: starting - by-id: sa-4.5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-4.5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-4.5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4.5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-4.9 - adds: - - position: starting - by-id: sa-4.9_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4.9_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-5 - adds: - - position: starting - by-id: sa-5_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.a.2-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.a.2-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.a.2-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.a.2-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.1-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.1-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.2-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.2-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.3-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.3-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-5_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-5_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-5_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-8 - adds: - - position: starting - by-id: sa-8_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-7 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-8 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-9 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-10 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-9 - adds: - - position: starting - by-id: sa-9_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-9_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-9_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-9_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-9_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-9_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-9_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-9_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-9_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-9 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: sa-9.1 - adds: - - position: starting - by-id: sa-9.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-9.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-9.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-9.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-9.2 - adds: - - position: starting - by-id: sa-9.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-9.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-9.5 - adds: - - position: starting - by-id: sa-9.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-9.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-1 - adds: - - position: starting - by-id: sc-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sc-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sc-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sc-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sc-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: sc-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: sc-10 - adds: - - position: starting - by-id: sc-10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-12.1 - adds: - - position: starting - by-id: sc-12.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-12.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-17 - adds: - - position: starting - by-id: sc-17_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-17_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-17_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-17_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-18 - adds: - - position: starting - by-id: sc-18_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sc-18_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-18_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-18_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-2 - adds: - - position: starting - by-id: sc-2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-22 - adds: - - position: starting - by-id: sc-22_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-22_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-23 - adds: - - position: starting - by-id: sc-23_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-23_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-24 - adds: - - position: starting - by-id: sc-24_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-24_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-3 - adds: - - position: starting - by-id: sc-3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-39 - adds: - - position: starting - by-id: sc-39_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-39_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-4 - adds: - - position: starting - by-id: sc-4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-45 - adds: - - position: starting - by-id: sc-45_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-45_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-5 - adds: - - position: starting - by-id: sc-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sc-7 adds: - position: ending @@ -21212,512 +3050,6 @@ profile: to satisfy SC-7 part b and other controls. See the FedRAMP Subnets White Paper (https://www.fedramp.gov/assets/resources/documents/FedRAMP_subnets_white_paper.pdf) for additional information. - - position: starting - by-id: sc-7_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-7_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-7_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-7_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: sc-7.10 - adds: - - position: starting - by-id: sc-7.10_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.10_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-7.10_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.10_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-7.12 - adds: - - position: starting - by-id: sc-7.12_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.12 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: sc-7.18 - adds: - - position: starting - by-id: sc-7.18_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.18_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.18 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: sc-7.20 - adds: - - position: starting - by-id: sc-7.20_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.20_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.20 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: sc-7.21 - adds: - - position: starting - by-id: sc-7.21_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.21_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.21 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: sc-7.3 - adds: - - position: starting - by-id: sc-7.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: sc-7.4 - adds: - - position: starting - by-id: sc-7.4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-7.4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-7.4_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-7.4_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.4_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.4_obj.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.4_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.4_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.4_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.4_smt.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.4 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-7.5 adds: - position: ending @@ -21734,100 +3066,6 @@ profile: value: "Guidance:" prose: For JAB Authorization, CSPs shall include details of this control in their Architecture Briefing - - position: starting - by-id: sc-7.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: sc-7.7 - adds: - - position: starting - by-id: sc-7.7_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.7_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.7 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: sc-7.8 - adds: - - position: starting - by-id: sc-7.8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.8 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-8 adds: - position: ending @@ -21867,7 +3105,7 @@ profile: * From a load balancer to a compute instance - * Flows from management tools required for their work - e.g. + * Flows from management tools required for their work – e.g. log collection, scanning, etc. @@ -21912,10 +3150,10 @@ profile: Controlled Access Area (CAA): Data will be considered physically - protected, and in a CAA if it meets Section 2.3 of the DHS's + protected, and in a CAA if it meets Section 2.3 of the DHS’s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 - of the DHS' recommended practice by satisfactory implementation + of the DHS’ recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3). @@ -21942,36 +3180,6 @@ profile: https://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf - - position: starting - by-id: sc-8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-8 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-8.1 adds: - position: ending @@ -22020,30 +3228,6 @@ profile: \ many require encryption to be configured, and enabled by the\ \ customer. The CSP has the responsibility to verify encryption\ \ is properly configured." - - position: starting - by-id: sc-8.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-8.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sc-12 adds: - position: ending @@ -22074,36 +3258,6 @@ profile: prose: Wildcard certificates may be used internally within the system, but are not permitted for external customer access to the system. - - position: starting - by-id: sc-12_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-12 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-13 adds: - position: ending @@ -22193,56 +3347,6 @@ profile: prose: "At a minimum, this control applies to cryptography in\ \ use for the following controls: AU-9(3), CP-9(8), IA-2(6),\ \ IA-5(1), MP-5, SC-8(1), and SC-28(1)." - - position: starting - by-id: sc-13_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-13_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-13_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-13_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-13 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-15 adds: - position: ending @@ -22260,50 +3364,6 @@ profile: prose: The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use. - - position: starting - by-id: sc-15_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-15_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-15_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-15_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sc-20 adds: - position: ending @@ -22351,72 +3411,6 @@ profile: prose: CSPs are recommended to self-check DNSSEC configuration through one of many available analyzers such as Sandia National Labs (https://dnsviz.net) - - position: starting - by-id: sc-20_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-20_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-20_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-20_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-20_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sc-21 adds: - position: ending @@ -22468,36 +3462,6 @@ profile: - DNSSEC resolution to access a component inside the boundary is excluded. - - position: starting - by-id: sc-21_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-21_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-21 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-28 adds: - position: ending @@ -22531,36 +3495,6 @@ profile: value: "Guidance:" prose: Note that this enhancement requires the use of cryptography in accordance with SC-13. - - position: starting - by-id: sc-28_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-28_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-28 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-28.1 adds: - position: ending @@ -22597,30 +3531,6 @@ profile: C. For a database application housing data for multiple customers, encryption with unique keys for each customer at the database record level may be more appropriate. - - position: starting - by-id: sc-28.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-28.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sc-45.1 adds: - position: ending @@ -22655,546 +3565,6 @@ profile: value: "Guidance:" prose: Synchronization of system clocks improves the accuracy of log analysis. - - position: starting - by-id: sc-45.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-45.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-45.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-45.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-45.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-1 - adds: - - position: starting - by-id: si-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: si-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: si-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: si-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: si-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: si-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: si-11 - adds: - - position: starting - by-id: si-11_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-11_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-11_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-11_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-12 - adds: - - position: starting - by-id: si-12_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-16 - adds: - - position: starting - by-id: si-16_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-16_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-2 - adds: - - position: starting - by-id: si-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-2.2 - adds: - - position: starting - by-id: si-2.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-2.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-2.3 - adds: - - position: starting - by-id: si-2.3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-2.3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-2.3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-2.3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-3 - adds: - - position: starting - by-id: si-3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-3_obj.c.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-3_obj.c.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-3_obj.c.2-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-3_obj.c.2-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-3_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: si-4 adds: - position: ending @@ -23210,576 +3580,6 @@ profile: - name: label value: "Guidance:" prose: See US-CERT Incident Response Reporting Guidelines. - - position: starting - by-id: si-4_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-4.1 - adds: - - position: starting - by-id: si-4.1_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4.1_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-4.11 - adds: - - position: starting - by-id: si-4.11_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4.11_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-4.12 - adds: - - position: starting - by-id: si-4.12_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4.12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-4.14 - adds: - - position: starting - by-id: si-4.14_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4.14_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-4.16 - adds: - - position: starting - by-id: si-4.16_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4.16_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4.16 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-4.18 - adds: - - position: starting - by-id: si-4.18_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4.18_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-4.19 - adds: - - position: starting - by-id: si-4.19_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4.19_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4.19 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-4.2 - adds: - - position: starting - by-id: si-4.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-4.20 - adds: - - position: starting - by-id: si-4.20_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4.20_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4.20 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-4.22 - adds: - - position: starting - by-id: si-4.22_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4.22_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4.22_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4.22_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-4.23 - adds: - - position: starting - by-id: si-4.23_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4.23_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4.23 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-4.4 - adds: - - position: starting - by-id: si-4.4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4.4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4.4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4.4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: si-4.5 adds: - position: ending @@ -23795,30 +3595,6 @@ profile: - name: label value: "Guidance:" prose: In accordance with the incident response plan. - - position: starting - by-id: si-4.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: si-4.10 adds: - position: ending @@ -23836,32 +3612,6 @@ profile: prose: The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf) and M-22-09 (https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf). - - position: starting - by-id: si-4.10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4.10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4.10 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: si-5 adds: - position: ending @@ -23877,380 +3627,6 @@ profile: Operational Directives applicable to their cloud service offering per FedRAMP guidance. This includes listing the applicable directives and stating compliance status. - - position: starting - by-id: si-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-5_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-5_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-5_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-5.1 - adds: - - position: starting - by-id: si-5.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-5.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-6 - adds: - - position: starting - by-id: si-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-6_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-6_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-6_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-6_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-6 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-7 - adds: - - position: starting - by-id: si-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-7 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-7.1 - adds: - - position: starting - by-id: si-7.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-7.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-7.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-7.15 - adds: - - position: starting - by-id: si-7.15_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-7.15_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-7.2 - adds: - - position: starting - by-id: si-7.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-7.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-7.5 - adds: - - position: starting - by-id: si-7.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-7.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-7.7 - adds: - - position: starting - by-id: si-7.7_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-7.7_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: si-8 adds: - position: ending @@ -24285,46 +3661,6 @@ profile: \ reports@dmarc.cyber.dhs.gov. DMARC compliance should be documented\ \ in the SI-08 control implementation solution description,\ \ and list the FROM: domain(s) that will be seen by email recipients." - - position: starting - by-id: si-8_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: si-10 adds: - position: ending @@ -24340,434 +3676,6 @@ profile: - name: label value: "Requirement:" prose: Validate all information inputs and document any exceptions - - position: starting - by-id: si-10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-10 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-8.2 - adds: - - position: starting - by-id: si-8.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-8.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-1 - adds: - - position: starting - by-id: sr-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: sr-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sr-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: sr-10 - adds: - - position: starting - by-id: sr-10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-11.1 - adds: - - position: starting - by-id: sr-11.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-11.2 - adds: - - position: starting - by-id: sr-11.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-12 - adds: - - position: starting - by-id: sr-12_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-2 - adds: - - position: starting - by-id: sr-2_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-2_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-7 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-8 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-9 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sr-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sr-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sr-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-2.1 - adds: - - position: starting - by-id: sr-2.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-2.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sr-3 adds: - position: ending @@ -24785,106 +3693,6 @@ profile: prose: CSO must document and maintain the supply chain custody, including replacement devices, to ensure the integrity of the devices before being introduced to the boundary. - - position: starting - by-id: sr-3_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-3_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sr-3_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sr-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sr-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sr-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-5 - adds: - - position: starting - by-id: sr-5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sr-5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sr-6 adds: - position: ending @@ -24904,26 +3712,6 @@ profile: a commensurate security and compliance framework. CSOs must ensure that vendors are compliant with physical facility access and logical access controls to supplied products. - - position: starting - by-id: sr-6_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sr-6_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sr-8 adds: - position: ending @@ -24941,26 +3729,6 @@ profile: prose: CSOs must ensure and document how they receive notifications from their supply chain vendor of newly discovered vulnerabilities including zero-day vulnerabilities. - - position: starting - by-id: sr-8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sr-9 adds: - position: ending @@ -24978,48 +3746,6 @@ profile: prose: CSOs must ensure vendors provide authenticity of software and patches supplied to the service provider including documenting the safeguards in place. - - position: starting - by-id: sr-9_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-9_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-9.1 - adds: - - position: starting - by-id: sr-9.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-9.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sr-11 adds: - position: ending @@ -25037,88 +3763,6 @@ profile: prose: CSOs must ensure that their supply chain vendors provide authenticity of software and patches and the vendor must have a plan to protect the development pipeline. - - position: starting - by-id: sr-11_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sr-11_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. back-matter: resources: - uuid: 985475ee-d4d6-4581-8fdf-d84d3d8caa48 @@ -25133,10 +3777,10 @@ profile: rlinks: - href: https://www.fedramp.gov/assets/img/logo-main-fedramp.png - uuid: 051a77c1-b61d-4995-8275-dacfe688d510 - title: NIST Special Publication (SP) 800-53 + title: NIST Special Publication (SP) 800-53 revision 5 props: - name: version value: 5.1.1 rlinks: - - href: https://raw.githubusercontent.com/usnistgov/oscal-content/v1.2.0/nist.gov/SP800-53/rev5/yaml/NIST_SP-800-53_rev5_catalog.yaml - media-type: application/yaml + - href: NIST_SP-800-53_rev5_catalog.yaml + media-type: application/oscal+yaml diff --git a/dist/content/rev5/baselines/yaml/FedRAMP_rev5_LI-SaaS-baseline-resolved-profile_catalog.yaml b/dist/content/rev5/baselines/yaml/FedRAMP_rev5_LI-SaaS-baseline-resolved-profile_catalog.yaml index 18a729eb8..c7f5606d1 100644 --- a/dist/content/rev5/baselines/yaml/FedRAMP_rev5_LI-SaaS-baseline-resolved-profile_catalog.yaml +++ b/dist/content/rev5/baselines/yaml/FedRAMP_rev5_LI-SaaS-baseline-resolved-profile_catalog.yaml @@ -1,11 +1,11 @@ --- catalog: - uuid: f851c7cc-dd32-4233-b0a2-9fd83f561e67 + uuid: 1f13921f-e208-46d9-9506-2a14e20bbb0a metadata: title: FedRAMP Rev 5 Tailored Low Impact Software as a Service (LI-SaaS) Baseline published: 2023-08-31T00:00:00Z - last-modified: 2024-01-19T14:50:30.575664-05:00 - version: 5.1.1+fedramp-20240111-0 + last-modified: 2024-02-06T11:18:05.811433-05:00 + version: 5.1.1+20231218-1 oscal-version: 1.1.1 links: - href: FedRAMP_rev5_LI-SaaS-baseline_profile.yaml @@ -120,6 +120,9 @@ catalog: - prose: events that would require procedures to be reviewed and updated are defined; props: + - name: label + value: AC-01 + class: zero-padded - name: label value: AC-1 - name: label @@ -134,7 +137,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -317,6 +320,9 @@ catalog: guidelines: - prose: the frequency of account review is defined; props: + - name: label + value: AC-02 + class: zero-padded - name: label value: AC-2 - name: label @@ -328,7 +334,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -510,15 +516,15 @@ catalog: ns: https://fedramp.gov/ns/oscal value: Required - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: EXAMINE class: fedramp - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: INTERVIEW class: fedramp - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: TEST class: fedramp prose: Determine if the organization defines information system account @@ -528,7 +534,7 @@ catalog: name: assessment-method props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: EXAMINE parts: - name: assessment-objects @@ -548,7 +554,7 @@ catalog: name: assessment-method props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: INTERVIEW parts: - name: assessment-objects @@ -559,7 +565,7 @@ catalog: name: assessment-method props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: TEST parts: - name: assessment-objects @@ -569,6 +575,9 @@ catalog: class: SP800-53 title: Access Enforcement props: + - name: label + value: AC-03 + class: zero-padded - name: label value: AC-3 - name: label @@ -580,7 +589,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -827,6 +836,9 @@ catalog: - prose: other action to be taken when the maximum number of unsuccessful attempts is exceeded is defined (if selected); props: + - name: label + value: AC-07 + class: zero-padded - name: label value: AC-7 - name: label @@ -838,11 +850,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -1026,6 +1038,9 @@ catalog: - prose: conditions for system use to be displayed by the system before granting further access are defined; props: + - name: label + value: AC-08 + class: zero-padded - name: label value: AC-8 - name: label @@ -1040,7 +1055,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: FED class: FedRAMP-Tailored-LI-SaaS links: @@ -1157,6 +1172,9 @@ catalog: - prose: user actions that can be performed on the system without identification or authentication are defined; props: + - name: label + value: AC-14 + class: zero-padded - name: label value: AC-14 - name: label @@ -1168,7 +1186,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: FED class: FedRAMP-Tailored-LI-SaaS links: @@ -1226,6 +1244,9 @@ catalog: class: SP800-53 title: Remote Access props: + - name: label + value: AC-17 + class: zero-padded - name: label value: AC-17 - name: label @@ -1237,7 +1258,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -1472,6 +1493,9 @@ catalog: class: SP800-53 title: Wireless Access props: + - name: label + value: AC-18 + class: zero-padded - name: label value: AC-18 - name: label @@ -1483,7 +1507,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS links: @@ -1554,6 +1578,9 @@ catalog: class: SP800-53 title: Access Control for Mobile Devices props: + - name: label + value: AC-19 + class: zero-padded - name: label value: AC-19 - name: label @@ -1565,7 +1592,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS links: @@ -1718,6 +1745,9 @@ catalog: guidelines: - prose: types of external systems prohibited from use are defined; props: + - name: label + value: AC-20 + class: zero-padded - name: label value: AC-20 - name: label @@ -1729,7 +1759,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -1855,6 +1885,9 @@ catalog: - prose: the frequency at which to review the content on the publicly accessible system for non-public information is defined; props: + - name: label + value: AC-22 + class: zero-padded - name: label value: AC-22 - name: label @@ -1866,7 +1899,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -2141,6 +2174,9 @@ catalog: - prose: events that would require procedures to be reviewed and updated are defined; props: + - name: label + value: AT-01 + class: zero-padded - name: label value: AT-1 - name: label @@ -2155,7 +2191,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -2324,6 +2360,9 @@ catalog: - prose: events that would require literacy training and awareness content to be updated are defined; props: + - name: label + value: AT-02 + class: zero-padded - name: label value: AT-2 - name: label @@ -2338,7 +2377,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -2473,6 +2512,9 @@ catalog: class: SP800-53-enhancement title: Insider Threat props: + - name: label + value: AT-02(02) + class: zero-padded - name: label value: AT-2(2) - name: label @@ -2487,7 +2529,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -2553,6 +2595,9 @@ catalog: - prose: events that require role-based training content to be updated are defined; props: + - name: label + value: AT-03 + class: zero-padded - name: label value: AT-3 - name: label @@ -2567,7 +2612,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -2718,6 +2763,9 @@ catalog: - prose: time period for retaining individual training records is defined; props: + - name: label + value: AT-04 + class: zero-padded - name: label value: AT-4 - name: label @@ -2732,7 +2780,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -2834,6 +2882,9 @@ catalog: - prose: events that would require audit and accountability procedures to be reviewed and updated are defined; props: + - name: label + value: AU-01 + class: zero-padded - name: label value: AU-1 - name: label @@ -2848,7 +2899,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -3006,6 +3057,9 @@ catalog: - prose: the frequency of event types selected for logging are reviewed and updated; props: + - name: label + value: AU-02 + class: zero-padded - name: label value: AU-2 - name: label @@ -3017,7 +3071,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -3191,6 +3245,9 @@ catalog: class: SP800-53 title: Content of Audit Records props: + - name: label + value: AU-03 + class: zero-padded - name: label value: AU-3 - name: label @@ -3202,7 +3259,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -3439,6 +3496,9 @@ catalog: guidelines: - prose: audit log retention requirements are defined; props: + - name: label + value: AU-04 + class: zero-padded - name: label value: AU-4 - name: label @@ -3453,7 +3513,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS links: @@ -3513,6 +3573,9 @@ catalog: - prose: additional actions to be taken in the event of an audit logging process failure are defined; props: + - name: label + value: AU-05 + class: zero-padded - name: label value: AU-5 - name: label @@ -3524,7 +3587,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -3715,6 +3778,9 @@ catalog: - prose: personnel or roles to receive findings from reviews and analyses of system records is/are defined; props: + - name: label + value: AU-06 + class: zero-padded - name: label value: AU-6 - name: label @@ -3729,7 +3795,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -3956,6 +4022,9 @@ catalog: - prose: granularity of time measurement for audit record timestamps is defined; props: + - name: label + value: AU-08 + class: zero-padded - name: label value: AU-8 - name: label @@ -3967,7 +4036,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -4022,6 +4091,9 @@ catalog: access, modification, or deletion of audit information is/are defined; props: + - name: label + value: AU-09 + class: zero-padded - name: label value: AU-9 - name: label @@ -4033,7 +4105,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -4112,6 +4184,9 @@ catalog: - prose: a time period to retain audit records that is consistent with the records retention policy is defined; props: + - name: label + value: AU-11 + class: zero-padded - name: label value: AU-11 - name: label @@ -4123,7 +4198,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS links: @@ -4187,6 +4262,9 @@ catalog: - prose: personnel or roles allowed to select the event types that are to be logged by specific components of the system is/are defined; props: + - name: label + value: AU-12 + class: zero-padded - name: label value: AU-12 - name: label @@ -4198,7 +4276,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -4332,6 +4410,9 @@ catalog: - prose: events that would require assessment, authorization, and monitoring procedures to be reviewed and updated are defined; props: + - name: label + value: CA-01 + class: zero-padded - name: label value: CA-1 - name: label @@ -4346,7 +4427,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -4495,6 +4576,9 @@ catalog: - prose: individuals or roles to whom control assessment results are to be provided are defined; props: + - name: label + value: CA-02 + class: zero-padded - name: label value: CA-2 - name: label @@ -4509,7 +4593,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -4941,6 +5025,9 @@ catalog: class: SP800-53-enhancement title: Independent Assessors props: + - name: label + value: CA-02(01) + class: zero-padded - name: label value: CA-2(1) - name: label @@ -4955,7 +5042,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -5040,6 +5127,9 @@ catalog: - prose: the frequency at which to review and update agreements is defined; props: + - name: label + value: CA-03 + class: zero-padded - name: label value: CA-3 - name: label @@ -5054,11 +5144,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -5361,6 +5451,9 @@ catalog: independent audits or reviews, and continuous monitoring activities is defined; props: + - name: label + value: CA-05 + class: zero-padded - name: label value: CA-5 - name: label @@ -5375,7 +5468,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -5441,6 +5534,9 @@ catalog: guidelines: - prose: frequency at which to update the authorizations is defined; props: + - name: label + value: CA-06 + class: zero-padded - name: label value: CA-6 - name: label @@ -5455,7 +5551,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -5760,6 +5856,9 @@ catalog: - prose: frequency at which the privacy status of the system is reported is defined; props: + - name: label + value: CA-07 + class: zero-padded - name: label value: CA-7 - name: label @@ -5774,7 +5873,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -6254,6 +6353,9 @@ catalog: class: SP800-53-enhancement title: Risk Monitoring props: + - name: label + value: CA-07(04) + class: zero-padded - name: label value: CA-7(4) - name: label @@ -6271,7 +6373,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -6450,6 +6552,9 @@ catalog: - prose: systems or system components on which penetration testing is to be conducted are defined; props: + - name: label + value: CA-08 + class: zero-padded - name: label value: CA-8 - name: label @@ -6464,7 +6569,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -6619,6 +6724,9 @@ catalog: - prose: frequency at which to review the continued need for each internal connection is defined; props: + - name: label + value: CA-09 + class: zero-padded - name: label value: CA-9 - name: label @@ -6633,11 +6741,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -6955,6 +7063,9 @@ catalog: - prose: events that would require configuration management procedures to be reviewed and updated are defined; props: + - name: label + value: CM-01 + class: zero-padded - name: label value: CM-1 - name: label @@ -6969,7 +7080,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -7108,6 +7219,9 @@ catalog: - prose: the circumstances requiring baseline configuration review and update are defined; props: + - name: label + value: CM-02 + class: zero-padded - name: label value: CM-2 - name: label @@ -7122,7 +7236,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -7222,6 +7336,9 @@ catalog: class: SP800-53 title: Impact Analyses props: + - name: label + value: CM-04 + class: zero-padded - name: label value: CM-4 - name: label @@ -7236,7 +7353,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -7427,6 +7544,9 @@ catalog: class: SP800-53 title: Access Restrictions for Change props: + - name: label + value: CM-05 + class: zero-padded - name: label value: CM-5 - name: label @@ -7438,7 +7558,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -7673,6 +7793,9 @@ catalog: - prose: operational requirements necessitating approval of deviations are defined; props: + - name: label + value: CM-06 + class: zero-padded - name: label value: CM-6 - name: label @@ -7687,7 +7810,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -8102,6 +8225,9 @@ catalog: guidelines: - prose: services to be prohibited or restricted are defined; props: + - name: label + value: CM-07 + class: zero-padded - name: label value: CM-7 - name: label @@ -8116,7 +8242,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -8220,6 +8346,9 @@ catalog: - prose: frequency at which to review and update the system component inventory is defined; props: + - name: label + value: CM-08 + class: zero-padded - name: label value: CM-8 - name: label @@ -8234,7 +8363,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -8536,6 +8665,9 @@ catalog: class: SP800-53 title: Software Usage Restrictions props: + - name: label + value: CM-10 + class: zero-padded - name: label value: CM-10 - name: label @@ -8547,7 +8679,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS links: @@ -8619,6 +8751,9 @@ catalog: guidelines: - prose: frequency with which to monitor compliance is defined; props: + - name: label + value: CM-11 + class: zero-padded - name: label value: CM-11 - name: label @@ -8630,7 +8765,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS links: @@ -8760,6 +8895,9 @@ catalog: - prose: events that would require procedures to be reviewed and updated are defined; props: + - name: label + value: CP-01 + class: zero-padded - name: label value: CP-1 - name: label @@ -8774,7 +8912,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -8939,6 +9077,9 @@ catalog: - prose: key contingency organizational elements to communicate changes to are defined; props: + - name: label + value: CP-02 + class: zero-padded - name: label value: CP-2 - name: label @@ -8950,7 +9091,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS links: @@ -9184,6 +9325,9 @@ catalog: - prose: events necessitating review and update of contingency training are defined; props: + - name: label + value: CP-03 + class: zero-padded - name: label value: CP-3 - name: label @@ -9198,7 +9342,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS links: @@ -9314,6 +9458,9 @@ catalog: - prose: tests for determining readiness to execute the contingency plan are defined; props: + - name: label + value: CP-04 + class: zero-padded - name: label value: CP-4 - name: label @@ -9328,7 +9475,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS links: @@ -9433,6 +9580,9 @@ catalog: consistent with recovery time and recovery point objectives is defined; props: + - name: label + value: CP-09 + class: zero-padded - name: label value: CP-9 - name: label @@ -9444,7 +9594,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -9693,6 +9843,9 @@ catalog: - prose: time period consistent with recovery time and recovery point objectives for the reconstitution of the system is determined; props: + - name: label + value: CP-10 + class: zero-padded - name: label value: CP-10 - name: label @@ -9704,7 +9857,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS links: @@ -9815,6 +9968,9 @@ catalog: - prose: events that would require identification and authentication procedures to be reviewed and updated are defined; props: + - name: label + value: IA-01 + class: zero-padded - name: label value: IA-1 - name: label @@ -9829,7 +9985,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -9965,6 +10121,9 @@ catalog: class: SP800-53 title: Identification and Authentication (Organizational Users) props: + - name: label + value: IA-02 + class: zero-padded - name: label value: IA-2 - name: label @@ -9979,11 +10138,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -10111,6 +10270,9 @@ catalog: class: SP800-53-enhancement title: Multi-factor Authentication to Privileged Accounts props: + - name: label + value: IA-02(01) + class: zero-padded - name: label value: IA-2(1) - name: label @@ -10122,7 +10284,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -10261,6 +10423,9 @@ catalog: class: SP800-53-enhancement title: Multi-factor Authentication to Non-privileged Accounts props: + - name: label + value: IA-02(02) + class: zero-padded - name: label value: IA-2(2) - name: label @@ -10272,7 +10437,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -10283,10 +10448,6 @@ catalog: parts: - id: ia-2.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: Required prose: Implement multi-factor authentication for access to non-privileged accounts. - id: ia-2.2_gdn @@ -10321,6 +10482,9 @@ catalog: - privileged accounts - non-privileged accounts props: + - name: label + value: IA-02(08) + class: zero-padded - name: label value: IA-2(8) - name: label @@ -10332,7 +10496,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -10447,6 +10611,9 @@ catalog: class: SP800-53-enhancement title: Acceptance of PIV Credentials props: + - name: label + value: IA-02(12) + class: zero-padded - name: label value: IA-2(12) - name: label @@ -10458,11 +10625,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -10586,15 +10753,15 @@ catalog: ns: https://fedramp.gov/ns/oscal value: Required - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: EXAMINE class: fedramp - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: INTERVIEW class: fedramp - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: TEST class: fedramp prose: | @@ -10621,6 +10788,9 @@ catalog: guidelines: - prose: a time period for preventing reuse of identifiers is defined; props: + - name: label + value: IA-04 + class: zero-padded - name: label value: IA-4 - name: label @@ -10632,7 +10802,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -10743,6 +10913,9 @@ catalog: - prose: events that trigger the change or refreshment of authenticators are defined; props: + - name: label + value: IA-05 + class: zero-padded - name: label value: IA-5 - name: label @@ -10757,7 +10930,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -10931,6 +11104,9 @@ catalog: guidelines: - prose: authenticator composition and complexity rules are defined; props: + - name: label + value: IA-05(01) + class: zero-padded - name: label value: IA-5(1) - name: label @@ -10945,7 +11121,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -11038,6 +11214,9 @@ catalog: class: SP800-53 title: Authentication Feedback props: + - name: label + value: IA-06 + class: zero-padded - name: label value: IA-6 - name: label @@ -11049,7 +11228,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -11153,6 +11332,9 @@ catalog: class: SP800-53 title: Cryptographic Module Authentication props: + - name: label + value: IA-07 + class: zero-padded - name: label value: IA-7 - name: label @@ -11164,7 +11346,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -11183,10 +11365,6 @@ catalog: parts: - id: ia-7_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: Required prose: Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication. @@ -11200,6 +11378,9 @@ catalog: class: SP800-53 title: Identification and Authentication (Non-organizational Users) props: + - name: label + value: IA-08 + class: zero-padded - name: label value: IA-8 - name: label @@ -11211,7 +11392,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -11284,6 +11465,9 @@ catalog: class: SP800-53-enhancement title: Acceptance of PIV Credentials from Other Agencies props: + - name: label + value: IA-08(01) + class: zero-padded - name: label value: IA-8(1) - name: label @@ -11295,11 +11479,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -11451,6 +11635,9 @@ catalog: class: SP800-53-enhancement title: Acceptance of External Authenticators props: + - name: label + value: IA-08(02) + class: zero-padded - name: label value: IA-8(2) - name: label @@ -11462,11 +11649,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -11660,6 +11847,9 @@ catalog: guidelines: - prose: identity management profiles are defined; props: + - name: label + value: IA-08(04) + class: zero-padded - name: label value: IA-8(4) - name: label @@ -11671,7 +11861,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -11701,6 +11891,9 @@ catalog: - prose: circumstances or situations requiring re-authentication are defined; props: + - name: label + value: IA-11 + class: zero-padded - name: label value: IA-11 - name: label @@ -11715,7 +11908,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -11803,6 +11996,9 @@ catalog: - prose: events that would require the incident response procedures to be reviewed and updated are defined; props: + - name: label + value: IR-01 + class: zero-padded - name: label value: IR-1 - name: label @@ -11817,7 +12013,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -11972,6 +12168,9 @@ catalog: - prose: events that initiate a review of the incident response training content are defined; props: + - name: label + value: IR-02 + class: zero-padded - name: label value: IR-2 - name: label @@ -11986,7 +12185,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -12072,6 +12271,9 @@ catalog: class: SP800-53 title: Incident Handling props: + - name: label + value: IR-04 + class: zero-padded - name: label value: IR-4 - name: label @@ -12083,7 +12285,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -12461,6 +12663,9 @@ catalog: class: SP800-53 title: Incident Monitoring props: + - name: label + value: IR-05 + class: zero-padded - name: label value: IR-5 - name: label @@ -12475,7 +12680,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -12538,6 +12743,9 @@ catalog: - prose: authorities to whom incident information is to be reported are defined; props: + - name: label + value: IR-06 + class: zero-padded - name: label value: IR-6 - name: label @@ -12549,7 +12757,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -12709,6 +12917,9 @@ catalog: class: SP800-53 title: Incident Response Assistance props: + - name: label + value: IR-07 + class: zero-padded - name: label value: IR-7 - name: label @@ -12720,7 +12931,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -12810,6 +13021,9 @@ catalog: - prose: organizational elements to which changes to the incident response plan are communicated are defined; props: + - name: label + value: IR-08 + class: zero-padded - name: label value: IR-8 - name: label @@ -12821,7 +13035,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -13035,6 +13249,9 @@ catalog: - prose: events that would require the maintenance procedures to be reviewed and updated are defined; props: + - name: label + value: MA-01 + class: zero-padded - name: label value: MA-1 - name: label @@ -13049,7 +13266,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -13187,6 +13404,9 @@ catalog: - prose: information to be included in organizational maintenance records is defined; props: + - name: label + value: MA-02 + class: zero-padded - name: label value: MA-2 - name: label @@ -13198,11 +13418,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -13523,6 +13743,9 @@ catalog: class: SP800-53 title: Nonlocal Maintenance props: + - name: label + value: MA-04 + class: zero-padded - name: label value: MA-4 - name: label @@ -13534,7 +13757,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -13636,6 +13859,9 @@ catalog: class: SP800-53 title: Maintenance Personnel props: + - name: label + value: MA-05 + class: zero-padded - name: label value: MA-5 - name: label @@ -13647,11 +13873,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -13919,6 +14145,9 @@ catalog: - prose: events that would require media protection procedures to be reviewed and updated are defined; props: + - name: label + value: MP-01 + class: zero-padded - name: label value: MP-1 - name: label @@ -13933,7 +14162,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -14078,6 +14307,9 @@ catalog: - prose: personnel or roles authorized to access non-digital media is/are defined; props: + - name: label + value: MP-02 + class: zero-padded - name: label value: MP-2 - name: label @@ -14089,11 +14321,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -14293,6 +14525,9 @@ catalog: - prose: sanitization techniques and procedures to be used for sanitization prior to release for reuse are defined; props: + - name: label + value: MP-06 + class: zero-padded - name: label value: MP-6 - name: label @@ -14304,11 +14539,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -14589,6 +14824,9 @@ catalog: - prose: controls to restrict or prohibit the use of specific types of system media on systems or system components are defined; props: + - name: label + value: MP-07 + class: zero-padded - name: label value: MP-7 - name: label @@ -14600,11 +14838,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -14834,6 +15072,9 @@ catalog: - prose: events that would require the physical and environmental protection procedures to be reviewed and updated are defined; props: + - name: label + value: PE-01 + class: zero-padded - name: label value: PE-1 - name: label @@ -14848,7 +15089,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -14979,6 +15220,9 @@ catalog: - prose: frequency at which to review the access list detailing authorized facility access by individuals is defined; props: + - name: label + value: PE-02 + class: zero-padded - name: label value: PE-2 - name: label @@ -14990,11 +15234,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -15304,6 +15548,9 @@ catalog: guidelines: - prose: frequency at which to change keys is defined; props: + - name: label + value: PE-03 + class: zero-padded - name: label value: PE-3 - name: label @@ -15315,11 +15562,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -15756,6 +16003,9 @@ catalog: - prose: events or potential indication of events requiring physical access logs to be reviewed are defined; props: + - name: label + value: PE-06 + class: zero-padded - name: label value: PE-6 - name: label @@ -15770,11 +16020,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -16017,6 +16267,9 @@ catalog: - prose: personnel to whom visitor access records anomalies are reported to is/are defined; props: + - name: label + value: PE-08 + class: zero-padded - name: label value: PE-8 - name: label @@ -16031,11 +16284,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -16199,6 +16452,9 @@ catalog: class: SP800-53 title: Emergency Lighting props: + - name: label + value: PE-12 + class: zero-padded - name: label value: PE-12 - name: label @@ -16210,11 +16466,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -16358,6 +16614,9 @@ catalog: class: SP800-53 title: Fire Protection props: + - name: label + value: PE-13 + class: zero-padded - name: label value: PE-13 - name: label @@ -16369,11 +16628,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -16570,6 +16829,9 @@ catalog: - prose: frequency at which to monitor environmental control levels is defined; props: + - name: label + value: PE-14 + class: zero-padded - name: label value: PE-14 - name: label @@ -16581,11 +16843,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -16734,6 +16996,9 @@ catalog: class: SP800-53 title: Water Damage Protection props: + - name: label + value: PE-15 + class: zero-padded - name: label value: PE-15 - name: label @@ -16745,11 +17010,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -16916,6 +17181,9 @@ catalog: - prose: types of system components to be authorized and controlled when exiting the facility are defined; props: + - name: label + value: PE-16 + class: zero-padded - name: label value: PE-16 - name: label @@ -16927,11 +17195,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -17185,6 +17453,9 @@ catalog: - prose: events that would require procedures to be reviewed and updated are defined; props: + - name: label + value: PL-01 + class: zero-padded - name: label value: PL-1 - name: label @@ -17199,7 +17470,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -17338,6 +17609,9 @@ catalog: - prose: frequency to review system security and privacy plans is defined; props: + - name: label + value: PL-02 + class: zero-padded - name: label value: PL-2 - name: label @@ -17352,7 +17626,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -18408,6 +18682,9 @@ catalog: - prose: frequency for individuals to read and re-acknowledge the rules of behavior is defined (if selected); props: + - name: label + value: PL-04 + class: zero-padded - name: label value: PL-4 - name: label @@ -18422,7 +18699,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -18531,6 +18808,9 @@ catalog: class: SP800-53-enhancement title: Social Media and External Site/Application Usage Restrictions props: + - name: label + value: PL-04(01) + class: zero-padded - name: label value: PL-4(1) - name: label @@ -18545,7 +18825,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -18608,6 +18888,9 @@ catalog: - prose: frequency for review and update to reflect changes in the enterprise architecture; props: + - name: label + value: PL-08 + class: zero-padded - name: label value: PL-8 - name: label @@ -18622,7 +18905,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -19066,6 +19349,9 @@ catalog: class: SP800-53 title: Baseline Selection props: + - name: label + value: PL-10 + class: zero-padded - name: label value: PL-10 - name: label @@ -19077,7 +19363,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -19148,6 +19434,9 @@ catalog: class: SP800-53 title: Baseline Tailoring props: + - name: label + value: PL-11 + class: zero-padded - name: label value: PL-11 - name: label @@ -19159,7 +19448,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -19282,6 +19571,9 @@ catalog: - prose: events that would require the personnel security procedures to be reviewed and updated are defined; props: + - name: label + value: PS-01 + class: zero-padded - name: label value: PS-1 - name: label @@ -19296,7 +19588,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -19422,6 +19714,9 @@ catalog: - prose: the frequency at which to review and update position risk designations is defined; props: + - name: label + value: PS-02 + class: zero-padded - name: label value: PS-2 - name: label @@ -19433,7 +19728,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: FED class: FedRAMP-Tailored-LI-SaaS links: @@ -19538,6 +19833,9 @@ catalog: - prose: the frequency of rescreening individuals where it is so indicated is defined; props: + - name: label + value: PS-03 + class: zero-padded - name: label value: PS-3 - name: label @@ -19549,7 +19847,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -19740,6 +20038,9 @@ catalog: - prose: information security topics to be discussed when conducting exit interviews are defined; props: + - name: label + value: PS-04 + class: zero-padded - name: label value: PS-4 - name: label @@ -19751,7 +20052,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -19855,6 +20156,9 @@ catalog: or roles when individuals are reassigned or transferred to other positions within the organization is defined; props: + - name: label + value: PS-05 + class: zero-padded - name: label value: PS-5 - name: label @@ -19866,7 +20170,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -19950,6 +20254,9 @@ catalog: - prose: the frequency at which to re-sign access agreements to maintain access to organizational information is defined; props: + - name: label + value: PS-06 + class: zero-padded - name: label value: PS-6 - name: label @@ -19964,7 +20271,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -20062,6 +20369,9 @@ catalog: transfers or terminations of external personnel who possess organizational credentials and/or badges or who have system privileges is defined; props: + - name: label + value: PS-07 + class: zero-padded - name: label value: PS-7 - name: label @@ -20076,7 +20386,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -20187,6 +20497,9 @@ catalog: or roles must be notified when a formal employee sanctions process is initiated is defined; props: + - name: label + value: PS-08 + class: zero-padded - name: label value: PS-8 - name: label @@ -20198,7 +20511,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -20243,6 +20556,9 @@ catalog: class: SP800-53 title: Position Descriptions props: + - name: label + value: PS-09 + class: zero-padded - name: label value: PS-9 - name: label @@ -20254,7 +20570,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -20330,6 +20646,9 @@ catalog: - prose: events that would require risk assessment procedures to be reviewed and updated are defined; props: + - name: label + value: RA-01 + class: zero-padded - name: label value: RA-1 - name: label @@ -20344,7 +20663,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -20464,6 +20783,9 @@ catalog: class: SP800-53 title: Security Categorization props: + - name: label + value: RA-02 + class: zero-padded - name: label value: RA-2 - name: label @@ -20475,7 +20797,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -20628,6 +20950,9 @@ catalog: guidelines: - prose: the frequency to update the risk assessment is defined; props: + - name: label + value: RA-03 + class: zero-padded - name: label value: RA-3 - name: label @@ -20642,7 +20967,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -21015,6 +21340,9 @@ catalog: - prose: the frequency at which to update the supply chain risk assessment is defined; props: + - name: label + value: RA-03(01) + class: zero-padded - name: label value: RA-3(1) - name: label @@ -21029,7 +21357,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -21121,6 +21449,9 @@ catalog: vulnerability scanning process and control assessments is to be shared; props: + - name: label + value: RA-05 + class: zero-padded - name: label value: RA-5 - name: label @@ -21135,7 +21466,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -21573,6 +21904,9 @@ catalog: - prose: the frequency for updating the system vulnerabilities to be scanned is defined (if selected); props: + - name: label + value: RA-05(02) + class: zero-padded - name: label value: RA-5(2) - name: label @@ -21587,7 +21921,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -21700,6 +22034,9 @@ catalog: class: SP800-53-enhancement title: Public Disclosure Program props: + - name: label + value: RA-05(11) + class: zero-padded - name: label value: RA-5(11) - name: label @@ -21714,7 +22051,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -21833,6 +22170,9 @@ catalog: class: SP800-53 title: Risk Response props: + - name: label + value: RA-07 + class: zero-padded - name: label value: RA-7 - name: label @@ -21847,7 +22187,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -22073,6 +22413,9 @@ catalog: - prose: events that would require the system and services acquisition procedures to be reviewed and updated are defined; props: + - name: label + value: SA-01 + class: zero-padded - name: label value: SA-1 - name: label @@ -22087,7 +22430,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -22213,6 +22556,9 @@ catalog: class: SP800-53 title: Allocation of Resources props: + - name: label + value: SA-02 + class: zero-padded - name: label value: SA-2 - name: label @@ -22227,7 +22573,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -22290,6 +22636,9 @@ catalog: guidelines: - prose: system development life cycle is defined; props: + - name: label + value: SA-03 + class: zero-padded - name: label value: SA-3 - name: label @@ -22304,7 +22653,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -22434,6 +22783,9 @@ catalog: guidelines: - prose: contract language is defined (if selected); props: + - name: label + value: SA-04 + class: zero-padded - name: label value: SA-4 - name: label @@ -22448,7 +22800,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -22637,6 +22989,9 @@ catalog: class: SP800-53-enhancement title: Use of Approved PIV Products props: + - name: label + value: SA-04(10) + class: zero-padded - name: label value: SA-4(10) - name: label @@ -22651,7 +23006,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -22694,6 +23049,9 @@ catalog: - prose: personnel or roles to distribute system documentation to is/are defined; props: + - name: label + value: SA-05 + class: zero-padded - name: label value: SA-5 - name: label @@ -22708,7 +23066,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -22867,6 +23225,9 @@ catalog: guidelines: - prose: privacy engineering principles are defined; props: + - name: label + value: SA-08 + class: zero-padded - name: label value: SA-8 - name: label @@ -22881,7 +23242,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -23007,6 +23368,9 @@ catalog: - prose: processes, methods, and techniques employed to monitor control compliance by external service providers are defined; props: + - name: label + value: SA-09 + class: zero-padded - name: label value: SA-9 - name: label @@ -23021,7 +23385,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -23323,6 +23687,9 @@ catalog: guidelines: - prose: support from external providers is defined (if selected); props: + - name: label + value: SA-22 + class: zero-padded - name: label value: SA-22 - name: label @@ -23337,7 +23704,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -23564,6 +23931,9 @@ catalog: - prose: events that would require the system and communications protection procedures to be reviewed and updated are defined; props: + - name: label + value: SC-01 + class: zero-padded - name: label value: SC-1 - name: label @@ -23578,7 +23948,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -23720,6 +24090,9 @@ catalog: - prose: controls to achieve the denial-of-service objective by type of denial-of-service event are defined; props: + - name: label + value: SC-05 + class: zero-padded - name: label value: SC-5 - name: label @@ -23731,11 +24104,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -23908,6 +24281,9 @@ catalog: - physically - logically props: + - name: label + value: SC-07 + class: zero-padded - name: label value: SC-7 - name: label @@ -23919,7 +24295,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -24203,6 +24579,9 @@ catalog: - confidentiality - integrity props: + - name: label + value: SC-08 + class: zero-padded - name: label value: SC-8 - name: label @@ -24214,7 +24593,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -24388,6 +24767,9 @@ catalog: - prevent unauthorized disclosure of information - detect changes to information props: + - name: label + value: SC-08(01) + class: zero-padded - name: label value: SC-8(1) - name: label @@ -24399,7 +24781,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -24522,6 +24904,9 @@ catalog: - prose: requirements for key generation, distribution, storage, access, and destruction are defined; props: + - name: label + value: SC-12 + class: zero-padded - name: label value: SC-12 - name: label @@ -24536,7 +24921,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -24584,8 +24969,6 @@ catalog: rel: related - href: "#sc-11" rel: related - - href: "#sc-12" - rel: related - href: "#sc-13" rel: related - href: "#sc-17" @@ -24742,6 +25125,9 @@ catalog: - prose: types of cryptography for each specified cryptographic use are defined; props: + - name: label + value: SC-13 + class: zero-padded - name: label value: SC-13 - name: label @@ -24753,11 +25139,11 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS links: @@ -24969,6 +25355,9 @@ catalog: guidelines: - prose: exceptions where remote activation is to be allowed are defined; props: + - name: label + value: SC-15 + class: zero-padded - name: label value: SC-15 - name: label @@ -24980,7 +25369,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS links: @@ -25020,6 +25409,9 @@ catalog: class: SP800-53 title: Secure Name/Address Resolution Service (Authoritative Source) props: + - name: label + value: SC-20 + class: zero-padded - name: label value: SC-20 - name: label @@ -25031,7 +25423,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -25095,6 +25487,9 @@ catalog: class: SP800-53 title: Secure Name/Address Resolution Service (Recursive or Caching Resolver) props: + - name: label + value: SC-21 + class: zero-padded - name: label value: SC-21 - name: label @@ -25106,7 +25501,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -25138,6 +25533,9 @@ catalog: class: SP800-53 title: Architecture and Provisioning for Name/Address Resolution Service props: + - name: label + value: SC-22 + class: zero-padded - name: label value: SC-22 - name: label @@ -25149,7 +25547,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -25200,6 +25598,9 @@ catalog: guidelines: - prose: information at rest requiring protection is defined; props: + - name: label + value: SC-28 + class: zero-padded - name: label value: SC-28 - name: label @@ -25211,7 +25612,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -25398,6 +25799,9 @@ catalog: - prose: system components or media requiring cryptographic protection is/are defined; props: + - name: label + value: SC-28(01) + class: zero-padded - name: label value: SC-28(1) - name: label @@ -25409,7 +25813,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -25545,6 +25949,9 @@ catalog: class: SP800-53 title: Process Isolation props: + - name: label + value: SC-39 + class: zero-padded - name: label value: SC-39 - name: label @@ -25559,7 +25966,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -25660,6 +26067,9 @@ catalog: - prose: events that would require the system and information integrity procedures to be reviewed and updated are defined; props: + - name: label + value: SI-01 + class: zero-padded - name: label value: SI-1 - name: label @@ -25674,7 +26084,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -25802,6 +26212,9 @@ catalog: - prose: time period within which to install security-relevant software updates after the release of the updates is defined; props: + - name: label + value: SI-02 + class: zero-padded - name: label value: SI-2 - name: label @@ -25813,7 +26226,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -26224,6 +26637,9 @@ catalog: - prose: personnel or roles to be alerted when malicious code is detected is/are defined; props: + - name: label + value: SI-03 + class: zero-padded - name: label value: SI-3 - name: label @@ -26238,7 +26654,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: system - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -26674,6 +27090,9 @@ catalog: - prose: a frequency for providing system monitoring to personnel or roles is defined (if selected); props: + - name: label + value: SI-04 + class: zero-padded - name: label value: SI-4 - name: label @@ -26691,7 +27110,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS links: @@ -27226,6 +27645,9 @@ catalog: - prose: external organizations to whom security alerts, advisories, and directives are to be disseminated are defined (if selected); props: + - name: label + value: SI-05 + class: zero-padded - name: label value: SI-5 - name: label @@ -27240,7 +27662,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -27302,6 +27724,9 @@ catalog: class: SP800-53 title: Information Management and Retention props: + - name: label + value: SI-12 + class: zero-padded - name: label value: SI-12 - name: label @@ -27313,7 +27738,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: organization - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -27482,6 +27907,9 @@ catalog: - prose: events that require the supply chain risk management procedures to be reviewed and updated are defined; props: + - name: label + value: SR-01 + class: zero-padded - name: label value: SR-1 - name: label @@ -27496,7 +27924,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -27642,6 +28070,9 @@ catalog: - prose: the frequency at which to review and update the supply chain risk management plan is defined; props: + - name: label + value: SR-02 + class: zero-padded - name: label value: SR-2 - name: label @@ -27656,7 +28087,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -27800,6 +28231,9 @@ catalog: guidelines: - prose: supply chain risk management activities are defined; props: + - name: label + value: SR-02(01) + class: zero-padded - name: label value: SR-2(1) - name: label @@ -27814,7 +28248,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -27883,6 +28317,9 @@ catalog: - prose: the document identifying the selected and implemented supply chain processes and controls is defined (if selected); props: + - name: label + value: SR-03 + class: zero-padded - name: label value: SR-3 - name: label @@ -27900,7 +28337,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -28023,6 +28460,9 @@ catalog: to protect against, identify, and mitigate supply chain risks are defined; props: + - name: label + value: SR-05 + class: zero-padded - name: label value: SR-5 - name: label @@ -28037,7 +28477,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -28133,6 +28573,9 @@ catalog: - prose: information for which agreements and procedures are to be established are defined (if selected); props: + - name: label + value: SR-08 + class: zero-padded - name: label value: SR-8 - name: label @@ -28147,7 +28590,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -28215,6 +28658,9 @@ catalog: - prose: indications of the need for an inspection of systems or system components are defined (if selected); props: + - name: label + value: SR-10 + class: zero-padded - name: label value: SR-10 - name: label @@ -28229,7 +28675,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -28289,6 +28735,9 @@ catalog: - prose: personnel or roles to whom counterfeit system components are to be reported is/are defined (if selected); props: + - name: label + value: SR-11 + class: zero-padded - name: label value: SR-11 - name: label @@ -28303,7 +28752,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -28357,6 +28806,9 @@ catalog: system components (including hardware, software, and firmware) is/are defined; props: + - name: label + value: SR-11(01) + class: zero-padded - name: label value: SR-11(1) - name: label @@ -28371,7 +28823,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -28399,6 +28851,9 @@ catalog: - prose: system components requiring configuration control are defined; props: + - name: label + value: SR-11(02) + class: zero-padded - name: label value: SR-11(2) - name: label @@ -28413,7 +28868,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: @@ -28452,6 +28907,9 @@ catalog: - prose: techniques and methods for disposing of data, documentation, tools, or system components are defined; props: + - name: label + value: SR-12 + class: zero-padded - name: label value: SR-12 - name: label @@ -28466,7 +28924,7 @@ catalog: ns: http://csrc.nist.gov/ns/rmf value: "true" - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS links: diff --git a/dist/content/rev5/baselines/yaml/FedRAMP_rev5_LI-SaaS-baseline_profile.yaml b/dist/content/rev5/baselines/yaml/FedRAMP_rev5_LI-SaaS-baseline_profile.yaml index 4a370358e..d4967672c 100644 --- a/dist/content/rev5/baselines/yaml/FedRAMP_rev5_LI-SaaS-baseline_profile.yaml +++ b/dist/content/rev5/baselines/yaml/FedRAMP_rev5_LI-SaaS-baseline_profile.yaml @@ -1,11 +1,11 @@ --- profile: - uuid: ece2fd2d-87f7-476a-a295-6e1ec8153771 + uuid: dca43377-cc54-408c-8902-1c971fde0aec metadata: title: FedRAMP Rev 5 Tailored Low Impact Software as a Service (LI-SaaS) Baseline published: 2023-08-31T00:00:00Z - last-modified: 2024-01-11T23:40:17Z - version: 5.1.1+fedramp-20240111-0 + last-modified: 2023-12-18T15:22:59Z + version: 5.1.1+20231218-1 oscal-version: 1.1.1 roles: - id: prepared-by @@ -737,7 +737,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ac-2 @@ -762,7 +762,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS parts: @@ -773,15 +773,15 @@ profile: ns: https://fedramp.gov/ns/oscal value: Required - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: EXAMINE class: fedramp - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: INTERVIEW class: fedramp - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: TEST class: fedramp prose: Determine if the organization defines information system account @@ -791,7 +791,7 @@ profile: name: assessment-method props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: EXAMINE parts: - name: assessment-objects @@ -811,7 +811,7 @@ profile: name: assessment-method props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: INTERVIEW parts: - name: assessment-objects @@ -822,7 +822,7 @@ profile: name: assessment-method props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: TEST parts: - name: assessment-objects @@ -840,7 +840,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: ac-7 @@ -854,11 +854,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS parts: @@ -874,7 +874,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: FED class: FedRAMP-Tailored-LI-SaaS parts: @@ -889,7 +889,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: FED class: FedRAMP-Tailored-LI-SaaS parts: @@ -907,7 +907,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: ac-18 @@ -918,7 +918,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS parts: @@ -938,7 +938,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS parts: @@ -958,7 +958,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ac-22 @@ -972,7 +972,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: at-1 @@ -983,7 +983,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: at-2 @@ -994,7 +994,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: at-2.2 @@ -1005,7 +1005,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: at-3 @@ -1016,7 +1016,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: at-4 @@ -1027,7 +1027,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: au-1 @@ -1038,7 +1038,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: au-2 @@ -1049,7 +1049,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: au-3 @@ -1063,7 +1063,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: au-4 @@ -1074,7 +1074,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS parts: @@ -1093,7 +1093,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: au-6 @@ -1107,7 +1107,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: au-8 @@ -1118,7 +1118,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: au-9 @@ -1129,7 +1129,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: au-11 @@ -1140,7 +1140,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS parts: @@ -1156,7 +1156,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ca-1 @@ -1167,7 +1167,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ca-2 @@ -1181,7 +1181,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: ca-2.1 @@ -1192,7 +1192,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ca-3 @@ -1206,11 +1206,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -1229,7 +1229,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS parts: @@ -1248,7 +1248,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: ca-7 @@ -1262,7 +1262,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: ca-7.4 @@ -1276,7 +1276,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: ca-8 @@ -1290,7 +1290,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: ca-9 @@ -1304,11 +1304,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -1327,7 +1327,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: cm-2 @@ -1338,7 +1338,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: cm-4 @@ -1352,7 +1352,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: cm-5 @@ -1366,7 +1366,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: cm-6 @@ -1380,7 +1380,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS parts: @@ -1423,7 +1423,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: cm-8 @@ -1437,7 +1437,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: cm-10 @@ -1448,7 +1448,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS parts: @@ -1463,7 +1463,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS parts: @@ -1482,7 +1482,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: cp-2 @@ -1493,7 +1493,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS parts: @@ -1509,7 +1509,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS parts: @@ -1525,7 +1525,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS parts: @@ -1544,7 +1544,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: cp-10 @@ -1555,7 +1555,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS parts: @@ -1571,7 +1571,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ia-2 @@ -1582,11 +1582,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS parts: @@ -1606,7 +1606,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS parts: @@ -1625,16 +1625,10 @@ profile: - by-name: assessment-objective - by-name: assessment-method adds: - - position: starting - by-id: ia-2.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: Required - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: ia-2.8 @@ -1648,7 +1642,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: ia-2.12 @@ -1662,11 +1656,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -1677,15 +1671,15 @@ profile: ns: https://fedramp.gov/ns/oscal value: Required - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: EXAMINE class: fedramp - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: INTERVIEW class: fedramp - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: TEST class: fedramp prose: | @@ -1701,7 +1695,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ia-5 @@ -1712,7 +1706,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ia-5.1 @@ -1723,7 +1717,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ia-6 @@ -1737,7 +1731,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: ia-7 @@ -1745,16 +1739,10 @@ profile: - by-name: assessment-objective - by-name: assessment-method adds: - - position: starting - by-id: ia-7_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: Required - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: ia-8 @@ -1765,7 +1753,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ia-8.1 @@ -1779,11 +1767,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -1806,11 +1794,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -1830,7 +1818,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ia-11 @@ -1841,7 +1829,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ir-1 @@ -1852,7 +1840,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ir-2 @@ -1863,7 +1851,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ir-4 @@ -1877,7 +1865,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: ir-5 @@ -1888,7 +1876,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ir-6 @@ -1902,7 +1890,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: ir-7 @@ -1913,7 +1901,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ir-8 @@ -1924,7 +1912,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS parts: @@ -1939,7 +1927,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ma-2 @@ -1953,11 +1941,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -1973,7 +1961,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ma-5 @@ -1987,11 +1975,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -2007,7 +1995,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: mp-2 @@ -2021,11 +2009,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -2044,11 +2032,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -2067,11 +2055,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -2087,7 +2075,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: pe-2 @@ -2101,11 +2089,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -2124,11 +2112,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -2147,11 +2135,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -2170,11 +2158,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -2193,11 +2181,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -2216,11 +2204,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -2239,11 +2227,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -2276,11 +2264,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -2299,11 +2287,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -2319,7 +2307,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: pl-2 @@ -2333,7 +2321,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: pl-4 @@ -2344,7 +2332,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: pl-4.1 @@ -2355,7 +2343,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: pl-8 @@ -2369,7 +2357,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: pl-10 @@ -2380,7 +2368,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: pl-11 @@ -2391,7 +2379,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ps-1 @@ -2402,7 +2390,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ps-2 @@ -2413,7 +2401,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: FED class: FedRAMP-Tailored-LI-SaaS - control-id: ps-3 @@ -2427,7 +2415,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: ps-4 @@ -2438,7 +2426,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ps-5 @@ -2449,7 +2437,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ps-6 @@ -2460,7 +2448,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ps-7 @@ -2471,7 +2459,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS parts: @@ -2487,7 +2475,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ps-9 @@ -2498,7 +2486,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ra-1 @@ -2509,7 +2497,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ra-2 @@ -2526,7 +2514,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: ra-3 @@ -2540,7 +2528,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: ra-3.1 @@ -2551,7 +2539,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: ra-5 @@ -2565,7 +2553,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: ra-5.2 @@ -2579,7 +2567,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: ra-5.11 @@ -2593,7 +2581,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: ra-7 @@ -2607,7 +2595,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: sa-1 @@ -2618,7 +2606,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sa-2 @@ -2629,7 +2617,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sa-3 @@ -2640,7 +2628,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sa-4 @@ -2651,7 +2639,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sa-4.10 @@ -2662,7 +2650,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sa-5 @@ -2673,7 +2661,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sa-8 @@ -2684,7 +2672,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sa-9 @@ -2698,7 +2686,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: sa-22 @@ -2712,7 +2700,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: sc-1 @@ -2723,7 +2711,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sc-5 @@ -2737,11 +2725,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -2760,7 +2748,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: sc-8 @@ -2774,7 +2762,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: sc-8.1 @@ -2788,7 +2776,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: sc-12 @@ -2802,7 +2790,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: sc-13 @@ -2816,11 +2804,11 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: CONDITIONAL class: FedRAMP-Tailored-LI-SaaS parts: @@ -2836,7 +2824,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: NSO class: FedRAMP-Tailored-LI-SaaS parts: @@ -2851,7 +2839,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sc-21 @@ -2862,7 +2850,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sc-22 @@ -2873,7 +2861,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sc-28 @@ -2887,7 +2875,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: sc-28.1 @@ -2901,7 +2889,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: sc-39 @@ -2912,7 +2900,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: si-1 @@ -2923,7 +2911,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: si-2 @@ -2937,7 +2925,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: si-3 @@ -2951,7 +2939,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: si-4 @@ -2965,7 +2953,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ASSESS class: FedRAMP-Tailored-LI-SaaS - control-id: si-5 @@ -2976,7 +2964,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: si-12 @@ -2987,7 +2975,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS parts: @@ -3003,7 +2991,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sr-2 @@ -3014,7 +3002,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sr-2.1 @@ -3025,7 +3013,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sr-3 @@ -3036,7 +3024,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sr-5 @@ -3047,7 +3035,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sr-8 @@ -3058,7 +3046,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sr-10 @@ -3069,7 +3057,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sr-11 @@ -3080,7 +3068,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sr-11.1 @@ -3091,7 +3079,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sr-11.2 @@ -3102,7 +3090,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS - control-id: sr-12 @@ -3113,7 +3101,7 @@ profile: - position: ending props: - name: method - ns: https://fedramp.gov/ns/oscal + ns: http://csrc.nist.gov/ns/rmf value: ATTEST class: FedRAMP-Tailored-LI-SaaS back-matter: @@ -3130,10 +3118,10 @@ profile: rlinks: - href: https://www.fedramp.gov/assets/img/logo-main-fedramp.png - uuid: 051a77c1-b61d-4995-8275-dacfe688d510 - title: NIST Special Publication (SP) 800-53 + title: NIST Special Publication (SP) 800-53 revision 5 props: - name: version value: 5.1.1 rlinks: - - href: https://raw.githubusercontent.com/usnistgov/oscal-content/v1.2.0/nist.gov/SP800-53/rev5/yaml/NIST_SP-800-53_rev5_catalog.yaml + - href: NIST_SP-800-53_rev5_catalog.yaml media-type: application/oscal+yaml diff --git a/dist/content/rev5/baselines/yaml/FedRAMP_rev5_LOW-baseline-resolved-profile_catalog.yaml b/dist/content/rev5/baselines/yaml/FedRAMP_rev5_LOW-baseline-resolved-profile_catalog.yaml index 4dfdda2d7..a6cc12d5b 100644 --- a/dist/content/rev5/baselines/yaml/FedRAMP_rev5_LOW-baseline-resolved-profile_catalog.yaml +++ b/dist/content/rev5/baselines/yaml/FedRAMP_rev5_LOW-baseline-resolved-profile_catalog.yaml @@ -1,11 +1,11 @@ --- catalog: - uuid: 1f4d8bf8-6a31-43d3-9493-851a2c35493c + uuid: f297751f-5150-42ad-bbb9-670c1bf8aa85 metadata: title: FedRAMP Rev 5 Low Baseline published: 2023-08-31T00:00:00Z - last-modified: 2024-01-19T14:50:48.695772-05:00 - version: 5.1.1+fedramp-20240111-0 + last-modified: 2024-02-06T11:18:37.934997-05:00 + version: 5.1.1+20231218-1 oscal-version: 1.1.1 links: - href: FedRAMP_rev5_LOW-baseline_profile.yaml @@ -120,6 +120,9 @@ catalog: - prose: events that would require procedures to be reviewed and updated are defined; props: + - name: label + value: AC-01 + class: zero-padded - name: label value: AC-1 - name: label @@ -163,11 +166,6 @@ catalog: - id: ac-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -207,9 +205,6 @@ catalog: - id: ac-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ac-01_odp.04 }} to manage\ @@ -218,11 +213,6 @@ catalog: - id: ac-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current access control:" @@ -282,17 +272,6 @@ catalog: - id: ac-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-01a.[01] class: sp800-53a @@ -303,17 +282,6 @@ catalog: - id: ac-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-01a.[02] class: sp800-53a @@ -325,13 +293,6 @@ catalog: - id: ac-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-01a.[03] class: sp800-53a @@ -344,13 +305,6 @@ catalog: - id: ac-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-01a.[04] class: sp800-53a @@ -369,13 +323,6 @@ catalog: - id: ac-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-01a.01(a) class: sp800-53a @@ -464,13 +411,6 @@ catalog: - id: ac-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-01a.01(b) class: sp800-53a @@ -490,17 +430,6 @@ catalog: - id: ac-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-01b. class: sp800-53a @@ -520,17 +449,6 @@ catalog: - id: ac-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-01c.01 class: sp800-53a @@ -563,17 +481,6 @@ catalog: - id: ac-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-01c.02 class: sp800-53a @@ -708,9 +615,9 @@ catalog: guidelines: - prose: the frequency of account review is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02 + class: zero-padded - name: label value: AC-2 - name: label @@ -791,9 +698,6 @@ catalog: - id: ac-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Define and document the types of accounts allowed and specifically @@ -801,18 +705,12 @@ catalog: - id: ac-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Assign account managers; - id: ac-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Require {{ insert: param, ac-02_odp.01 }} for group and\ @@ -820,9 +718,6 @@ catalog: - id: ac-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Specify:" @@ -849,9 +744,6 @@ catalog: - id: ac-2_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: "Require approvals by {{ insert: param, ac-02_odp.03 }} for\ @@ -859,9 +751,6 @@ catalog: - id: ac-2_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Create, enable, modify, disable, and remove accounts in\ @@ -869,18 +758,12 @@ catalog: - id: ac-2_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: Monitor the use of accounts; - id: ac-2_smt.h name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: h. prose: "Notify account managers and {{ insert: param, ac-02_odp.05\ @@ -910,9 +793,6 @@ catalog: - id: ac-2_smt.i name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: i. prose: "Authorize access to the system based on:" @@ -938,9 +818,6 @@ catalog: - id: ac-2_smt.j name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: j. prose: "Review accounts for compliance with account management requirements\ @@ -948,9 +825,6 @@ catalog: - id: ac-2_smt.k name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: k. prose: Establish and implement a process for changing shared or @@ -959,9 +833,6 @@ catalog: - id: ac-2_smt.l name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: l. prose: Align account management processes with personnel termination @@ -1035,13 +906,6 @@ catalog: - id: ac-2_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-02a.[01] class: sp800-53a @@ -1053,13 +917,6 @@ catalog: - id: ac-2_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-02a.[02] class: sp800-53a @@ -1074,17 +931,6 @@ catalog: - id: ac-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-02b. class: sp800-53a @@ -1095,17 +941,6 @@ catalog: - id: ac-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-02c. class: sp800-53a @@ -1117,13 +952,6 @@ catalog: - id: ac-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-02d. class: sp800-53a @@ -1186,17 +1014,6 @@ catalog: - id: ac-2_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02e. class: sp800-53a @@ -1208,17 +1025,6 @@ catalog: - id: ac-2_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02f. class: sp800-53a @@ -1284,17 +1090,6 @@ catalog: - id: ac-2_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02g. class: sp800-53a @@ -1305,17 +1100,6 @@ catalog: - id: ac-2_obj.h name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02h. class: sp800-53a @@ -1369,17 +1153,6 @@ catalog: - id: ac-2_obj.i.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02i.01 class: sp800-53a @@ -1391,17 +1164,6 @@ catalog: - id: ac-2_obj.i.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02i.02 class: sp800-53a @@ -1413,17 +1175,6 @@ catalog: - id: ac-2_obj.i.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02i.03 class: sp800-53a @@ -1438,17 +1189,6 @@ catalog: - id: ac-2_obj.j name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02j. class: sp800-53a @@ -1467,17 +1207,6 @@ catalog: - id: ac-2_obj.k-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02k.[01] class: sp800-53a @@ -1490,17 +1219,6 @@ catalog: - id: ac-2_obj.k-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02k.[02] class: sp800-53a @@ -1516,17 +1234,6 @@ catalog: - id: ac-2_obj.l name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-02l. class: sp800-53a @@ -1665,9 +1372,9 @@ catalog: class: SP800-53 title: Access Enforcement props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-03 + class: zero-padded - name: label value: AC-3 - name: label @@ -1786,10 +1493,6 @@ catalog: parts: - id: ac-3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. @@ -1809,17 +1512,6 @@ catalog: - id: ac-3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-03 class: sp800-53a @@ -1933,6 +1625,9 @@ catalog: - prose: other action to be taken when the maximum number of unsuccessful attempts is exceeded is defined (if selected); props: + - name: label + value: AC-07 + class: zero-padded - name: label value: AC-7 - name: label @@ -1965,9 +1660,6 @@ catalog: - id: ac-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Enforce a limit of {{ insert: param, ac-07_odp.01 }} consecutive\ @@ -1976,9 +1668,6 @@ catalog: - id: ac-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Automatically {{ insert: param, ac-07_odp.03 }} when the\ @@ -2031,17 +1720,6 @@ catalog: - id: ac-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-07a. class: sp800-53a @@ -2054,17 +1732,6 @@ catalog: - id: ac-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-07b. class: sp800-53a @@ -2154,6 +1821,9 @@ catalog: - prose: conditions for system use to be displayed by the system before granting further access are defined; props: + - name: label + value: AC-08 + class: zero-padded - name: label value: AC-8 - name: label @@ -2181,9 +1851,6 @@ catalog: - id: ac-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Display {{ insert: param, ac-08_odp.01 }} to users before\ @@ -2221,9 +1888,6 @@ catalog: - id: ac-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Retain the notification message or banner on the screen until @@ -2232,9 +1896,6 @@ catalog: - id: ac-8_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "For publicly accessible systems:" @@ -2329,17 +1990,6 @@ catalog: - id: ac-8_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-08a. class: sp800-53a @@ -2351,13 +2001,6 @@ catalog: - id: ac-8_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-08a.01 class: sp800-53a @@ -2369,13 +2012,6 @@ catalog: - id: ac-8_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-08a.02 class: sp800-53a @@ -2387,13 +2023,6 @@ catalog: - id: ac-8_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-08a.03 class: sp800-53a @@ -2406,13 +2035,6 @@ catalog: - id: ac-8_obj.a.4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-08a.04 class: sp800-53a @@ -2427,17 +2049,6 @@ catalog: - id: ac-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-08b. class: sp800-53a @@ -2450,13 +2061,6 @@ catalog: - id: ac-8_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-08c. class: sp800-53a @@ -2598,6 +2202,9 @@ catalog: - prose: user actions that can be performed on the system without identification or authentication are defined; props: + - name: label + value: AC-14 + class: zero-padded - name: label value: AC-14 - name: label @@ -2622,9 +2229,6 @@ catalog: - id: ac-14_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Identify {{ insert: param, ac-14_odp }} that can be performed\ @@ -2633,9 +2237,6 @@ catalog: - id: ac-14_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Document and provide supporting rationale in the security @@ -2672,17 +2273,6 @@ catalog: - id: ac-14_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-14a. class: sp800-53a @@ -2695,13 +2285,6 @@ catalog: - id: ac-14_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-14b. class: sp800-53a @@ -2791,6 +2374,9 @@ catalog: class: SP800-53 title: Remote Access props: + - name: label + value: AC-17 + class: zero-padded - name: label value: AC-17 - name: label @@ -2859,9 +2445,6 @@ catalog: - id: ac-17_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish and document usage restrictions, configuration/connection @@ -2870,9 +2453,6 @@ catalog: - id: ac-17_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Authorize each type of remote access to the system prior @@ -2910,17 +2490,6 @@ catalog: - id: ac-17_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-17a. class: sp800-53a @@ -2964,17 +2533,6 @@ catalog: - id: ac-17_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-17b. class: sp800-53a @@ -3057,6 +2615,9 @@ catalog: class: SP800-53 title: Wireless Access props: + - name: label + value: AC-18 + class: zero-padded - name: label value: AC-18 - name: label @@ -3105,9 +2666,6 @@ catalog: - id: ac-18_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish configuration requirements, connection requirements, @@ -3116,9 +2674,6 @@ catalog: - id: ac-18_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Authorize each type of wireless access to the system prior @@ -3139,17 +2694,6 @@ catalog: - id: ac-18_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-18a. class: sp800-53a @@ -3193,17 +2737,6 @@ catalog: - id: ac-18_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-18b. class: sp800-53a @@ -3286,6 +2819,9 @@ catalog: class: SP800-53 title: Access Control for Mobile Devices props: + - name: label + value: AC-19 + class: zero-padded - name: label value: AC-19 - name: label @@ -3352,9 +2888,6 @@ catalog: - id: ac-19_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish configuration requirements, connection requirements, @@ -3364,9 +2897,6 @@ catalog: - id: ac-19_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Authorize the connection of mobile devices to organizational @@ -3426,17 +2956,6 @@ catalog: - id: ac-19_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-19a. class: sp800-53a @@ -3483,17 +3002,6 @@ catalog: - id: ac-19_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-19b. class: sp800-53a @@ -3609,6 +3117,9 @@ catalog: guidelines: - prose: types of external systems prohibited from use are defined; props: + - name: label + value: AC-20 + class: zero-padded - name: label value: AC-20 - name: label @@ -3651,9 +3162,6 @@ catalog: - id: ac-20_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: " {{ insert: param, ac-20_odp.01 }} , consistent with the\ @@ -3677,9 +3185,6 @@ catalog: - id: ac-20_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Prohibit the use of {{ insert: param, ac-20_odp.04 }}." @@ -3771,17 +3276,6 @@ catalog: - id: ac-20_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-20a. class: sp800-53a @@ -3821,17 +3315,6 @@ catalog: - id: ac-20_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-20b. class: sp800-53a @@ -3924,6 +3407,9 @@ catalog: - prose: the frequency at which to review the content on the publicly accessible system for non-public information is defined; props: + - name: label + value: AC-22 + class: zero-padded - name: label value: AC-22 - name: label @@ -3952,9 +3438,6 @@ catalog: - id: ac-22_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Designate individuals authorized to make information publicly @@ -3962,9 +3445,6 @@ catalog: - id: ac-22_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Train authorized individuals to ensure that publicly accessible @@ -3972,9 +3452,6 @@ catalog: - id: ac-22_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Review the proposed content of information prior to posting @@ -3983,9 +3460,6 @@ catalog: - id: ac-22_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Review the content on the publicly accessible system for\ @@ -4017,17 +3491,6 @@ catalog: - id: ac-22_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-22a. class: sp800-53a @@ -4039,17 +3502,6 @@ catalog: - id: ac-22_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-22b. class: sp800-53a @@ -4061,17 +3513,6 @@ catalog: - id: ac-22_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-22c. class: sp800-53a @@ -4084,17 +3525,6 @@ catalog: - id: ac-22_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-22d. class: sp800-53a @@ -4258,6 +3688,9 @@ catalog: - prose: events that would require procedures to be reviewed and updated are defined; props: + - name: label + value: AT-01 + class: zero-padded - name: label value: AT-1 - name: label @@ -4297,11 +3730,6 @@ catalog: - id: at-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -4342,9 +3770,6 @@ catalog: - id: at-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, at-01_odp.04 }} to manage\ @@ -4353,11 +3778,6 @@ catalog: - id: at-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current awareness and training:" @@ -4417,17 +3837,6 @@ catalog: - id: at-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-01a.[01] class: sp800-53a @@ -4438,17 +3847,6 @@ catalog: - id: at-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-01a.[02] class: sp800-53a @@ -4460,13 +3858,6 @@ catalog: - id: at-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AT-01a.[03] class: sp800-53a @@ -4479,13 +3870,6 @@ catalog: - id: at-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AT-01a.[04] class: sp800-53a @@ -4504,13 +3888,6 @@ catalog: - id: at-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AT-01a.01(a) class: sp800-53a @@ -4599,13 +3976,6 @@ catalog: - id: at-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AT-01a.01(b) class: sp800-53a @@ -4625,17 +3995,6 @@ catalog: - id: at-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-01b. class: sp800-53a @@ -4655,17 +4014,6 @@ catalog: - id: at-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-01c.01 class: sp800-53a @@ -4699,17 +4047,6 @@ catalog: - id: at-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-01c.02 class: sp800-53a @@ -4834,6 +4171,9 @@ catalog: - prose: events that would require literacy training and awareness content to be updated are defined; props: + - name: label + value: AT-02 + class: zero-padded - name: label value: AT-2 - name: label @@ -4899,9 +4239,6 @@ catalog: - id: at-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Provide security and privacy literacy training to system\ @@ -4924,9 +4261,6 @@ catalog: - id: at-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Employ the following techniques to increase the security\ @@ -4935,9 +4269,6 @@ catalog: - id: at-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Update literacy training and awareness content {{ insert:\ @@ -4946,9 +4277,6 @@ catalog: - id: at-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Incorporate lessons learned from internal or external security @@ -5010,17 +4338,6 @@ catalog: - id: at-2_obj.a.1-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02a.01[01] class: sp800-53a @@ -5033,17 +4350,6 @@ catalog: - id: at-2_obj.a.1-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02a.01[02] class: sp800-53a @@ -5056,17 +4362,6 @@ catalog: - id: at-2_obj.a.1-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02a.01[03] class: sp800-53a @@ -5079,17 +4374,6 @@ catalog: - id: at-2_obj.a.1-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02a.01[04] class: sp800-53a @@ -5105,17 +4389,6 @@ catalog: - id: at-2_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02a.02 class: sp800-53a @@ -5155,13 +4428,6 @@ catalog: - id: at-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AT-02b. class: sp800-53a @@ -5173,17 +4439,6 @@ catalog: - id: at-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02c. class: sp800-53a @@ -5216,17 +4471,6 @@ catalog: - id: at-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02d. class: sp800-53a @@ -5315,6 +4559,9 @@ catalog: class: SP800-53-enhancement title: Insider Threat props: + - name: label + value: AT-02(02) + class: zero-padded - name: label value: AT-2(2) - name: label @@ -5336,10 +4583,6 @@ catalog: parts: - id: at-2.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Provide literacy training on recognizing and reporting potential indicators of insider threat. - id: at-2.2_gdn @@ -5361,17 +4604,6 @@ catalog: - id: at-2.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02(02) class: sp800-53a @@ -5491,6 +4723,9 @@ catalog: - prose: events that require role-based training content to be updated are defined; props: + - name: label + value: AT-03 + class: zero-padded - name: label value: AT-3 - name: label @@ -5562,9 +4797,6 @@ catalog: - id: at-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Provide role-based security and privacy training to personnel\ @@ -5588,9 +4820,6 @@ catalog: - id: at-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Update role-based training content {{ insert: param, at-03_odp.04\ @@ -5598,9 +4827,6 @@ catalog: - id: at-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Incorporate lessons learned from internal or external security @@ -5665,17 +4891,6 @@ catalog: - id: at-3_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-03a.01 class: sp800-53a @@ -5734,17 +4949,6 @@ catalog: - id: at-3_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-03a.02 class: sp800-53a @@ -5782,13 +4986,6 @@ catalog: - id: at-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AT-03b. class: sp800-53a @@ -5821,17 +5018,6 @@ catalog: - id: at-3_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-03c. class: sp800-53a @@ -5923,6 +5109,9 @@ catalog: - prose: time period for retaining individual training records is defined; props: + - name: label + value: AT-04 + class: zero-padded - name: label value: AT-4 - name: label @@ -5958,9 +5147,6 @@ catalog: - id: at-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Document and monitor information security and privacy training @@ -5969,9 +5155,6 @@ catalog: - id: at-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Retain individual training records for {{ insert: param,\ @@ -5992,17 +5175,6 @@ catalog: - id: at-4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-04a. class: sp800-53a @@ -6037,13 +5209,6 @@ catalog: - id: at-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AT-04b. class: sp800-53a @@ -6163,6 +5328,9 @@ catalog: - prose: events that would require audit and accountability procedures to be reviewed and updated are defined; props: + - name: label + value: AU-01 + class: zero-padded - name: label value: AU-1 - name: label @@ -6198,11 +5366,6 @@ catalog: - id: au-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -6243,9 +5406,6 @@ catalog: - id: au-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, au-01_odp.04 }} to manage\ @@ -6254,11 +5414,6 @@ catalog: - id: au-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current audit and accountability:" @@ -6318,17 +5473,6 @@ catalog: - id: au-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-01a.[01] class: sp800-53a @@ -6339,17 +5483,6 @@ catalog: - id: au-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-01a.[02] class: sp800-53a @@ -6361,13 +5494,6 @@ catalog: - id: au-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AU-01a.[03] class: sp800-53a @@ -6381,13 +5507,6 @@ catalog: - id: au-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AU-01a.[04] class: sp800-53a @@ -6406,13 +5525,6 @@ catalog: - id: au-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AU-01a.01(a) class: sp800-53a @@ -6502,13 +5614,6 @@ catalog: - id: au-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AU-01a.01(b) class: sp800-53a @@ -6528,17 +5633,6 @@ catalog: - id: au-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-01b. class: sp800-53a @@ -6558,17 +5652,6 @@ catalog: - id: au-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-01c.01 class: sp800-53a @@ -6602,17 +5685,6 @@ catalog: - id: au-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-01c.02 class: sp800-53a @@ -6730,9 +5802,9 @@ catalog: - prose: the frequency of event types selected for logging are reviewed and updated; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-02 + class: zero-padded - name: label value: AU-2 - name: label @@ -6823,9 +5895,6 @@ catalog: - id: au-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Identify the types of events that the system is capable\ @@ -6834,9 +5903,6 @@ catalog: - id: au-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Coordinate the event logging function with other organizational @@ -6845,9 +5911,6 @@ catalog: - id: au-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Specify the following event types for logging within the\ @@ -6855,9 +5918,6 @@ catalog: - id: au-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Provide a rationale for why the event types selected for @@ -6866,9 +5926,6 @@ catalog: - id: au-2_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: "Review and update the event types selected for logging {{\ @@ -6953,17 +6010,6 @@ catalog: - id: au-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-02a. class: sp800-53a @@ -6975,17 +6021,6 @@ catalog: - id: au-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-02b. class: sp800-53a @@ -7005,17 +6040,6 @@ catalog: - id: au-2_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-02c.[01] class: sp800-53a @@ -7027,13 +6051,6 @@ catalog: - id: au-2_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-02c.[02] class: sp800-53a @@ -7048,17 +6065,6 @@ catalog: - id: au-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-02d. class: sp800-53a @@ -7071,13 +6077,6 @@ catalog: - id: au-2_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-02e. class: sp800-53a @@ -7155,9 +6154,9 @@ catalog: class: SP800-53 title: Content of Audit Records props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-03 + class: zero-padded - name: label value: AU-3 - name: label @@ -7200,54 +6199,36 @@ catalog: - id: au-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: What type of event occurred; - id: au-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: When the event occurred; - id: au-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Where the event occurred; - id: au-3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Source of the event; - id: au-3_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Outcome of the event; and - id: au-3_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: Identity of any individuals, subjects, or objects/entities @@ -7269,17 +6250,6 @@ catalog: - id: au-3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-03 class: sp800-53a @@ -7427,9 +6397,9 @@ catalog: guidelines: - prose: audit log retention requirements are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-04 + class: zero-padded - name: label value: AU-4 - name: label @@ -7465,10 +6435,6 @@ catalog: parts: - id: au-4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Allocate audit log storage capacity to accommodate {{ insert:\ \ param, au-04_odp }}." - id: au-4_gdn @@ -7481,17 +6447,6 @@ catalog: - id: au-4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-04 class: sp800-53a @@ -7589,9 +6544,9 @@ catalog: - prose: additional actions to be taken in the event of an audit logging process failure are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-05 + class: zero-padded - name: label value: AU-5 - name: label @@ -7628,9 +6583,6 @@ catalog: - id: au-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Alert {{ insert: param, au-05_odp.01 }} within {{ insert:\ @@ -7639,9 +6591,6 @@ catalog: - id: au-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Take the following additional actions: {{ insert: param,\ @@ -7673,17 +6622,6 @@ catalog: - id: au-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-05a. class: sp800-53a @@ -7696,17 +6634,6 @@ catalog: - id: au-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-05b. class: sp800-53a @@ -7814,9 +6741,9 @@ catalog: - prose: personnel or roles to receive findings from reviews and analyses of system records is/are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-06 + class: zero-padded - name: label value: AU-6 - name: label @@ -7902,9 +6829,6 @@ catalog: - id: au-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Review and analyze system audit records {{ insert: param,\ @@ -7914,18 +6838,12 @@ catalog: - id: au-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Report findings to {{ insert: param, au-06_odp.03 }} ; and" - id: au-6_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Adjust the level of audit record review, analysis, and reporting @@ -7974,17 +6892,6 @@ catalog: - id: au-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-06a. class: sp800-53a @@ -7998,17 +6905,6 @@ catalog: - id: au-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-06b. class: sp800-53a @@ -8020,17 +6916,6 @@ catalog: - id: au-6_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-06c. class: sp800-53a @@ -8106,9 +6991,9 @@ catalog: - prose: granularity of time measurement for audit record timestamps is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-08 + class: zero-padded - name: label value: AU-8 - name: label @@ -8135,9 +7020,6 @@ catalog: - id: au-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Use internal system clocks to generate time stamps for audit @@ -8145,9 +7027,6 @@ catalog: - id: au-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Record time stamps for audit records that meet {{ insert:\ @@ -8176,17 +7055,6 @@ catalog: - id: au-8_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-08a. class: sp800-53a @@ -8198,17 +7066,6 @@ catalog: - id: au-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-08b. class: sp800-53a @@ -8292,6 +7149,9 @@ catalog: access, modification, or deletion of audit information is/are defined; props: + - name: label + value: AU-09 + class: zero-padded - name: label value: AU-9 - name: label @@ -8344,9 +7204,6 @@ catalog: - id: au-9_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Protect audit information and audit logging tools from unauthorized @@ -8354,9 +7211,6 @@ catalog: - id: au-9_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Alert {{ insert: param, au-09_odp }} upon detection of unauthorized\ @@ -8382,17 +7236,6 @@ catalog: - id: au-9_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-09a. class: sp800-53a @@ -8404,17 +7247,6 @@ catalog: - id: au-9_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-09b. class: sp800-53a @@ -8505,9 +7337,9 @@ catalog: - prose: a time period to retain audit records that is consistent with the records retention policy is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-11 + class: zero-padded - name: label value: AU-11 - name: label @@ -8542,10 +7374,6 @@ catalog: parts: - id: au-11_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Retain audit records for {{ insert: param, au-11_odp }} to provide\ \ support for after-the-fact investigations of incidents and to meet\ \ regulatory and organizational information retention requirements." @@ -8590,17 +7418,6 @@ catalog: - id: au-11_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-11 class: sp800-53a @@ -8682,9 +7499,9 @@ catalog: - prose: personnel or roles allowed to select the event types that are to be logged by specific components of the system is/are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-12 + class: zero-padded - name: label value: AU-12 - name: label @@ -8741,9 +7558,6 @@ catalog: - id: au-12_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Provide audit record generation capability for the event\ @@ -8752,9 +7566,6 @@ catalog: - id: au-12_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Allow {{ insert: param, au-12_odp.02 }} to select the event\ @@ -8763,9 +7574,6 @@ catalog: - id: au-12_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Generate audit records for the event types defined in [AU-2c](#au-2_smt.c) @@ -8786,17 +7594,6 @@ catalog: - id: au-12_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-12a. class: sp800-53a @@ -8809,17 +7606,6 @@ catalog: - id: au-12_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-12b. class: sp800-53a @@ -8832,13 +7618,6 @@ catalog: - id: au-12_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-12c. class: sp800-53a @@ -8974,6 +7753,9 @@ catalog: - prose: events that would require assessment, authorization, and monitoring procedures to be reviewed and updated are defined; props: + - name: label + value: CA-01 + class: zero-padded - name: label value: CA-1 - name: label @@ -9021,11 +7803,6 @@ catalog: - id: ca-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -9066,9 +7843,6 @@ catalog: - id: ca-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ca-01_odp.04 }} to manage\ @@ -9077,11 +7851,6 @@ catalog: - id: ca-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current assessment, authorization,\ @@ -9144,17 +7913,6 @@ catalog: - id: ca-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-01a.[01] class: sp800-53a @@ -9166,17 +7924,6 @@ catalog: - id: ca-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-01a.[02] class: sp800-53a @@ -9188,13 +7935,6 @@ catalog: - id: ca-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-01a.[03] class: sp800-53a @@ -9208,13 +7948,6 @@ catalog: - id: ca-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-01a.[04] class: sp800-53a @@ -9233,13 +7966,6 @@ catalog: - id: ca-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-01a.01(a) class: sp800-53a @@ -9329,13 +8055,6 @@ catalog: - id: ca-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-01a.01(b) class: sp800-53a @@ -9355,17 +8074,6 @@ catalog: - id: ca-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-01b. class: sp800-53a @@ -9385,17 +8093,6 @@ catalog: - id: ca-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-01c.01 class: sp800-53a @@ -9430,17 +8127,6 @@ catalog: - id: ca-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-01c.02 class: sp800-53a @@ -9538,6 +8224,9 @@ catalog: - prose: individuals or roles to whom control assessment results are to be provided are defined; props: + - name: label + value: CA-02 + class: zero-padded - name: label value: CA-2 - name: label @@ -9605,9 +8294,6 @@ catalog: - id: ca-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Select the appropriate assessor or assessment team for the @@ -9615,9 +8301,6 @@ catalog: - id: ca-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Develop a control assessment plan that describes the scope\ @@ -9646,9 +8329,6 @@ catalog: - id: ca-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Ensure the control assessment plan is reviewed and approved @@ -9657,9 +8337,6 @@ catalog: - id: ca-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Assess the controls in the system and its environment of\ @@ -9670,9 +8347,6 @@ catalog: - id: ca-2_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Produce a control assessment report that document the results @@ -9680,9 +8354,6 @@ catalog: - id: ca-2_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Provide the results of the control assessment to {{ insert:\ @@ -9778,13 +8449,6 @@ catalog: - id: ca-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-02a. class: sp800-53a @@ -9803,17 +8467,6 @@ catalog: - id: ca-2_obj.b.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02b.01 class: sp800-53a @@ -9826,17 +8479,6 @@ catalog: - id: ca-2_obj.b.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02b.02 class: sp800-53a @@ -9849,17 +8491,6 @@ catalog: - id: ca-2_obj.b.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02b.03 class: sp800-53a @@ -9909,17 +8540,6 @@ catalog: - id: ca-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02c. class: sp800-53a @@ -9932,17 +8552,6 @@ catalog: - id: ca-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02d. class: sp800-53a @@ -9981,13 +8590,6 @@ catalog: - id: ca-2_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-02e. class: sp800-53a @@ -9999,13 +8601,6 @@ catalog: - id: ca-2_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-02f. class: sp800-53a @@ -10080,6 +8675,9 @@ catalog: class: SP800-53-enhancement title: Independent Assessors props: + - name: label + value: CA-02(01) + class: zero-padded - name: label value: CA-2(1) - name: label @@ -10099,10 +8697,6 @@ catalog: parts: - id: ca-2.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ independent assessors or assessment teams to conduct control assessments. - id: ca-2.1_gdn @@ -10154,17 +8748,6 @@ catalog: - id: ca-2.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02(01) class: sp800-53a @@ -10248,6 +8831,9 @@ catalog: - prose: the frequency at which to review and update agreements is defined; props: + - name: label + value: CA-03 + class: zero-padded - name: label value: CA-3 - name: label @@ -10299,9 +8885,6 @@ catalog: - id: ca-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Approve and manage the exchange of information between the\ @@ -10310,9 +8893,6 @@ catalog: - id: ca-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Document, as part of each exchange agreement, the interface @@ -10322,9 +8902,6 @@ catalog: - id: ca-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Review and update the agreements {{ insert: param, ca-03_odp.03\ @@ -10383,17 +8960,6 @@ catalog: - id: ca-3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-03a. class: sp800-53a @@ -10406,13 +8972,6 @@ catalog: - id: ca-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-03b. class: sp800-53a @@ -10488,17 +9047,6 @@ catalog: - id: ca-3_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-03c. class: sp800-53a @@ -10588,6 +9136,9 @@ catalog: independent audits or reviews, and continuous monitoring activities is defined; props: + - name: label + value: CA-05 + class: zero-padded - name: label value: CA-5 - name: label @@ -10627,9 +9178,6 @@ catalog: - id: ca-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Develop a plan of action and milestones for the system to @@ -10640,9 +9188,6 @@ catalog: - id: ca-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Update existing plan of action and milestones {{ insert:\ @@ -10680,17 +9225,6 @@ catalog: - id: ca-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-05a. class: sp800-53a @@ -10705,17 +9239,6 @@ catalog: - id: ca-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-05b. class: sp800-53a @@ -10800,6 +9323,9 @@ catalog: guidelines: - prose: frequency at which to update the authorizations is defined; props: + - name: label + value: CA-06 + class: zero-padded - name: label value: CA-6 - name: label @@ -10843,9 +9369,6 @@ catalog: - id: ca-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Assign a senior official as the authorizing official for @@ -10853,9 +9376,6 @@ catalog: - id: ca-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Assign a senior official as the authorizing official for @@ -10863,9 +9383,6 @@ catalog: - id: ca-6_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Ensure that the authorizing official for the system, before\ @@ -10887,9 +9404,6 @@ catalog: - id: ca-6_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Ensure that the authorizing official for common controls @@ -10898,9 +9412,6 @@ catalog: - id: ca-6_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: "Update the authorizations {{ insert: param, ca-06_odp }}." @@ -10963,17 +9474,6 @@ catalog: - id: ca-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-06a. class: sp800-53a @@ -10985,17 +9485,6 @@ catalog: - id: ca-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-06b. class: sp800-53a @@ -11015,17 +9504,6 @@ catalog: - id: ca-6_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-06c.01 class: sp800-53a @@ -11038,17 +9516,6 @@ catalog: - id: ca-6_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-06c.02 class: sp800-53a @@ -11063,17 +9530,6 @@ catalog: - id: ca-6_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-06d. class: sp800-53a @@ -11085,13 +9541,6 @@ catalog: - id: ca-6_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-06e. class: sp800-53a @@ -11203,6 +9652,9 @@ catalog: - prose: frequency at which the privacy status of the system is reported is defined; props: + - name: label + value: CA-07 + class: zero-padded - name: label value: CA-7 - name: label @@ -11345,9 +9797,6 @@ catalog: - id: ca-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Establishing the following system-level metrics to be monitored:\ @@ -11355,9 +9804,6 @@ catalog: - id: ca-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Establishing {{ insert: param, ca-07_odp.02 }} for monitoring\ @@ -11366,9 +9812,6 @@ catalog: - id: ca-7_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Ongoing control assessments in accordance with the continuous @@ -11376,9 +9819,6 @@ catalog: - id: ca-7_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Ongoing monitoring of system and organization-defined metrics @@ -11386,9 +9826,6 @@ catalog: - id: ca-7_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Correlation and analysis of information generated by control @@ -11396,9 +9833,6 @@ catalog: - id: ca-7_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: Response actions to address results of the analysis of control @@ -11406,9 +9840,6 @@ catalog: - id: ca-7_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: "Reporting the security and privacy status of the system\ @@ -11499,17 +9930,6 @@ catalog: - id: ca-7_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07[01] class: sp800-53a @@ -11520,17 +9940,6 @@ catalog: - id: ca-7_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07[02] class: sp800-53a @@ -11542,17 +9951,6 @@ catalog: - id: ca-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07a. class: sp800-53a @@ -11565,17 +9963,6 @@ catalog: - id: ca-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07b. class: sp800-53a @@ -11609,17 +9996,6 @@ catalog: - id: ca-7_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07c. class: sp800-53a @@ -11631,17 +10007,6 @@ catalog: - id: ca-7_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07d. class: sp800-53a @@ -11654,17 +10019,6 @@ catalog: - id: ca-7_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07e. class: sp800-53a @@ -11676,17 +10030,6 @@ catalog: - id: ca-7_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07f. class: sp800-53a @@ -11699,17 +10042,6 @@ catalog: - id: ca-7_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07g. class: sp800-53a @@ -11842,6 +10174,9 @@ catalog: class: SP800-53-enhancement title: Risk Monitoring props: + - name: label + value: CA-07(04) + class: zero-padded - name: label value: CA-7(4) - name: label @@ -11870,27 +10205,18 @@ catalog: - id: ca-7.4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Effectiveness monitoring; - id: ca-7.4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Compliance monitoring; and - id: ca-7.4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: Change monitoring. @@ -11907,17 +10233,6 @@ catalog: - id: ca-7.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07(04) class: sp800-53a @@ -11927,17 +10242,6 @@ catalog: - id: ca-7.4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07(04)(a) class: sp800-53a @@ -11948,17 +10252,6 @@ catalog: - id: ca-7.4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07(04)(b) class: sp800-53a @@ -11969,17 +10262,6 @@ catalog: - id: ca-7.4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07(04)(c) class: sp800-53a @@ -12083,6 +10365,9 @@ catalog: - prose: systems or system components on which penetration testing is to be conducted are defined; props: + - name: label + value: CA-08 + class: zero-padded - name: label value: CA-8 - name: label @@ -12110,10 +10395,6 @@ catalog: parts: - id: ca-8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Conduct penetration testing {{ insert: param, ca-08_odp.01 }}\ \ on {{ insert: param, ca-08_odp.02 }}." parts: @@ -12171,17 +10452,6 @@ catalog: - id: ca-8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-08 class: sp800-53a @@ -12272,6 +10542,9 @@ catalog: - prose: frequency at which to review the continued need for each internal connection is defined; props: + - name: label + value: CA-09 + class: zero-padded - name: label value: CA-9 - name: label @@ -12313,9 +10586,6 @@ catalog: - id: ca-9_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Authorize internal connections of {{ insert: param, ca-09_odp.01\ @@ -12323,9 +10593,6 @@ catalog: - id: ca-9_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Document, for each internal connection, the interface characteristics, @@ -12334,9 +10601,6 @@ catalog: - id: ca-9_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Terminate internal system connections after {{ insert: param,\ @@ -12344,9 +10608,6 @@ catalog: - id: ca-9_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Review {{ insert: param, ca-09_odp.03 }} the continued need\ @@ -12377,17 +10638,6 @@ catalog: - id: ca-9_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-09a. class: sp800-53a @@ -12399,13 +10649,6 @@ catalog: - id: ca-9_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-09b. class: sp800-53a @@ -12460,17 +10703,6 @@ catalog: - id: ca-9_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-09c. class: sp800-53a @@ -12482,17 +10714,6 @@ catalog: - id: ca-9_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-09d. class: sp800-53a @@ -12641,6 +10862,9 @@ catalog: - prose: events that would require configuration management procedures to be reviewed and updated are defined; props: + - name: label + value: CM-01 + class: zero-padded - name: label value: CM-1 - name: label @@ -12680,11 +10904,6 @@ catalog: - id: cm-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -12725,9 +10944,6 @@ catalog: - id: cm-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, cm-01_odp.04 }} to manage\ @@ -12736,11 +10952,6 @@ catalog: - id: cm-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current configuration management:" @@ -12801,17 +11012,6 @@ catalog: - id: cm-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-01a.[01] class: sp800-53a @@ -12822,17 +11022,6 @@ catalog: - id: cm-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-01a.[02] class: sp800-53a @@ -12844,13 +11033,6 @@ catalog: - id: cm-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-01a.[03] class: sp800-53a @@ -12864,13 +11046,6 @@ catalog: - id: cm-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-01a.[04] class: sp800-53a @@ -12889,13 +11064,6 @@ catalog: - id: cm-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-01a.01(a) class: sp800-53a @@ -12985,13 +11153,6 @@ catalog: - id: cm-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-01a.01(b) class: sp800-53a @@ -13010,17 +11171,6 @@ catalog: - id: cm-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-01b. class: sp800-53a @@ -13040,17 +11190,6 @@ catalog: - id: cm-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-01c.01 class: sp800-53a @@ -13084,17 +11223,6 @@ catalog: - id: cm-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-01c.02 class: sp800-53a @@ -13196,6 +11324,9 @@ catalog: - prose: the circumstances requiring baseline configuration review and update are defined; props: + - name: label + value: CM-02 + class: zero-padded - name: label value: CM-2 - name: label @@ -13259,9 +11390,6 @@ catalog: - id: cm-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Develop, document, and maintain under configuration control, @@ -13269,9 +11397,6 @@ catalog: - id: cm-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update the baseline configuration of the system:" @@ -13329,13 +11454,6 @@ catalog: - id: cm-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-02a. class: sp800-53a @@ -13375,17 +11493,6 @@ catalog: - id: cm-2_obj.b.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-02b.01 class: sp800-53a @@ -13397,17 +11504,6 @@ catalog: - id: cm-2_obj.b.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-02b.02 class: sp800-53a @@ -13420,17 +11516,6 @@ catalog: - id: cm-2_obj.b.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-02b.03 class: sp800-53a @@ -13533,6 +11618,9 @@ catalog: class: SP800-53 title: Impact Analyses props: + - name: label + value: CM-04 + class: zero-padded - name: label value: CM-4 - name: label @@ -13576,10 +11664,6 @@ catalog: parts: - id: cm-4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Analyze changes to the system to determine potential security and privacy impacts prior to change implementation. - id: cm-4_gdn @@ -13601,17 +11685,6 @@ catalog: - id: cm-4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-04 class: sp800-53a @@ -13745,9 +11818,9 @@ catalog: class: SP800-53 title: Access Restrictions for Change props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-05 + class: zero-padded - name: label value: CM-5 - name: label @@ -13786,10 +11859,6 @@ catalog: parts: - id: cm-5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system. - id: cm-5_gdn @@ -13807,17 +11876,6 @@ catalog: - id: cm-5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-05 class: sp800-53a @@ -14001,9 +12059,9 @@ catalog: - prose: operational requirements necessitating approval of deviations are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-06 + class: zero-padded - name: label value: CM-6 - name: label @@ -14093,9 +12151,6 @@ catalog: - id: cm-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Establish and document configuration settings for components\ @@ -14105,18 +12160,12 @@ catalog: - id: cm-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Implement the configuration settings; - id: cm-6_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Identify, document, and approve any deviations from established\ @@ -14125,9 +12174,6 @@ catalog: - id: cm-6_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Monitor and control changes to the configuration settings @@ -14172,7 +12218,7 @@ catalog: assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are - then documented in the CSP's Plan of Action and + then documented in the CSP’s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable. @@ -14239,13 +12285,6 @@ catalog: - id: cm-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-06a. class: sp800-53a @@ -14259,17 +12298,6 @@ catalog: - id: cm-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-06b. class: sp800-53a @@ -14280,17 +12308,6 @@ catalog: - id: cm-6_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-06c. class: sp800-53a @@ -14324,17 +12341,6 @@ catalog: - id: cm-6_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-06d. class: sp800-53a @@ -14498,9 +12504,9 @@ catalog: guidelines: - prose: services to be prohibited or restricted are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-07 + class: zero-padded - name: label value: CM-7 - name: label @@ -14566,9 +12572,6 @@ catalog: - id: cm-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Configure the system to provide only {{ insert: param, cm-07_odp.01\ @@ -14576,9 +12579,6 @@ catalog: - id: cm-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Prohibit or restrict the use of the following functions,\ @@ -14628,17 +12628,6 @@ catalog: - id: cm-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-07a. class: sp800-53a @@ -14650,13 +12639,6 @@ catalog: - id: cm-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-07b. class: sp800-53a @@ -14809,9 +12791,9 @@ catalog: - prose: frequency at which to review and update the system component inventory is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-08 + class: zero-padded - name: label value: CM-8 - name: label @@ -14881,9 +12863,6 @@ catalog: - id: cm-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Develop and document an inventory of system components that:" @@ -14925,9 +12904,6 @@ catalog: - id: cm-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update the system component inventory {{ insert:\ @@ -14996,17 +12972,6 @@ catalog: - id: cm-8_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08a.01 class: sp800-53a @@ -15018,17 +12983,6 @@ catalog: - id: cm-8_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08a.02 class: sp800-53a @@ -15040,17 +12994,6 @@ catalog: - id: cm-8_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08a.03 class: sp800-53a @@ -15063,17 +13006,6 @@ catalog: - id: cm-8_obj.a.4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08a.04 class: sp800-53a @@ -15086,17 +13018,6 @@ catalog: - id: cm-8_obj.a.5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08a.05 class: sp800-53a @@ -15111,17 +13032,6 @@ catalog: - id: cm-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08b. class: sp800-53a @@ -15203,6 +13113,9 @@ catalog: class: SP800-53 title: Software Usage Restrictions props: + - name: label + value: CM-10 + class: zero-padded - name: label value: CM-10 - name: label @@ -15233,9 +13146,6 @@ catalog: - id: cm-10_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Use software and associated documentation in accordance with @@ -15243,9 +13153,6 @@ catalog: - id: cm-10_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Track the use of software and associated documentation protected @@ -15253,9 +13160,6 @@ catalog: - id: cm-10_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Control and document the use of peer-to-peer file sharing @@ -15277,17 +13181,6 @@ catalog: - id: cm-10_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-10a. class: sp800-53a @@ -15299,17 +13192,6 @@ catalog: - id: cm-10_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-10b. class: sp800-53a @@ -15321,17 +13203,6 @@ catalog: - id: cm-10_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-10c. class: sp800-53a @@ -15445,6 +13316,9 @@ catalog: guidelines: - prose: frequency with which to monitor compliance is defined; props: + - name: label + value: CM-11 + class: zero-padded - name: label value: CM-11 - name: label @@ -15485,9 +13359,6 @@ catalog: - id: cm-11_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Establish {{ insert: param, cm-11_odp.01 }} governing the\ @@ -15495,9 +13366,6 @@ catalog: - id: cm-11_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Enforce software installation policies through the following\ @@ -15505,9 +13373,6 @@ catalog: - id: cm-11_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Monitor policy compliance {{ insert: param, cm-11_odp.03\ @@ -15535,17 +13400,6 @@ catalog: - id: cm-11_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-11a. class: sp800-53a @@ -15557,17 +13411,6 @@ catalog: - id: cm-11_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-11b. class: sp800-53a @@ -15579,13 +13422,6 @@ catalog: - id: cm-11_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-11c. class: sp800-53a @@ -15740,6 +13576,9 @@ catalog: - prose: events that would require procedures to be reviewed and updated are defined; props: + - name: label + value: CP-01 + class: zero-padded - name: label value: CP-1 - name: label @@ -15779,11 +13618,6 @@ catalog: - id: cp-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -15823,9 +13657,6 @@ catalog: - id: cp-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, cp-01_odp.04 }} to manage\ @@ -15834,11 +13665,6 @@ catalog: - id: cp-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current contingency planning:" @@ -15898,17 +13724,6 @@ catalog: - id: cp-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-01a.[01] class: sp800-53a @@ -15919,17 +13734,6 @@ catalog: - id: cp-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-01a.[02] class: sp800-53a @@ -15941,13 +13745,6 @@ catalog: - id: cp-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-01a.[03] class: sp800-53a @@ -15960,13 +13757,6 @@ catalog: - id: cp-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-01a.[04] class: sp800-53a @@ -15985,13 +13775,6 @@ catalog: - id: cp-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-01a.01(a) class: sp800-53a @@ -16080,13 +13863,6 @@ catalog: - id: cp-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-01a.01(b) class: sp800-53a @@ -16106,17 +13882,6 @@ catalog: - id: cp-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-01b. class: sp800-53a @@ -16136,17 +13901,6 @@ catalog: - id: cp-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-01c.01 class: sp800-53a @@ -16180,17 +13934,6 @@ catalog: - id: cp-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-01c.02 class: sp800-53a @@ -16312,6 +14055,9 @@ catalog: - prose: key contingency organizational elements to communicate changes to are defined; props: + - name: label + value: CP-02 + class: zero-padded - name: label value: CP-2 - name: label @@ -16384,9 +14130,6 @@ catalog: - id: cp-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Develop a contingency plan for the system that:" @@ -16442,9 +14185,6 @@ catalog: - id: cp-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Distribute copies of the contingency plan to {{ insert:\ @@ -16452,9 +14192,6 @@ catalog: - id: cp-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Coordinate contingency planning activities with incident @@ -16462,9 +14199,6 @@ catalog: - id: cp-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Review the contingency plan for the system {{ insert: param,\ @@ -16472,9 +14206,6 @@ catalog: - id: cp-2_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Update the contingency plan to address changes to the organization, @@ -16483,9 +14214,6 @@ catalog: - id: cp-2_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Communicate contingency plan changes to {{ insert: param,\ @@ -16493,9 +14221,6 @@ catalog: - id: cp-2_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: Incorporate lessons learned from contingency plan testing, @@ -16504,9 +14229,6 @@ catalog: - id: cp-2_smt.h name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: h. prose: Protect the contingency plan from unauthorized disclosure @@ -16577,13 +14299,6 @@ catalog: - id: cp-2_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.01 class: sp800-53a @@ -16596,13 +14311,6 @@ catalog: - id: cp-2_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.02 class: sp800-53a @@ -16646,13 +14354,6 @@ catalog: - id: cp-2_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.03 class: sp800-53a @@ -16696,13 +14397,6 @@ catalog: - id: cp-2_obj.a.4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.04 class: sp800-53a @@ -16715,13 +14409,6 @@ catalog: - id: cp-2_obj.a.5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.05 class: sp800-53a @@ -16734,13 +14421,6 @@ catalog: - id: cp-2_obj.a.6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.06 class: sp800-53a @@ -16752,13 +14432,6 @@ catalog: - id: cp-2_obj.a.7 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.07 class: sp800-53a @@ -16801,17 +14474,6 @@ catalog: - id: cp-2_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02b.[01] class: sp800-53a @@ -16823,17 +14485,6 @@ catalog: - id: cp-2_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02b.[02] class: sp800-53a @@ -16848,17 +14499,6 @@ catalog: - id: cp-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02c. class: sp800-53a @@ -16870,17 +14510,6 @@ catalog: - id: cp-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02d. class: sp800-53a @@ -16899,17 +14528,6 @@ catalog: - id: cp-2_obj.e-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02e.[01] class: sp800-53a @@ -16921,17 +14539,6 @@ catalog: - id: cp-2_obj.e-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02e.[02] class: sp800-53a @@ -16946,17 +14553,6 @@ catalog: - id: cp-2_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02f. class: sp800-53a @@ -16989,17 +14585,6 @@ catalog: - id: cp-2_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02g. class: sp800-53a @@ -17033,21 +14618,6 @@ catalog: - id: cp-2_obj.h name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-02h. class: sp800-53a @@ -17174,6 +14744,9 @@ catalog: - prose: events necessitating review and update of contingency training are defined; props: + - name: label + value: CP-03 + class: zero-padded - name: label value: CP-3 - name: label @@ -17215,9 +14788,6 @@ catalog: - id: cp-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Provide contingency training to system users consistent\ @@ -17245,9 +14815,6 @@ catalog: - id: cp-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update contingency training content {{ insert:\ @@ -17310,17 +14877,6 @@ catalog: - id: cp-3_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-03a.01 class: sp800-53a @@ -17334,17 +14890,6 @@ catalog: - id: cp-3_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-03a.02 class: sp800-53a @@ -17357,17 +14902,6 @@ catalog: - id: cp-3_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-03a.03 class: sp800-53a @@ -17390,17 +14924,6 @@ catalog: - id: cp-3_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-03b.[01] class: sp800-53a @@ -17412,17 +14935,6 @@ catalog: - id: cp-3_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-03b.[02] class: sp800-53a @@ -17519,9 +15031,9 @@ catalog: - prose: tests for determining readiness to execute the contingency plan are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CP-04 + class: zero-padded - name: label value: CP-4 - name: label @@ -17571,9 +15083,6 @@ catalog: - id: cp-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Test the contingency plan for the system {{ insert: param,\ @@ -17583,18 +15092,12 @@ catalog: - id: cp-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Review the contingency plan test results; and - id: cp-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Initiate corrective actions, if needed. @@ -17646,21 +15149,6 @@ catalog: - id: cp-4_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-04a.[01] class: sp800-53a @@ -17672,21 +15160,6 @@ catalog: - id: cp-4_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-04a.[02] class: sp800-53a @@ -17698,21 +15171,6 @@ catalog: - id: cp-4_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-04a.[03] class: sp800-53a @@ -17727,17 +15185,6 @@ catalog: - id: cp-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-04b. class: sp800-53a @@ -17748,17 +15195,6 @@ catalog: - id: cp-4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-04c. class: sp800-53a @@ -17863,6 +15299,9 @@ catalog: consistent with recovery time and recovery point objectives is defined; props: + - name: label + value: CP-09 + class: zero-padded - name: label value: CP-9 - name: label @@ -17911,9 +15350,6 @@ catalog: - id: cp-9_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Conduct backups of user-level information contained in {{\ @@ -17922,9 +15358,6 @@ catalog: - id: cp-9_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Conduct backups of system-level information contained in\ @@ -17932,9 +15365,6 @@ catalog: - id: cp-9_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Conduct backups of system documentation, including security-\ @@ -17943,9 +15373,6 @@ catalog: - id: cp-9_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Protect the confidentiality, integrity, and availability @@ -18014,21 +15441,6 @@ catalog: - id: cp-9_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09a. class: sp800-53a @@ -18041,21 +15453,6 @@ catalog: - id: cp-9_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09b. class: sp800-53a @@ -18067,21 +15464,6 @@ catalog: - id: cp-9_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09c. class: sp800-53a @@ -18094,17 +15476,6 @@ catalog: - id: cp-9_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09d. class: sp800-53a @@ -18222,6 +15593,9 @@ catalog: - prose: time period consistent with recovery time and recovery point objectives for the reconstitution of the system is determined; props: + - name: label + value: CP-10 + class: zero-padded - name: label value: CP-10 - name: label @@ -18256,10 +15630,6 @@ catalog: parts: - id: cp-10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Provide for the recovery and reconstitution of the system to\ \ a known state within {{ insert: param, cp-10_prm_1 }} after a disruption,\ \ compromise, or failure." @@ -18284,21 +15654,6 @@ catalog: - id: cp-10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-10 class: sp800-53a @@ -18455,6 +15810,9 @@ catalog: - prose: events that would require identification and authentication procedures to be reviewed and updated are defined; props: + - name: label + value: IA-01 + class: zero-padded - name: label value: IA-1 - name: label @@ -18506,11 +15864,6 @@ catalog: - id: ia-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -18551,9 +15904,6 @@ catalog: - id: ia-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ia-01_odp.04 }} to manage\ @@ -18562,11 +15912,6 @@ catalog: - id: ia-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current identification and authentication:" @@ -18627,17 +15972,6 @@ catalog: - id: ia-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IA-01a.[01] class: sp800-53a @@ -18649,17 +15983,6 @@ catalog: - id: ia-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IA-01a.[02] class: sp800-53a @@ -18671,13 +15994,6 @@ catalog: - id: ia-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IA-01a.[03] class: sp800-53a @@ -18691,13 +16007,6 @@ catalog: - id: ia-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IA-01a.[04] class: sp800-53a @@ -18716,13 +16025,6 @@ catalog: - id: ia-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IA-01a.01(a) class: sp800-53a @@ -18811,13 +16113,6 @@ catalog: - id: ia-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IA-01a.01(b) class: sp800-53a @@ -18837,17 +16132,6 @@ catalog: - id: ia-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IA-01b. class: sp800-53a @@ -18867,17 +16151,6 @@ catalog: - id: ia-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IA-01c.01 class: sp800-53a @@ -18912,17 +16185,6 @@ catalog: - id: ia-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IA-01c.02 class: sp800-53a @@ -19011,9 +16273,9 @@ catalog: class: SP800-53 title: Identification and Authentication (Organizational Users) props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-02 + class: zero-padded - name: label value: IA-2 - name: label @@ -19101,10 +16363,6 @@ catalog: parts: - id: ia-2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users. @@ -19194,21 +16452,6 @@ catalog: - id: ia-2_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02[01] class: sp800-53a @@ -19219,21 +16462,6 @@ catalog: - id: ia-2_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02[02] class: sp800-53a @@ -19319,9 +16547,9 @@ catalog: class: SP800-53-enhancement title: Multi-factor Authentication to Privileged Accounts props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-02(01) + class: zero-padded - name: label value: IA-2(1) - name: label @@ -19342,10 +16570,6 @@ catalog: parts: - id: ia-2.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Implement multi-factor authentication for access to privileged accounts. parts: @@ -19397,13 +16621,6 @@ catalog: - id: ia-2.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02(01) class: sp800-53a @@ -19489,9 +16706,9 @@ catalog: class: SP800-53-enhancement title: Multi-factor Authentication to Non-privileged Accounts props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-02(02) + class: zero-padded - name: label value: IA-2(2) - name: label @@ -19510,10 +16727,6 @@ catalog: parts: - id: ia-2.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Implement multi-factor authentication for access to non-privileged accounts. parts: @@ -19565,13 +16778,6 @@ catalog: - id: ia-2.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02(02) class: sp800-53a @@ -19664,9 +16870,9 @@ catalog: - privileged accounts - non-privileged accounts props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-02(08) + class: zero-padded - name: label value: IA-2(8) - name: label @@ -19683,10 +16889,6 @@ catalog: parts: - id: ia-2.8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement replay-resistant authentication mechanisms for\ \ access to {{ insert: param, ia-02.08_odp }}." - id: ia-2.8_gdn @@ -19699,17 +16901,6 @@ catalog: - id: ia-2.8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02(08) class: sp800-53a @@ -19800,9 +16991,9 @@ catalog: class: SP800-53-enhancement title: Acceptance of PIV Credentials props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-02(12) + class: zero-padded - name: label value: IA-2(12) - name: label @@ -19819,10 +17010,6 @@ catalog: parts: - id: ia-2.12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Accept and electronically verify Personal Identity Verification-compliant credentials. parts: @@ -19852,17 +17039,6 @@ catalog: - id: ia-2.12_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02(12) class: sp800-53a @@ -19969,9 +17145,9 @@ catalog: guidelines: - prose: a time period for preventing reuse of identifiers is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-04 + class: zero-padded - name: label value: IA-4 - name: label @@ -20035,9 +17211,6 @@ catalog: - id: ia-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Receiving authorization from {{ insert: param, ia-04_odp.01\ @@ -20046,9 +17219,6 @@ catalog: - id: ia-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Selecting an identifier that identifies an individual, group, @@ -20056,9 +17226,6 @@ catalog: - id: ia-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Assigning the identifier to the intended individual, group, @@ -20066,9 +17233,6 @@ catalog: - id: ia-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Preventing reuse of identifiers for {{ insert: param, ia-04_odp.02\ @@ -20097,17 +17261,6 @@ catalog: - id: ia-4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-04a. class: sp800-53a @@ -20120,17 +17273,6 @@ catalog: - id: ia-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-04b. class: sp800-53a @@ -20142,17 +17284,6 @@ catalog: - id: ia-4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-04c. class: sp800-53a @@ -20164,17 +17295,6 @@ catalog: - id: ia-4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-04d. class: sp800-53a @@ -20273,9 +17393,9 @@ catalog: - prose: events that trigger the change or refreshment of authenticators are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-05 + class: zero-padded - name: label value: IA-5 - name: label @@ -20350,9 +17470,6 @@ catalog: - id: ia-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Verifying, as part of the initial authenticator distribution, @@ -20361,9 +17478,6 @@ catalog: - id: ia-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Establishing initial authenticator content for any authenticators @@ -20371,9 +17485,6 @@ catalog: - id: ia-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Ensuring that authenticators have sufficient strength of @@ -20381,9 +17492,6 @@ catalog: - id: ia-5_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Establishing and implementing administrative procedures for @@ -20392,18 +17500,12 @@ catalog: - id: ia-5_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Changing default authenticators prior to first use; - id: ia-5_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Changing or refreshing authenticators {{ insert: param,\ @@ -20411,9 +17513,6 @@ catalog: - id: ia-5_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: Protecting authenticator content from unauthorized disclosure @@ -20421,9 +17520,6 @@ catalog: - id: ia-5_smt.h name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: h. prose: Requiring individuals to take, and having devices implement, @@ -20431,9 +17527,6 @@ catalog: - id: ia-5_smt.i name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: i. prose: Changing authenticators for group or role accounts when membership @@ -20503,17 +17596,6 @@ catalog: - id: ia-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05a. class: sp800-53a @@ -20527,17 +17609,6 @@ catalog: - id: ia-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05b. class: sp800-53a @@ -20550,17 +17621,6 @@ catalog: - id: ia-5_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05c. class: sp800-53a @@ -20572,17 +17632,6 @@ catalog: - id: ia-5_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05d. class: sp800-53a @@ -20596,17 +17645,6 @@ catalog: - id: ia-5_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05e. class: sp800-53a @@ -20618,17 +17656,6 @@ catalog: - id: ia-5_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05f. class: sp800-53a @@ -20641,17 +17668,6 @@ catalog: - id: ia-5_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05g. class: sp800-53a @@ -20670,17 +17686,6 @@ catalog: - id: ia-5_obj.h-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05h.[01] class: sp800-53a @@ -20692,17 +17697,6 @@ catalog: - id: ia-5_obj.h-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05h.[02] class: sp800-53a @@ -20717,17 +17711,6 @@ catalog: - id: ia-5_obj.i name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05i. class: sp800-53a @@ -20824,6 +17807,9 @@ catalog: guidelines: - prose: authenticator composition and complexity rules are defined; props: + - name: label + value: IA-05(01) + class: zero-padded - name: label value: IA-5(1) - name: label @@ -20850,9 +17836,6 @@ catalog: - id: ia-5.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Maintain a list of commonly-used, expected, or compromised\ @@ -20862,9 +17845,6 @@ catalog: - id: ia-5.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Verify, when users create or update passwords, that the @@ -20873,9 +17853,6 @@ catalog: - id: ia-5.1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: Transmit passwords only over cryptographically-protected @@ -20883,9 +17860,6 @@ catalog: - id: ia-5.1_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (d) prose: Store passwords using an approved salted key derivation @@ -20893,9 +17867,6 @@ catalog: - id: ia-5.1_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (e) prose: Require immediate selection of a new password upon account @@ -20903,9 +17874,6 @@ catalog: - id: ia-5.1_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (f) prose: Allow user selection of long passwords and passphrases, @@ -20913,9 +17881,6 @@ catalog: - id: ia-5.1_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (g) prose: Employ automated tools to assist the user in selecting @@ -20923,9 +17888,6 @@ catalog: - id: ia-5.1_smt.h name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (h) prose: "Enforce the following composition and complexity rules:\ @@ -20950,7 +17912,7 @@ catalog: - name: label value: "(h) Requirement:" prose: >- - For cases where technology doesn't allow + For cases where technology doesn’t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII @@ -20997,17 +17959,6 @@ catalog: - id: ia-5.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(a) class: sp800-53a @@ -21022,17 +17973,6 @@ catalog: - id: ia-5.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(b) class: sp800-53a @@ -21046,13 +17986,6 @@ catalog: - id: ia-5.1_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(c) class: sp800-53a @@ -21064,13 +17997,6 @@ catalog: - id: ia-5.1_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(d) class: sp800-53a @@ -21083,13 +18009,6 @@ catalog: - id: ia-5.1_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(e) class: sp800-53a @@ -21101,13 +18020,6 @@ catalog: - id: ia-5.1_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(f) class: sp800-53a @@ -21120,13 +18032,6 @@ catalog: - id: ia-5.1_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(g) class: sp800-53a @@ -21138,17 +18043,6 @@ catalog: - id: ia-5.1_obj.h name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(h) class: sp800-53a @@ -21234,6 +18128,9 @@ catalog: class: SP800-53 title: Authentication Feedback props: + - name: label + value: IA-06 + class: zero-padded - name: label value: IA-6 - name: label @@ -21250,10 +18147,6 @@ catalog: parts: - id: ia-6_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals. @@ -21274,13 +18167,6 @@ catalog: - id: ia-6_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-06 class: sp800-53a @@ -21352,6 +18238,9 @@ catalog: class: SP800-53 title: Cryptographic Module Authentication props: + - name: label + value: IA-07 + class: zero-padded - name: label value: IA-7 - name: label @@ -21378,10 +18267,6 @@ catalog: parts: - id: ia-7_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication. @@ -21394,21 +18279,6 @@ catalog: - id: ia-7_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-07 class: sp800-53a @@ -21483,6 +18353,9 @@ catalog: class: SP800-53 title: Identification and Authentication (Non-organizational Users) props: + - name: label + value: IA-08 + class: zero-padded - name: label value: IA-8 - name: label @@ -21543,10 +18416,6 @@ catalog: parts: - id: ia-8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users. - id: ia-8_gdn @@ -21565,13 +18434,6 @@ catalog: - id: ia-8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-08 class: sp800-53a @@ -21651,6 +18513,9 @@ catalog: class: SP800-53-enhancement title: Acceptance of PIV Credentials from Other Agencies props: + - name: label + value: IA-08(01) + class: zero-padded - name: label value: IA-8(1) - name: label @@ -21669,10 +18534,6 @@ catalog: parts: - id: ia-8.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Accept and electronically verify Personal Identity Verification-compliant credentials from other federal agencies. - id: ia-8.1_gdn @@ -21686,13 +18547,6 @@ catalog: - id: ia-8.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-08(01) class: sp800-53a @@ -21809,6 +18663,9 @@ catalog: class: SP800-53-enhancement title: Acceptance of External Authenticators props: + - name: label + value: IA-08(02) + class: zero-padded - name: label value: IA-8(2) - name: label @@ -21829,9 +18686,6 @@ catalog: - id: ia-8.2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Accept only external authenticators that are NIST-compliant; @@ -21839,9 +18693,6 @@ catalog: - id: ia-8.2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Document and maintain a list of accepted external authenticators. @@ -21867,13 +18718,6 @@ catalog: - id: ia-8.2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-08(02)(a) class: sp800-53a @@ -21885,17 +18729,6 @@ catalog: - id: ia-8.2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-08(02)(b) class: sp800-53a @@ -22022,6 +18855,9 @@ catalog: guidelines: - prose: identity management profiles are defined; props: + - name: label + value: IA-08(04) + class: zero-padded - name: label value: IA-8(4) - name: label @@ -22038,10 +18874,6 @@ catalog: parts: - id: ia-8.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Conform to the following profiles for identity management\ \ {{ insert: param, ia-08.04_odp }}." - id: ia-8.4_gdn @@ -22056,21 +18888,6 @@ catalog: - id: ia-8.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-08(04) class: sp800-53a @@ -22161,6 +18978,9 @@ catalog: - prose: circumstances or situations requiring re-authentication are defined; props: + - name: label + value: IA-11 + class: zero-padded - name: label value: IA-11 - name: label @@ -22190,10 +19010,6 @@ catalog: parts: - id: ia-11_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Require users to re-authenticate when {{ insert: param, ia-11_odp\ \ }}." parts: @@ -22224,21 +19040,6 @@ catalog: - id: ia-11_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-11 class: sp800-53a @@ -22380,6 +19181,9 @@ catalog: - prose: events that would require the incident response procedures to be reviewed and updated are defined; props: + - name: label + value: IR-01 + class: zero-padded - name: label value: IR-1 - name: label @@ -22423,11 +19227,6 @@ catalog: - id: ir-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -22467,9 +19266,6 @@ catalog: - id: ir-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ir-01_odp.04 }} to manage\ @@ -22478,11 +19274,6 @@ catalog: - id: ir-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current incident response:" @@ -22542,17 +19333,6 @@ catalog: - id: ir-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-01a.[01] class: sp800-53a @@ -22563,17 +19343,6 @@ catalog: - id: ir-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-01a.[02] class: sp800-53a @@ -22585,13 +19354,6 @@ catalog: - id: ir-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-01a.[03] class: sp800-53a @@ -22604,13 +19366,6 @@ catalog: - id: ir-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-01a.[04] class: sp800-53a @@ -22629,13 +19384,6 @@ catalog: - id: ir-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-01a.01(a) class: sp800-53a @@ -22724,13 +19472,6 @@ catalog: - id: ir-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-01a.01(b) class: sp800-53a @@ -22750,17 +19491,6 @@ catalog: - id: ir-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-01b. class: sp800-53a @@ -22780,17 +19510,6 @@ catalog: - id: ir-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-01c.01 class: sp800-53a @@ -22824,17 +19543,6 @@ catalog: - id: ir-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-01c.02 class: sp800-53a @@ -22941,6 +19649,9 @@ catalog: - prose: events that initiate a review of the incident response training content are defined; props: + - name: label + value: IR-02 + class: zero-padded - name: label value: IR-2 - name: label @@ -22982,9 +19693,6 @@ catalog: - id: ir-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Provide incident response training to system users consistent\ @@ -23013,9 +19721,6 @@ catalog: - id: ir-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update incident response training content {{\ @@ -23056,17 +19761,6 @@ catalog: - id: ir-2_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-02a.01 class: sp800-53a @@ -23080,17 +19774,6 @@ catalog: - id: ir-2_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-02a.02 class: sp800-53a @@ -23103,17 +19786,6 @@ catalog: - id: ir-2_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-02a.03 class: sp800-53a @@ -23136,17 +19808,6 @@ catalog: - id: ir-2_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-02b.[01] class: sp800-53a @@ -23158,17 +19819,6 @@ catalog: - id: ir-2_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-02b.[02] class: sp800-53a @@ -23236,9 +19886,9 @@ catalog: class: SP800-53 title: Incident Handling props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IR-04 + class: zero-padded - name: label value: IR-4 - name: label @@ -23319,9 +19969,6 @@ catalog: - id: ir-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Implement an incident handling capability for incidents that @@ -23330,9 +19977,6 @@ catalog: - id: ir-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Coordinate incident handling activities with contingency @@ -23340,9 +19984,6 @@ catalog: - id: ir-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Incorporate lessons learned from ongoing incident handling @@ -23351,9 +19992,6 @@ catalog: - id: ir-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Ensure the rigor, intensity, scope, and results of incident @@ -23425,17 +20063,6 @@ catalog: - id: ir-4_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04a.[01] class: sp800-53a @@ -23447,17 +20074,6 @@ catalog: - id: ir-4_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04a.[02] class: sp800-53a @@ -23516,17 +20132,6 @@ catalog: - id: ir-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04b. class: sp800-53a @@ -23545,17 +20150,6 @@ catalog: - id: ir-4_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04c.[01] class: sp800-53a @@ -23568,17 +20162,6 @@ catalog: - id: ir-4_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04c.[02] class: sp800-53a @@ -23593,17 +20176,6 @@ catalog: - id: ir-4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04d. class: sp800-53a @@ -23722,6 +20294,9 @@ catalog: class: SP800-53 title: Incident Monitoring props: + - name: label + value: IR-05 + class: zero-padded - name: label value: IR-5 - name: label @@ -23765,10 +20340,6 @@ catalog: parts: - id: ir-5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Track and document incidents. - id: ir-5_gdn name: guidance @@ -23784,17 +20355,6 @@ catalog: - id: ir-5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-05 class: sp800-53a @@ -23900,6 +20460,9 @@ catalog: - prose: authorities to whom incident information is to be reported are defined; props: + - name: label + value: IR-06 + class: zero-padded - name: label value: IR-6 - name: label @@ -23938,9 +20501,6 @@ catalog: - id: ir-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Require personnel to report suspected incidents to the organizational\ @@ -23949,9 +20509,6 @@ catalog: - id: ir-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Report incident information to {{ insert: param, ir-06_odp.02\ @@ -23985,17 +20542,6 @@ catalog: - id: ir-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-06a. class: sp800-53a @@ -24008,17 +20554,6 @@ catalog: - id: ir-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-06b. class: sp800-53a @@ -24102,6 +20637,9 @@ catalog: class: SP800-53 title: Incident Response Assistance props: + - name: label + value: IR-07 + class: zero-padded - name: label value: IR-7 - name: label @@ -24138,10 +20676,6 @@ catalog: parts: - id: ir-7_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Provide an incident response support resource, integral to the organizational incident response capability, that offers advice and assistance to users of the system for the handling and reporting of @@ -24162,17 +20696,6 @@ catalog: - id: ir-7_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-07[01] class: sp800-53a @@ -24184,17 +20707,6 @@ catalog: - id: ir-7_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-07[02] class: sp800-53a @@ -24319,6 +20831,9 @@ catalog: - prose: organizational elements to which changes to the incident response plan are communicated are defined; props: + - name: label + value: IR-08 + class: zero-padded - name: label value: IR-8 - name: label @@ -24365,9 +20880,6 @@ catalog: - id: ir-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Develop an incident response plan that:" @@ -24443,9 +20955,6 @@ catalog: - id: ir-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Distribute copies of the incident response plan to {{ insert:\ @@ -24453,9 +20962,6 @@ catalog: - id: ir-8_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Update the incident response plan to address system and organizational @@ -24464,9 +20970,6 @@ catalog: - id: ir-8_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Communicate incident response plan changes to {{ insert:\ @@ -24474,9 +20977,6 @@ catalog: - id: ir-8_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Protect the incident response plan from unauthorized disclosure @@ -24532,13 +21032,6 @@ catalog: - id: ir-8_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.01 class: sp800-53a @@ -24551,13 +21044,6 @@ catalog: - id: ir-8_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.02 class: sp800-53a @@ -24569,13 +21055,6 @@ catalog: - id: ir-8_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.03 class: sp800-53a @@ -24588,13 +21067,6 @@ catalog: - id: ir-8_obj.a.4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.04 class: sp800-53a @@ -24607,13 +21079,6 @@ catalog: - id: ir-8_obj.a.5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.05 class: sp800-53a @@ -24625,13 +21090,6 @@ catalog: - id: ir-8_obj.a.6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.06 class: sp800-53a @@ -24644,13 +21102,6 @@ catalog: - id: ir-8_obj.a.7 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.07 class: sp800-53a @@ -24663,13 +21114,6 @@ catalog: - id: ir-8_obj.a.8 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.08 class: sp800-53a @@ -24681,13 +21125,6 @@ catalog: - id: ir-8_obj.a.9 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.09 class: sp800-53a @@ -24700,13 +21137,6 @@ catalog: - id: ir-8_obj.a.10 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.10 class: sp800-53a @@ -24722,13 +21152,6 @@ catalog: - id: ir-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-08b. class: sp800-53a @@ -24761,17 +21184,6 @@ catalog: - id: ir-8_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-08c. class: sp800-53a @@ -24784,17 +21196,6 @@ catalog: - id: ir-8_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-08d. class: sp800-53a @@ -24827,13 +21228,6 @@ catalog: - id: ir-8_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-08e. class: sp800-53a @@ -24981,6 +21375,9 @@ catalog: - prose: events that would require the maintenance procedures to be reviewed and updated are defined; props: + - name: label + value: MA-01 + class: zero-padded - name: label value: MA-1 - name: label @@ -25018,11 +21415,6 @@ catalog: - id: ma-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -25062,9 +21454,6 @@ catalog: - id: ma-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ma-01_odp.04 }} to manage\ @@ -25073,11 +21462,6 @@ catalog: - id: ma-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current maintenance:" @@ -25137,17 +21521,6 @@ catalog: - id: ma-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-01a.[01] class: sp800-53a @@ -25158,17 +21531,6 @@ catalog: - id: ma-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-01a.[02] class: sp800-53a @@ -25180,13 +21542,6 @@ catalog: - id: ma-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MA-01a.[03] class: sp800-53a @@ -25199,13 +21554,6 @@ catalog: - id: ma-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MA-01a.[04] class: sp800-53a @@ -25224,13 +21572,6 @@ catalog: - id: ma-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MA-01a.01(a) class: sp800-53a @@ -25319,13 +21660,6 @@ catalog: - id: ma-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MA-01a.01(b) class: sp800-53a @@ -25345,17 +21679,6 @@ catalog: - id: ma-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-01b. class: sp800-53a @@ -25375,17 +21698,6 @@ catalog: - id: ma-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-01c.01 class: sp800-53a @@ -25418,17 +21730,6 @@ catalog: - id: ma-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-01c.02 class: sp800-53a @@ -25525,6 +21826,9 @@ catalog: - prose: information to be included in organizational maintenance records is defined; props: + - name: label + value: MA-02 + class: zero-padded - name: label value: MA-2 - name: label @@ -25571,9 +21875,6 @@ catalog: - id: ma-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Schedule, document, and review records of maintenance, repair, @@ -25582,9 +21883,6 @@ catalog: - id: ma-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Approve and monitor all maintenance activities, whether performed @@ -25593,9 +21891,6 @@ catalog: - id: ma-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Require that {{ insert: param, ma-02_odp.01 }} explicitly\ @@ -25605,9 +21900,6 @@ catalog: - id: ma-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Sanitize equipment to remove the following information from\ @@ -25617,9 +21909,6 @@ catalog: - id: ma-2_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Check all potentially impacted controls to verify that the @@ -25628,9 +21917,6 @@ catalog: - id: ma-2_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Include the following information in organizational maintenance\ @@ -25657,21 +21943,6 @@ catalog: - id: ma-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-02a. class: sp800-53a @@ -25718,17 +21989,6 @@ catalog: - id: ma-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-02b. class: sp800-53a @@ -25763,17 +22023,6 @@ catalog: - id: ma-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-02c. class: sp800-53a @@ -25787,17 +22036,6 @@ catalog: - id: ma-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-02d. class: sp800-53a @@ -25810,13 +22048,6 @@ catalog: - id: ma-2_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-02e. class: sp800-53a @@ -25829,13 +22060,6 @@ catalog: - id: ma-2_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-02f. class: sp800-53a @@ -25925,6 +22149,9 @@ catalog: class: SP800-53 title: Nonlocal Maintenance props: + - name: label + value: MA-04 + class: zero-padded - name: label value: MA-4 - name: label @@ -25983,18 +22210,12 @@ catalog: - id: ma-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Approve and monitor nonlocal maintenance and diagnostic activities; - id: ma-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Allow the use of nonlocal maintenance and diagnostic tools @@ -26003,9 +22224,6 @@ catalog: - id: ma-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Employ strong authentication in the establishment of nonlocal @@ -26013,9 +22231,6 @@ catalog: - id: ma-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Maintain records for nonlocal maintenance and diagnostic @@ -26023,9 +22238,6 @@ catalog: - id: ma-4_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Terminate session and network connections when nonlocal maintenance @@ -26055,17 +22267,6 @@ catalog: - id: ma-4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-04a. class: sp800-53a @@ -26103,17 +22304,6 @@ catalog: - id: ma-4_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-04b.[01] class: sp800-53a @@ -26125,13 +22315,6 @@ catalog: - id: ma-4_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MA-04b.[02] class: sp800-53a @@ -26146,21 +22329,6 @@ catalog: - id: ma-4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-04c. class: sp800-53a @@ -26172,13 +22340,6 @@ catalog: - id: ma-4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-04d. class: sp800-53a @@ -26190,13 +22351,6 @@ catalog: - id: ma-4_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-04e. class: sp800-53a @@ -26311,6 +22465,9 @@ catalog: class: SP800-53 title: Maintenance Personnel props: + - name: label + value: MA-05 + class: zero-padded - name: label value: MA-5 - name: label @@ -26353,9 +22510,6 @@ catalog: - id: ma-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish a process for maintenance personnel authorization @@ -26364,9 +22518,6 @@ catalog: - id: ma-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Verify that non-escorted personnel performing maintenance @@ -26374,9 +22525,6 @@ catalog: - id: ma-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Designate organizational personnel with required access authorizations @@ -26408,13 +22556,6 @@ catalog: - id: ma-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MA-05a. class: sp800-53a @@ -26447,21 +22588,6 @@ catalog: - id: ma-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-05b. class: sp800-53a @@ -26473,21 +22599,6 @@ catalog: - id: ma-5_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-05c. class: sp800-53a @@ -26624,6 +22735,9 @@ catalog: - prose: events that would require media protection procedures to be reviewed and updated are defined; props: + - name: label + value: MP-01 + class: zero-padded - name: label value: MP-1 - name: label @@ -26661,11 +22775,6 @@ catalog: - id: mp-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -26705,9 +22814,6 @@ catalog: - id: mp-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, mp-01_odp.04 }} to manage\ @@ -26716,11 +22822,6 @@ catalog: - id: mp-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current media protection:" @@ -26780,17 +22881,6 @@ catalog: - id: mp-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MP-01a.[01] class: sp800-53a @@ -26801,17 +22891,6 @@ catalog: - id: mp-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MP-01a.[02] class: sp800-53a @@ -26823,13 +22902,6 @@ catalog: - id: mp-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MP-01a.[03] class: sp800-53a @@ -26842,13 +22914,6 @@ catalog: - id: mp-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MP-01a.[04] class: sp800-53a @@ -26867,13 +22932,6 @@ catalog: - id: mp-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MP-01a.01(a) class: sp800-53a @@ -26962,13 +23020,6 @@ catalog: - id: mp-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MP-01a.01(b) class: sp800-53a @@ -26987,17 +23038,6 @@ catalog: - id: mp-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MP-01b. class: sp800-53a @@ -27017,17 +23057,6 @@ catalog: - id: mp-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MP-01c.01 class: sp800-53a @@ -27061,17 +23090,6 @@ catalog: - id: mp-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MP-01c.02 class: sp800-53a @@ -27176,6 +23194,9 @@ catalog: - prose: personnel or roles authorized to access non-digital media is/are defined; props: + - name: label + value: MP-02 + class: zero-padded - name: label value: MP-2 - name: label @@ -27224,10 +23245,6 @@ catalog: parts: - id: mp-2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Restrict access to {{ insert: param, mp-2_prm_1 }} to {{ insert:\ \ param, mp-2_prm_2 }}." - id: mp-2_gdn @@ -27253,21 +23270,6 @@ catalog: - id: mp-2_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-02[01] class: sp800-53a @@ -27279,21 +23281,6 @@ catalog: - id: mp-2_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-02[02] class: sp800-53a @@ -27409,6 +23396,9 @@ catalog: - prose: sanitization techniques and procedures to be used for sanitization prior to release for reuse are defined; props: + - name: label + value: MP-06 + class: zero-padded - name: label value: MP-6 - name: label @@ -27471,9 +23461,6 @@ catalog: - id: mp-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Sanitize {{ insert: param, mp-6_prm_1 }} prior to disposal,\ @@ -27482,9 +23469,6 @@ catalog: - id: mp-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Employ sanitization mechanisms with the strength and integrity @@ -27527,21 +23511,6 @@ catalog: - id: mp-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-06a. class: sp800-53a @@ -27586,21 +23555,6 @@ catalog: - id: mp-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-06b. class: sp800-53a @@ -27725,6 +23679,9 @@ catalog: - prose: controls to restrict or prohibit the use of specific types of system media on systems or system components are defined; props: + - name: label + value: MP-07 + class: zero-padded - name: label value: MP-7 - name: label @@ -27759,9 +23716,6 @@ catalog: - id: mp-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: " {{ insert: param, mp-07_odp.02 }} the use of {{ insert:\ @@ -27770,9 +23724,6 @@ catalog: - id: mp-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Prohibit the use of portable storage devices in organizational @@ -27812,21 +23763,6 @@ catalog: - id: mp-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-07a. class: sp800-53a @@ -27839,21 +23775,6 @@ catalog: - id: mp-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-07b. class: sp800-53a @@ -27990,6 +23911,9 @@ catalog: - prose: events that would require the physical and environmental protection procedures to be reviewed and updated are defined; props: + - name: label + value: PE-01 + class: zero-padded - name: label value: PE-1 - name: label @@ -28027,11 +23951,6 @@ catalog: - id: pe-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -28072,9 +23991,6 @@ catalog: - id: pe-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, pe-01_odp.04 }} to manage\ @@ -28083,11 +23999,6 @@ catalog: - id: pe-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current physical and environmental\ @@ -28149,17 +24060,6 @@ catalog: - id: pe-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-01a.[01] class: sp800-53a @@ -28171,17 +24071,6 @@ catalog: - id: pe-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-01a.[02] class: sp800-53a @@ -28193,13 +24082,6 @@ catalog: - id: pe-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PE-01a.[03] class: sp800-53a @@ -28213,13 +24095,6 @@ catalog: - id: pe-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PE-01a.[04] class: sp800-53a @@ -28238,13 +24113,6 @@ catalog: - id: pe-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PE-01a.01(a) class: sp800-53a @@ -28334,13 +24202,6 @@ catalog: - id: pe-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PE-01a.01(b) class: sp800-53a @@ -28360,17 +24221,6 @@ catalog: - id: pe-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-01b. class: sp800-53a @@ -28390,17 +24240,6 @@ catalog: - id: pe-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-01c.01 class: sp800-53a @@ -28435,17 +24274,6 @@ catalog: - id: pe-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-01c.02 class: sp800-53a @@ -28534,6 +24362,9 @@ catalog: - prose: frequency at which to review the access list detailing authorized facility access by individuals is defined; props: + - name: label + value: PE-02 + class: zero-padded - name: label value: PE-2 - name: label @@ -28588,9 +24419,6 @@ catalog: - id: pe-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Develop, approve, and maintain a list of individuals with @@ -28598,18 +24426,12 @@ catalog: - id: pe-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Issue authorization credentials for facility access; - id: pe-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Review the access list detailing authorized facility access\ @@ -28617,9 +24439,6 @@ catalog: - id: pe-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Remove individuals from the facility access list when access @@ -28645,17 +24464,6 @@ catalog: - id: pe-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-02a. class: sp800-53a @@ -28699,13 +24507,6 @@ catalog: - id: pe-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-02b. class: sp800-53a @@ -28716,13 +24517,6 @@ catalog: - id: pe-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-02c. class: sp800-53a @@ -28734,13 +24528,6 @@ catalog: - id: pe-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-02d. class: sp800-53a @@ -28887,9 +24674,9 @@ catalog: guidelines: - prose: frequency at which to change keys is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: PE-03 + class: zero-padded - name: label value: PE-3 - name: label @@ -28964,9 +24751,6 @@ catalog: - id: pe-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Enforce physical access authorizations at {{ insert: param,\ @@ -28989,9 +24773,6 @@ catalog: - id: pe-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Maintain physical access audit logs for {{ insert: param,\ @@ -28999,9 +24780,6 @@ catalog: - id: pe-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Control access to areas within the facility designated as\ @@ -29010,9 +24788,6 @@ catalog: - id: pe-3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Escort visitors and control visitor activity {{ insert:\ @@ -29020,18 +24795,12 @@ catalog: - id: pe-3_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Secure keys, combinations, and other physical access devices; - id: pe-3_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Inventory {{ insert: param, pe-03_odp.07 }} every {{ insert:\ @@ -29039,9 +24808,6 @@ catalog: - id: pe-3_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: "Change combinations and keys {{ insert: param, pe-3_prm_9\ @@ -29084,13 +24850,6 @@ catalog: - id: pe-3_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03a.01 class: sp800-53a @@ -29103,17 +24862,6 @@ catalog: - id: pe-3_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03a.02 class: sp800-53a @@ -29129,17 +24877,6 @@ catalog: - id: pe-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-03b. class: sp800-53a @@ -29151,13 +24888,6 @@ catalog: - id: pe-3_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03c. class: sp800-53a @@ -29177,13 +24907,6 @@ catalog: - id: pe-3_obj.d-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03d.[01] class: sp800-53a @@ -29194,17 +24917,6 @@ catalog: - id: pe-3_obj.d-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03d.[02] class: sp800-53a @@ -29226,13 +24938,6 @@ catalog: - id: pe-3_obj.e-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03e.[01] class: sp800-53a @@ -29243,13 +24948,6 @@ catalog: - id: pe-3_obj.e-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03e.[02] class: sp800-53a @@ -29260,13 +24958,6 @@ catalog: - id: pe-3_obj.e-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03e.[03] class: sp800-53a @@ -29280,17 +24971,6 @@ catalog: - id: pe-3_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-03f. class: sp800-53a @@ -29309,13 +24989,6 @@ catalog: - id: pe-3_obj.g-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03g.[01] class: sp800-53a @@ -29328,13 +25001,6 @@ catalog: - id: pe-3_obj.g-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03g.[02] class: sp800-53a @@ -29447,6 +25113,9 @@ catalog: - prose: events or potential indication of events requiring physical access logs to be reviewed are defined; props: + - name: label + value: PE-06 + class: zero-padded - name: label value: PE-6 - name: label @@ -29484,9 +25153,6 @@ catalog: - id: pe-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Monitor physical access to the facility where the system @@ -29494,9 +25160,6 @@ catalog: - id: pe-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review physical access logs {{ insert: param, pe-06_odp.01\ @@ -29505,9 +25168,6 @@ catalog: - id: pe-6_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Coordinate results of reviews and investigations with the @@ -29537,17 +25197,6 @@ catalog: - id: pe-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-06a. class: sp800-53a @@ -29566,13 +25215,6 @@ catalog: - id: pe-6_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-06b.[01] class: sp800-53a @@ -29584,13 +25226,6 @@ catalog: - id: pe-6_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-06b.[02] class: sp800-53a @@ -29612,17 +25247,6 @@ catalog: - id: pe-6_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-06c.[01] class: sp800-53a @@ -29634,17 +25258,6 @@ catalog: - id: pe-6_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-06c.[02] class: sp800-53a @@ -29748,6 +25361,9 @@ catalog: - prose: personnel to whom visitor access records anomalies are reported to is/are defined; props: + - name: label + value: PE-08 + class: zero-padded - name: label value: PE-8 - name: label @@ -29775,9 +25391,6 @@ catalog: - id: pe-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Maintain visitor access records to the facility where the\ @@ -29785,9 +25398,6 @@ catalog: - id: pe-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review visitor access records {{ insert: param, pe-08_odp.02\ @@ -29795,9 +25405,6 @@ catalog: - id: pe-8_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Report anomalies in visitor access records to {{ insert:\ @@ -29821,17 +25428,6 @@ catalog: - id: pe-8_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-08a. class: sp800-53a @@ -29843,13 +25439,6 @@ catalog: - id: pe-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-08b. class: sp800-53a @@ -29861,17 +25450,6 @@ catalog: - id: pe-8_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-08c. class: sp800-53a @@ -29952,6 +25530,9 @@ catalog: class: SP800-53 title: Emergency Lighting props: + - name: label + value: PE-12 + class: zero-padded - name: label value: PE-12 - name: label @@ -29970,10 +25551,6 @@ catalog: parts: - id: pe-12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ and maintain automatic emergency lighting for the system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility. @@ -29996,13 +25573,6 @@ catalog: - id: pe-12_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-12[01] class: sp800-53a @@ -30014,13 +25584,6 @@ catalog: - id: pe-12_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-12[02] class: sp800-53a @@ -30032,13 +25595,6 @@ catalog: - id: pe-12_obj-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-12[03] class: sp800-53a @@ -30050,13 +25606,6 @@ catalog: - id: pe-12_obj-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-12[04] class: sp800-53a @@ -30127,6 +25676,9 @@ catalog: class: SP800-53 title: Fire Protection props: + - name: label + value: PE-13 + class: zero-padded - name: label value: PE-13 - name: label @@ -30143,10 +25695,6 @@ catalog: parts: - id: pe-13_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ and maintain fire detection and suppression systems that are supported by an independent energy source. - id: pe-13_gdn @@ -30169,17 +25717,6 @@ catalog: - id: pe-13_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13[01] class: sp800-53a @@ -30190,17 +25727,6 @@ catalog: - id: pe-13_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13[02] class: sp800-53a @@ -30212,17 +25738,6 @@ catalog: - id: pe-13_obj-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13[03] class: sp800-53a @@ -30233,17 +25748,6 @@ catalog: - id: pe-13_obj-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13[04] class: sp800-53a @@ -30254,17 +25758,6 @@ catalog: - id: pe-13_obj-5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13[05] class: sp800-53a @@ -30276,17 +25769,6 @@ catalog: - id: pe-13_obj-6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13[06] class: sp800-53a @@ -30393,6 +25875,9 @@ catalog: - prose: frequency at which to monitor environmental control levels is defined; props: + - name: label + value: PE-14 + class: zero-padded - name: label value: PE-14 - name: label @@ -30415,9 +25900,6 @@ catalog: - id: pe-14_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Maintain {{ insert: param, pe-14_odp.01 }} levels within\ @@ -30426,9 +25908,6 @@ catalog: - id: pe-14_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Monitor environmental control levels {{ insert: param, pe-14_odp.04\ @@ -30463,17 +25942,6 @@ catalog: - id: pe-14_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-14a. class: sp800-53a @@ -30486,17 +25954,6 @@ catalog: - id: pe-14_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-14b. class: sp800-53a @@ -30569,6 +26026,9 @@ catalog: class: SP800-53 title: Water Damage Protection props: + - name: label + value: PE-15 + class: zero-padded - name: label value: PE-15 - name: label @@ -30587,10 +26047,6 @@ catalog: parts: - id: pe-15_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. @@ -30612,17 +26068,6 @@ catalog: - id: pe-15_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-15[01] class: sp800-53a @@ -30634,17 +26079,6 @@ catalog: - id: pe-15_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-15[02] class: sp800-53a @@ -30655,17 +26089,6 @@ catalog: - id: pe-15_obj-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-15[03] class: sp800-53a @@ -30676,17 +26099,6 @@ catalog: - id: pe-15_obj-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-15[04] class: sp800-53a @@ -30783,6 +26195,9 @@ catalog: - prose: types of system components to be authorized and controlled when exiting the facility are defined; props: + - name: label + value: PE-16 + class: zero-padded - name: label value: PE-16 - name: label @@ -30821,9 +26236,6 @@ catalog: - id: pe-16_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Authorize and control {{ insert: param, pe-16_prm_1 }} entering\ @@ -30831,9 +26243,6 @@ catalog: - id: pe-16_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Maintain records of the system components. @@ -30859,17 +26268,6 @@ catalog: - id: pe-16_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-16a.[01] class: sp800-53a @@ -30881,17 +26279,6 @@ catalog: - id: pe-16_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-16a.[02] class: sp800-53a @@ -30903,17 +26290,6 @@ catalog: - id: pe-16_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-16a.[03] class: sp800-53a @@ -30925,17 +26301,6 @@ catalog: - id: pe-16_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-16a.[04] class: sp800-53a @@ -30950,17 +26315,6 @@ catalog: - id: pe-16_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-16b. class: sp800-53a @@ -31097,6 +26451,9 @@ catalog: - prose: events that would require procedures to be reviewed and updated are defined; props: + - name: label + value: PL-01 + class: zero-padded - name: label value: PL-1 - name: label @@ -31136,11 +26493,6 @@ catalog: - id: pl-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -31179,9 +26531,6 @@ catalog: - id: pl-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, pl-01_odp.04 }} to manage\ @@ -31190,11 +26539,6 @@ catalog: - id: pl-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current planning:" @@ -31253,17 +26597,6 @@ catalog: - id: pl-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-01a.[01] class: sp800-53a @@ -31274,17 +26607,6 @@ catalog: - id: pl-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-01a.[02] class: sp800-53a @@ -31296,13 +26618,6 @@ catalog: - id: pl-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-01a.[03] class: sp800-53a @@ -31315,13 +26630,6 @@ catalog: - id: pl-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-01a.[04] class: sp800-53a @@ -31340,13 +26648,6 @@ catalog: - id: pl-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-01a.01(a) class: sp800-53a @@ -31435,13 +26736,6 @@ catalog: - id: pl-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-01a.01(b) class: sp800-53a @@ -31460,17 +26754,6 @@ catalog: - id: pl-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-01b. class: sp800-53a @@ -31490,17 +26773,6 @@ catalog: - id: pl-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-01c.01 class: sp800-53a @@ -31533,17 +26805,6 @@ catalog: - id: pl-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-01c.02 class: sp800-53a @@ -31638,6 +26899,9 @@ catalog: - prose: frequency to review system security and privacy plans is defined; props: + - name: label + value: PL-02 + class: zero-padded - name: label value: PL-2 - name: label @@ -31743,9 +27007,6 @@ catalog: - id: pl-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Develop security and privacy plans for the system that:" @@ -31859,9 +27120,6 @@ catalog: - id: pl-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Distribute copies of the plans and communicate subsequent\ @@ -31869,18 +27127,12 @@ catalog: - id: pl-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Review the plans {{ insert: param, pl-02_odp.03 }};" - id: pl-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Update the plans to address changes to the system and environment @@ -31889,9 +27141,6 @@ catalog: - id: pl-2_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Protect the plans from unauthorized disclosure and modification. @@ -31986,39 +27235,6 @@ catalog: - id: pl-2_obj.a.1-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.01[01] class: sp800-53a @@ -32030,39 +27246,6 @@ catalog: - id: pl-2_obj.a.1-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.01[02] class: sp800-53a @@ -32150,13 +27333,6 @@ catalog: - id: pl-2_obj.a.4-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.04[01] class: sp800-53a @@ -32169,13 +27345,6 @@ catalog: - id: pl-2_obj.a.4-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.04[02] class: sp800-53a @@ -32190,13 +27359,6 @@ catalog: - id: pl-2_obj.a.5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.05 class: sp800-53a @@ -32231,13 +27393,6 @@ catalog: - id: pl-2_obj.a.6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.06 class: sp800-53a @@ -32272,13 +27427,6 @@ catalog: - id: pl-2_obj.a.7 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.07 class: sp800-53a @@ -32313,13 +27461,6 @@ catalog: - id: pl-2_obj.a.8 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.08 class: sp800-53a @@ -32354,17 +27495,6 @@ catalog: - id: pl-2_obj.a.9 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.09 class: sp800-53a @@ -32407,13 +27537,6 @@ catalog: - id: pl-2_obj.a.10-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.10[01] class: sp800-53a @@ -32426,13 +27549,6 @@ catalog: - id: pl-2_obj.a.10-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.10[02] class: sp800-53a @@ -32447,13 +27563,6 @@ catalog: - id: pl-2_obj.a.11 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.11 class: sp800-53a @@ -32494,13 +27603,6 @@ catalog: - id: pl-2_obj.a.12-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.12[01] class: sp800-53a @@ -32514,13 +27616,6 @@ catalog: - id: pl-2_obj.a.12-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.12[02] class: sp800-53a @@ -32543,17 +27638,6 @@ catalog: - id: pl-2_obj.a.13-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.13[01] class: sp800-53a @@ -32566,17 +27650,6 @@ catalog: - id: pl-2_obj.a.13-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.13[02] class: sp800-53a @@ -32599,17 +27672,6 @@ catalog: - id: pl-2_obj.a.14-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-02a.14[01] class: sp800-53a @@ -32623,17 +27685,6 @@ catalog: - id: pl-2_obj.a.14-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-02a.14[02] class: sp800-53a @@ -32657,17 +27708,6 @@ catalog: - id: pl-2_obj.a.15-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.15[01] class: sp800-53a @@ -32680,17 +27720,6 @@ catalog: - id: pl-2_obj.a.15-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.15[02] class: sp800-53a @@ -32709,17 +27738,6 @@ catalog: - id: pl-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-02b. class: sp800-53a @@ -32752,17 +27770,6 @@ catalog: - id: pl-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-02c. class: sp800-53a @@ -32773,17 +27780,6 @@ catalog: - id: pl-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-02d. class: sp800-53a @@ -32827,17 +27823,6 @@ catalog: - id: pl-2_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-02e. class: sp800-53a @@ -32979,6 +27964,9 @@ catalog: - prose: frequency for individuals to read and re-acknowledge the rules of behavior is defined (if selected); props: + - name: label + value: PL-04 + class: zero-padded - name: label value: PL-4 - name: label @@ -33042,9 +28030,6 @@ catalog: - id: pl-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish and provide to individuals requiring access to @@ -33054,9 +28039,6 @@ catalog: - id: pl-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Receive a documented acknowledgment from such individuals, @@ -33066,9 +28048,6 @@ catalog: - id: pl-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Review and update the rules of behavior {{ insert: param,\ @@ -33076,9 +28055,6 @@ catalog: - id: pl-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Require individuals who have acknowledged a previous version\ @@ -33115,17 +28091,6 @@ catalog: - id: pl-4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-04a. class: sp800-53a @@ -33160,17 +28125,6 @@ catalog: - id: pl-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-04b. class: sp800-53a @@ -33184,17 +28138,6 @@ catalog: - id: pl-4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-04c. class: sp800-53a @@ -33206,17 +28149,6 @@ catalog: - id: pl-4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-04d. class: sp800-53a @@ -33301,6 +28233,9 @@ catalog: class: SP800-53-enhancement title: Social Media and External Site/Application Usage Restrictions props: + - name: label + value: PL-04(01) + class: zero-padded - name: label value: PL-4(1) - name: label @@ -33329,9 +28264,6 @@ catalog: - id: pl-4.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Use of social media, social networking sites, and external @@ -33339,9 +28271,6 @@ catalog: - id: pl-4.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Posting organizational information on public websites; @@ -33349,9 +28278,6 @@ catalog: - id: pl-4.1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: Use of organization-provided identifiers (e.g., email @@ -33381,17 +28307,6 @@ catalog: - id: pl-4.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-04(01)(a) class: sp800-53a @@ -33403,17 +28318,6 @@ catalog: - id: pl-4.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-04(01)(b) class: sp800-53a @@ -33425,17 +28329,6 @@ catalog: - id: pl-4.1_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-04(01)(c) class: sp800-53a @@ -33526,6 +28419,9 @@ catalog: - prose: frequency for review and update to reflect changes in the enterprise architecture; props: + - name: label + value: PL-08 + class: zero-padded - name: label value: PL-8 - name: label @@ -33579,9 +28475,6 @@ catalog: - id: pl-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Develop security and privacy architectures for the system\ @@ -33620,9 +28513,6 @@ catalog: - id: pl-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update the architectures {{ insert: param, pl-08_odp\ @@ -33630,9 +28520,6 @@ catalog: - id: pl-8_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Reflect planned architecture changes in security and privacy @@ -33726,17 +28613,6 @@ catalog: - id: pl-8_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08a.01 class: sp800-53a @@ -33749,17 +28625,6 @@ catalog: - id: pl-8_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08a.02 class: sp800-53a @@ -33772,13 +28637,6 @@ catalog: - id: pl-8_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-08a.03 class: sp800-53a @@ -33813,13 +28671,6 @@ catalog: - id: pl-8_obj.a.4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-08a.04 class: sp800-53a @@ -33857,17 +28708,6 @@ catalog: - id: pl-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-08b. class: sp800-53a @@ -33887,17 +28727,6 @@ catalog: - id: pl-8_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08c.[01] class: sp800-53a @@ -33909,17 +28738,6 @@ catalog: - id: pl-8_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08c.[02] class: sp800-53a @@ -33931,17 +28749,6 @@ catalog: - id: pl-8_obj.c-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08c.[03] class: sp800-53a @@ -33953,17 +28760,6 @@ catalog: - id: pl-8_obj.c-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08c.[04] class: sp800-53a @@ -33975,17 +28771,6 @@ catalog: - id: pl-8_obj.c-5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08c.[05] class: sp800-53a @@ -33997,17 +28782,6 @@ catalog: - id: pl-8_obj.c-6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08c.[06] class: sp800-53a @@ -34109,6 +28883,9 @@ catalog: class: SP800-53 title: Baseline Selection props: + - name: label + value: PL-10 + class: zero-padded - name: label value: PL-10 - name: label @@ -34153,10 +28930,6 @@ catalog: parts: - id: pl-10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Select a control baseline for the system. parts: - id: pl-10_fr @@ -34201,13 +28974,6 @@ catalog: - id: pl-10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-10 class: sp800-53a @@ -34312,6 +29078,9 @@ catalog: class: SP800-53 title: Baseline Tailoring props: + - name: label + value: PL-11 + class: zero-padded - name: label value: PL-11 - name: label @@ -34356,10 +29125,6 @@ catalog: parts: - id: pl-11_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Tailor the selected control baseline by applying specified tailoring actions. - id: pl-11_gdn @@ -34390,17 +29155,6 @@ catalog: - id: pl-11_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-11 class: sp800-53a @@ -34556,6 +29310,9 @@ catalog: - prose: events that would require the personnel security procedures to be reviewed and updated are defined; props: + - name: label + value: PS-01 + class: zero-padded - name: label value: PS-1 - name: label @@ -34591,11 +29348,6 @@ catalog: - id: ps-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -34635,9 +29387,6 @@ catalog: - id: ps-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ps-01_odp.04 }} to manage\ @@ -34646,11 +29395,6 @@ catalog: - id: ps-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current personnel security:" @@ -34710,17 +29454,6 @@ catalog: - id: ps-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-01a.[01] class: sp800-53a @@ -34731,17 +29464,6 @@ catalog: - id: ps-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-01a.[02] class: sp800-53a @@ -34753,13 +29475,6 @@ catalog: - id: ps-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-01a.[03] class: sp800-53a @@ -34772,13 +29487,6 @@ catalog: - id: ps-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-01a.[04] class: sp800-53a @@ -34797,13 +29505,6 @@ catalog: - id: ps-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-01a.01(a) class: sp800-53a @@ -34892,13 +29593,6 @@ catalog: - id: ps-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-01a.01(b) class: sp800-53a @@ -34918,17 +29612,6 @@ catalog: - id: ps-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-01b. class: sp800-53a @@ -34948,17 +29631,6 @@ catalog: - id: ps-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-01c.01 class: sp800-53a @@ -34992,17 +29664,6 @@ catalog: - id: ps-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-01c.02 class: sp800-53a @@ -35093,6 +29754,9 @@ catalog: - prose: the frequency at which to review and update position risk designations is defined; props: + - name: label + value: PS-02 + class: zero-padded - name: label value: PS-2 - name: label @@ -35135,18 +29799,12 @@ catalog: - id: ps-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Assign a risk designation to all organizational positions; - id: ps-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Establish screening criteria for individuals filling those @@ -35154,9 +29812,6 @@ catalog: - id: ps-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Review and update position risk designations {{ insert:\ @@ -35194,17 +29849,6 @@ catalog: - id: ps-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-02a. class: sp800-53a @@ -35215,17 +29859,6 @@ catalog: - id: ps-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-02b. class: sp800-53a @@ -35237,17 +29870,6 @@ catalog: - id: ps-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-02c. class: sp800-53a @@ -35348,6 +29970,9 @@ catalog: - prose: the frequency of rescreening individuals where it is so indicated is defined; props: + - name: label + value: PS-03 + class: zero-padded - name: label value: PS-3 - name: label @@ -35402,9 +30027,6 @@ catalog: - id: ps-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Screen individuals prior to authorizing access to the system; @@ -35412,9 +30034,6 @@ catalog: - id: ps-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Rescreen individuals in accordance with {{ insert: param,\ @@ -35439,17 +30058,6 @@ catalog: - id: ps-3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-03a. class: sp800-53a @@ -35468,17 +30076,6 @@ catalog: - id: ps-3_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-03b.[01] class: sp800-53a @@ -35490,17 +30087,6 @@ catalog: - id: ps-3_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-03b.[02] class: sp800-53a @@ -35581,6 +30167,9 @@ catalog: - prose: information security topics to be discussed when conducting exit interviews are defined; props: + - name: label + value: PS-04 + class: zero-padded - name: label value: PS-4 - name: label @@ -35612,9 +30201,6 @@ catalog: - id: ps-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Disable system access within {{ insert: param, ps-04_odp.01\ @@ -35622,9 +30208,6 @@ catalog: - id: ps-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Terminate or revoke any authenticators and credentials associated @@ -35632,9 +30215,6 @@ catalog: - id: ps-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Conduct exit interviews that include a discussion of {{\ @@ -35642,9 +30222,6 @@ catalog: - id: ps-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Retrieve all security-related organizational system-related @@ -35652,9 +30229,6 @@ catalog: - id: ps-4_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Retain access to organizational information and systems formerly @@ -35686,13 +30260,6 @@ catalog: - id: ps-4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-04a. class: sp800-53a @@ -35704,13 +30271,6 @@ catalog: - id: ps-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-04b. class: sp800-53a @@ -35722,17 +30282,6 @@ catalog: - id: ps-4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-04c. class: sp800-53a @@ -35745,17 +30294,6 @@ catalog: - id: ps-4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-04d. class: sp800-53a @@ -35767,17 +30305,6 @@ catalog: - id: ps-4_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-04e. class: sp800-53a @@ -35891,6 +30418,9 @@ catalog: or roles when individuals are reassigned or transferred to other positions within the organization is defined; props: + - name: label + value: PS-05 + class: zero-padded - name: label value: PS-5 - name: label @@ -35921,9 +30451,6 @@ catalog: - id: ps-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Review and confirm ongoing operational need for current logical @@ -35933,9 +30460,6 @@ catalog: - id: ps-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Initiate {{ insert: param, ps-05_odp.01 }} within {{ insert:\ @@ -35943,9 +30467,6 @@ catalog: - id: ps-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Modify access authorization as needed to correspond with @@ -35954,9 +30475,6 @@ catalog: - id: ps-5_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Notify {{ insert: param, ps-05_odp.03 }} within {{ insert:\ @@ -35984,17 +30502,6 @@ catalog: - id: ps-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-05a. class: sp800-53a @@ -36008,17 +30515,6 @@ catalog: - id: ps-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-05b. class: sp800-53a @@ -36030,13 +30526,6 @@ catalog: - id: ps-5_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-05c. class: sp800-53a @@ -36048,17 +30537,6 @@ catalog: - id: ps-5_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-05d. class: sp800-53a @@ -36155,6 +30633,9 @@ catalog: - prose: the frequency at which to re-sign access agreements to maintain access to organizational information is defined; props: + - name: label + value: PS-06 + class: zero-padded - name: label value: PS-6 - name: label @@ -36196,9 +30677,6 @@ catalog: - id: ps-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Develop and document access agreements for organizational @@ -36206,9 +30684,6 @@ catalog: - id: ps-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update the access agreements {{ insert: param,\ @@ -36216,9 +30691,6 @@ catalog: - id: ps-6_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Verify that individuals requiring access to organizational\ @@ -36258,13 +30730,6 @@ catalog: - id: ps-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-06a. class: sp800-53a @@ -36276,17 +30741,6 @@ catalog: - id: ps-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-06b. class: sp800-53a @@ -36305,17 +30759,6 @@ catalog: - id: ps-6_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-06c.01 class: sp800-53a @@ -36328,17 +30771,6 @@ catalog: - id: ps-6_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-06c.02 class: sp800-53a @@ -36460,6 +30892,9 @@ catalog: transfers or terminations of external personnel who possess organizational credentials and/or badges or who have system privileges is defined; props: + - name: label + value: PS-07 + class: zero-padded - name: label value: PS-7 - name: label @@ -36509,9 +30944,6 @@ catalog: - id: ps-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish personnel security requirements, including security @@ -36519,9 +30951,6 @@ catalog: - id: ps-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Require external providers to comply with personnel security @@ -36529,18 +30958,12 @@ catalog: - id: ps-7_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Document personnel security requirements; - id: ps-7_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Require external providers to notify {{ insert: param, ps-07_odp.01\ @@ -36551,9 +30974,6 @@ catalog: - id: ps-7_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Monitor provider compliance with personnel security requirements. @@ -36583,17 +31003,6 @@ catalog: - id: ps-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-07a. class: sp800-53a @@ -36605,17 +31014,6 @@ catalog: - id: ps-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-07b. class: sp800-53a @@ -36627,13 +31025,6 @@ catalog: - id: ps-7_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-07c. class: sp800-53a @@ -36644,17 +31035,6 @@ catalog: - id: ps-7_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-07d. class: sp800-53a @@ -36669,17 +31049,6 @@ catalog: - id: ps-7_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-07e. class: sp800-53a @@ -36781,6 +31150,9 @@ catalog: or roles must be notified when a formal employee sanctions process is initiated is defined; props: + - name: label + value: PS-08 + class: zero-padded - name: label value: PS-8 - name: label @@ -36807,9 +31179,6 @@ catalog: - id: ps-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Employ a formal sanctions process for individuals failing @@ -36818,9 +31187,6 @@ catalog: - id: ps-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Notify {{ insert: param, ps-08_odp.01 }} within {{ insert:\ @@ -36845,17 +31211,6 @@ catalog: - id: ps-8_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-08a. class: sp800-53a @@ -36868,17 +31223,6 @@ catalog: - id: ps-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-08b. class: sp800-53a @@ -36976,6 +31320,9 @@ catalog: class: SP800-53 title: Position Descriptions props: + - name: label + value: PS-09 + class: zero-padded - name: label value: PS-9 - name: label @@ -36992,10 +31339,6 @@ catalog: parts: - id: ps-9_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Incorporate security and privacy roles and responsibilities into organizational position descriptions. - id: ps-9_gdn @@ -37007,13 +31350,6 @@ catalog: - id: ps-9_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-09 class: sp800-53a @@ -37162,6 +31498,9 @@ catalog: - prose: events that would require risk assessment procedures to be reviewed and updated are defined; props: + - name: label + value: RA-01 + class: zero-padded - name: label value: RA-1 - name: label @@ -37199,11 +31538,6 @@ catalog: - id: ra-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -37243,9 +31577,6 @@ catalog: - id: ra-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ra-01_odp.04 }} to manage\ @@ -37254,11 +31585,6 @@ catalog: - id: ra-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current risk assessment:" @@ -37318,17 +31644,6 @@ catalog: - id: ra-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-01a.[01] class: sp800-53a @@ -37339,17 +31654,6 @@ catalog: - id: ra-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-01a.[02] class: sp800-53a @@ -37361,13 +31665,6 @@ catalog: - id: ra-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-01a.[03] class: sp800-53a @@ -37380,13 +31677,6 @@ catalog: - id: ra-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-01a.[04] class: sp800-53a @@ -37405,13 +31695,6 @@ catalog: - id: ra-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-01a.01(a) class: sp800-53a @@ -37500,13 +31783,6 @@ catalog: - id: ra-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-01a.01(b) class: sp800-53a @@ -37526,17 +31802,6 @@ catalog: - id: ra-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-01b. class: sp800-53a @@ -37556,17 +31821,6 @@ catalog: - id: ra-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-01c.01 class: sp800-53a @@ -37599,17 +31853,6 @@ catalog: - id: ra-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-01c.02 class: sp800-53a @@ -37686,6 +31929,9 @@ catalog: class: SP800-53 title: Security Categorization props: + - name: label + value: RA-02 + class: zero-padded - name: label value: RA-2 - name: label @@ -37752,9 +31998,6 @@ catalog: - id: ra-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Categorize the system and information it processes, stores, @@ -37762,9 +32005,6 @@ catalog: - id: ra-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Document the security categorization results, including supporting @@ -37772,9 +32012,6 @@ catalog: - id: ra-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Verify that the authorizing official or authorizing official @@ -37824,13 +32061,6 @@ catalog: - id: ra-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-02a. class: sp800-53a @@ -37842,13 +32072,6 @@ catalog: - id: ra-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-02b. class: sp800-53a @@ -37860,17 +32083,6 @@ catalog: - id: ra-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-02c. class: sp800-53a @@ -37981,6 +32193,9 @@ catalog: guidelines: - prose: the frequency to update the risk assessment is defined; props: + - name: label + value: RA-03 + class: zero-padded - name: label value: RA-3 - name: label @@ -38068,9 +32283,6 @@ catalog: - id: ra-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Conduct a risk assessment, including:" @@ -38101,9 +32313,6 @@ catalog: - id: ra-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Integrate risk assessment results and risk management decisions @@ -38112,9 +32321,6 @@ catalog: - id: ra-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Document risk assessment results in {{ insert: param, ra-03_odp.01\ @@ -38122,9 +32328,6 @@ catalog: - id: ra-3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Review risk assessment results {{ insert: param, ra-03_odp.03\ @@ -38132,9 +32335,6 @@ catalog: - id: ra-3_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: "Disseminate risk assessment results to {{ insert: param,\ @@ -38142,9 +32342,6 @@ catalog: - id: ra-3_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Update the risk assessment {{ insert: param, ra-03_odp.05\ @@ -38215,17 +32412,6 @@ catalog: - id: ra-3_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-03a.01 class: sp800-53a @@ -38237,17 +32423,6 @@ catalog: - id: ra-3_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-03a.02 class: sp800-53a @@ -38262,17 +32437,6 @@ catalog: - id: ra-3_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-03a.03 class: sp800-53a @@ -38288,17 +32452,6 @@ catalog: - id: ra-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-03b. class: sp800-53a @@ -38311,13 +32464,6 @@ catalog: - id: ra-3_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-03c. class: sp800-53a @@ -38329,17 +32475,6 @@ catalog: - id: ra-3_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-03d. class: sp800-53a @@ -38351,17 +32486,6 @@ catalog: - id: ra-3_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-03e. class: sp800-53a @@ -38373,17 +32497,6 @@ catalog: - id: ra-3_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-03f. class: sp800-53a @@ -38480,6 +32593,9 @@ catalog: - prose: the frequency at which to update the supply chain risk assessment is defined; props: + - name: label + value: RA-03(01) + class: zero-padded - name: label value: RA-3(1) - name: label @@ -38513,9 +32629,6 @@ catalog: - id: ra-3.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Assess supply chain risks associated with {{ insert:\ @@ -38523,9 +32636,6 @@ catalog: - id: ra-3.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Update the supply chain risk assessment {{ insert: param,\ @@ -38558,17 +32668,6 @@ catalog: - id: ra-3.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-03(01)(a) class: sp800-53a @@ -38580,17 +32679,6 @@ catalog: - id: ra-3.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-03(01)(b) class: sp800-53a @@ -38734,9 +32822,9 @@ catalog: vulnerability scanning process and control assessments is to be shared; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: RA-05 + class: zero-padded - name: label value: RA-5 - name: label @@ -38810,9 +32898,6 @@ catalog: - id: ra-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Monitor and scan for vulnerabilities in the system and hosted\ @@ -38821,9 +32906,6 @@ catalog: - id: ra-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Employ vulnerability monitoring tools and techniques that\ @@ -38851,9 +32933,6 @@ catalog: - id: ra-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Analyze vulnerability scan reports and results from vulnerability @@ -38861,9 +32940,6 @@ catalog: - id: ra-5_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Remediate legitimate vulnerabilities {{ insert: param, ra-05_odp.03\ @@ -38871,9 +32947,6 @@ catalog: - id: ra-5_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: "Share information obtained from the vulnerability monitoring\ @@ -38883,9 +32956,6 @@ catalog: - id: ra-5_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: Employ vulnerability monitoring tools that include the capability @@ -38956,12 +33026,12 @@ catalog: Warnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports - a \"warning\" as part of the compliance scanning of a CSO, - follow guidance surrounding the tracking of compliance findings - during either the assessment phases (initial assessment, annual - assessment or any SCR) or monthly continuous monitoring as - it applies. Guidance on compliance scan findings can be found - by searching on \"Tracking of Compliance Scans\" in FAQs. + a “warning” as part of the compliance scanning of a CSO, follow + guidance surrounding the tracking of compliance findings during + either the assessment phases (initial assessment, annual assessment + or any SCR) or monthly continuous monitoring as it applies. + Guidance on compliance scan findings can be found by searching + on “Tracking of Compliance Scans” in FAQs. - id: ra-5_gdn name: guidance prose: >- @@ -39039,17 +33109,6 @@ catalog: - id: ra-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05a. class: sp800-53a @@ -39084,17 +33143,6 @@ catalog: - id: ra-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-05b. class: sp800-53a @@ -39104,17 +33152,6 @@ catalog: - id: ra-5_obj.b.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05b.01 class: sp800-53a @@ -39128,17 +33165,6 @@ catalog: - id: ra-5_obj.b.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05b.02 class: sp800-53a @@ -39152,17 +33178,6 @@ catalog: - id: ra-5_obj.b.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05b.03 class: sp800-53a @@ -39179,17 +33194,6 @@ catalog: - id: ra-5_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05c. class: sp800-53a @@ -39201,17 +33205,6 @@ catalog: - id: ra-5_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05d. class: sp800-53a @@ -39224,17 +33217,6 @@ catalog: - id: ra-5_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05e. class: sp800-53a @@ -39247,17 +33229,6 @@ catalog: - id: ra-5_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05f. class: sp800-53a @@ -39370,9 +33341,9 @@ catalog: - prose: the frequency for updating the system vulnerabilities to be scanned is defined (if selected); props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: RA-05(02) + class: zero-padded - name: label value: RA-5(2) - name: label @@ -39394,10 +33365,6 @@ catalog: parts: - id: ra-5.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Update the system vulnerabilities to be scanned {{ insert:\ \ param, ra-05.02_odp.01 }}." - id: ra-5.2_gdn @@ -39411,17 +33378,6 @@ catalog: - id: ra-5.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05(02) class: sp800-53a @@ -39507,6 +33463,9 @@ catalog: class: SP800-53-enhancement title: Public Disclosure Program props: + - name: label + value: RA-05(11) + class: zero-padded - name: label value: RA-5(11) - name: label @@ -39526,10 +33485,6 @@ catalog: parts: - id: ra-5.11_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Establish a public reporting channel for receiving reports of vulnerabilities in organizational systems and system components. - id: ra-5.11_gdn @@ -39543,17 +33498,6 @@ catalog: - id: ra-5.11_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05(11) class: sp800-53a @@ -39647,6 +33591,9 @@ catalog: class: SP800-53 title: Risk Response props: + - name: label + value: RA-07 + class: zero-padded - name: label value: RA-7 - name: label @@ -39690,10 +33637,6 @@ catalog: parts: - id: ra-7_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Respond to findings from security and privacy assessments, monitoring, and audits in accordance with organizational risk tolerance. - id: ra-7_gdn @@ -39713,17 +33656,6 @@ catalog: - id: ra-7_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-07 class: sp800-53a @@ -39894,6 +33826,9 @@ catalog: - prose: events that would require the system and services acquisition procedures to be reviewed and updated are defined; props: + - name: label + value: SA-01 + class: zero-padded - name: label value: SA-1 - name: label @@ -39935,11 +33870,6 @@ catalog: - id: sa-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -39980,9 +33910,6 @@ catalog: - id: sa-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, sa-01_odp.04 }} to manage\ @@ -39991,11 +33918,6 @@ catalog: - id: sa-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current system and services acquisition:" @@ -40056,17 +33978,6 @@ catalog: - id: sa-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-01a.[01] class: sp800-53a @@ -40078,17 +33989,6 @@ catalog: - id: sa-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-01a.[02] class: sp800-53a @@ -40100,13 +34000,6 @@ catalog: - id: sa-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-01a.[03] class: sp800-53a @@ -40120,13 +34013,6 @@ catalog: - id: sa-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-01a.[04] class: sp800-53a @@ -40145,13 +34031,6 @@ catalog: - id: sa-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-01a.01(a) class: sp800-53a @@ -40241,13 +34120,6 @@ catalog: - id: sa-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-01a.01(b) class: sp800-53a @@ -40267,17 +34139,6 @@ catalog: - id: sa-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-01b. class: sp800-53a @@ -40297,17 +34158,6 @@ catalog: - id: sa-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-01c.01 class: sp800-53a @@ -40341,17 +34191,6 @@ catalog: - id: sa-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-01c.02 class: sp800-53a @@ -40441,6 +34280,9 @@ catalog: class: SP800-53 title: Allocation of Resources props: + - name: label + value: SA-02 + class: zero-padded - name: label value: SA-2 - name: label @@ -40480,9 +34322,6 @@ catalog: - id: sa-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Determine the high-level information security and privacy @@ -40491,9 +34330,6 @@ catalog: - id: sa-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Determine, document, and allocate the resources required @@ -40502,9 +34338,6 @@ catalog: - id: sa-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Establish a discrete line item for information security and @@ -40531,17 +34364,6 @@ catalog: - id: sa-2_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-02a.[01] class: sp800-53a @@ -40554,17 +34376,6 @@ catalog: - id: sa-2_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-02a.[02] class: sp800-53a @@ -40587,17 +34398,6 @@ catalog: - id: sa-2_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-02b.[01] class: sp800-53a @@ -40610,17 +34410,6 @@ catalog: - id: sa-2_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-02b.[02] class: sp800-53a @@ -40643,17 +34432,6 @@ catalog: - id: sa-2_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-02c.[01] class: sp800-53a @@ -40665,17 +34443,6 @@ catalog: - id: sa-2_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-02c.[02] class: sp800-53a @@ -40784,6 +34551,9 @@ catalog: guidelines: - prose: system development life cycle is defined; props: + - name: label + value: SA-03 + class: zero-padded - name: label value: SA-3 - name: label @@ -40845,9 +34615,6 @@ catalog: - id: sa-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Acquire, develop, and manage the system using {{ insert:\ @@ -40856,9 +34623,6 @@ catalog: - id: sa-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Define and document information security and privacy roles @@ -40866,9 +34630,6 @@ catalog: - id: sa-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Identify individuals having information security and privacy @@ -40876,9 +34637,6 @@ catalog: - id: sa-3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Integrate the organizational information security and privacy @@ -40938,17 +34696,6 @@ catalog: - id: sa-3_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03a.[01] class: sp800-53a @@ -40961,17 +34708,6 @@ catalog: - id: sa-3_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03a.[02] class: sp800-53a @@ -40994,17 +34730,6 @@ catalog: - id: sa-3_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03b.[01] class: sp800-53a @@ -41016,17 +34741,6 @@ catalog: - id: sa-3_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03b.[02] class: sp800-53a @@ -41048,17 +34762,6 @@ catalog: - id: sa-3_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03c.[01] class: sp800-53a @@ -41070,17 +34773,6 @@ catalog: - id: sa-3_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03c.[02] class: sp800-53a @@ -41102,17 +34794,6 @@ catalog: - id: sa-3_obj.d-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03d.[01] class: sp800-53a @@ -41124,17 +34805,6 @@ catalog: - id: sa-3_obj.d-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03d.[02] class: sp800-53a @@ -41262,6 +34932,9 @@ catalog: guidelines: - prose: contract language is defined (if selected); props: + - name: label + value: SA-04 + class: zero-padded - name: label value: SA-4 - name: label @@ -41357,63 +35030,42 @@ catalog: - id: sa-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Security and privacy functional requirements; - id: sa-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Strength of mechanism requirements; - id: sa-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Security and privacy assurance requirements; - id: sa-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Controls needed to satisfy the security and privacy requirements. - id: sa-4_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Security and privacy documentation requirements; - id: sa-4_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: Requirements for protecting security and privacy documentation; - id: sa-4_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: Description of the system development environment and environment @@ -41421,9 +35073,6 @@ catalog: - id: sa-4_smt.h name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: h. prose: Allocation of responsibility or identification of parties @@ -41432,9 +35081,6 @@ catalog: - id: sa-4_smt.i name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: i. prose: Acceptance criteria. @@ -41526,39 +35172,6 @@ catalog: - id: sa-4_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04a.[01] class: sp800-53a @@ -41572,39 +35185,6 @@ catalog: - id: sa-4_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04a.[02] class: sp800-53a @@ -41621,17 +35201,6 @@ catalog: - id: sa-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04b. class: sp800-53a @@ -41719,17 +35288,6 @@ catalog: - id: sa-4_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04e. class: sp800-53a @@ -41766,17 +35324,6 @@ catalog: - id: sa-4_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04f. class: sp800-53a @@ -41814,17 +35361,6 @@ catalog: - id: sa-4_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04g. class: sp800-53a @@ -41839,17 +35375,6 @@ catalog: - id: sa-4_obj.h name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04h. class: sp800-53a @@ -41901,17 +35426,6 @@ catalog: - id: sa-4_obj.i name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04i. class: sp800-53a @@ -42018,6 +35532,9 @@ catalog: class: SP800-53-enhancement title: Use of Approved PIV Products props: + - name: label + value: SA-04(10) + class: zero-padded - name: label value: SA-4(10) - name: label @@ -42043,10 +35560,6 @@ catalog: parts: - id: sa-4.10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ only information technology products on the FIPS 201-approved products list for Personal Identity Verification (PIV) capability implemented within organizational systems. @@ -42059,17 +35572,6 @@ catalog: - id: sa-4.10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04(10) class: sp800-53a @@ -42178,6 +35680,9 @@ catalog: - prose: personnel or roles to distribute system documentation to is/are defined; props: + - name: label + value: SA-05 + class: zero-padded - name: label value: SA-5 - name: label @@ -42239,9 +35744,6 @@ catalog: - id: sa-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Obtain or develop administrator documentation for the system,\ @@ -42271,9 +35773,6 @@ catalog: - id: sa-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Obtain or develop user documentation for the system, system\ @@ -42304,9 +35803,6 @@ catalog: - id: sa-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Document attempts to obtain system, system component, or\ @@ -42316,9 +35812,6 @@ catalog: - id: sa-5_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Distribute documentation to {{ insert: param, sa-05_odp.02\ @@ -42360,17 +35853,6 @@ catalog: - id: sa-5_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05a.01 class: sp800-53a @@ -42427,17 +35909,6 @@ catalog: - id: sa-5_obj.a.2-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05a.02[01] class: sp800-53a @@ -42451,17 +35922,6 @@ catalog: - id: sa-5_obj.a.2-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05a.02[02] class: sp800-53a @@ -42475,17 +35935,6 @@ catalog: - id: sa-5_obj.a.2-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05a.02[03] class: sp800-53a @@ -42499,17 +35948,6 @@ catalog: - id: sa-5_obj.a.2-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05a.02[04] class: sp800-53a @@ -42526,17 +35964,6 @@ catalog: - id: sa-5_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05a.03 class: sp800-53a @@ -42590,17 +36017,6 @@ catalog: - id: sa-5_obj.b.1-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.01[01] class: sp800-53a @@ -42613,17 +36029,6 @@ catalog: - id: sa-5_obj.b.1-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.01[02] class: sp800-53a @@ -42637,17 +36042,6 @@ catalog: - id: sa-5_obj.b.1-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.01[03] class: sp800-53a @@ -42660,17 +36054,6 @@ catalog: - id: sa-5_obj.b.1-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.01[04] class: sp800-53a @@ -42694,17 +36077,6 @@ catalog: - id: sa-5_obj.b.2-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.02[01] class: sp800-53a @@ -42718,17 +36090,6 @@ catalog: - id: sa-5_obj.b.2-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.02[02] class: sp800-53a @@ -42753,17 +36114,6 @@ catalog: - id: sa-5_obj.b.3-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.03[01] class: sp800-53a @@ -42777,17 +36127,6 @@ catalog: - id: sa-5_obj.b.3-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.03[02] class: sp800-53a @@ -42814,17 +36153,6 @@ catalog: - id: sa-5_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-05c.[01] class: sp800-53a @@ -42837,17 +36165,6 @@ catalog: - id: sa-5_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-05c.[02] class: sp800-53a @@ -42864,17 +36181,6 @@ catalog: - id: sa-5_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-05d. class: sp800-53a @@ -42994,6 +36300,9 @@ catalog: guidelines: - prose: privacy engineering principles are defined; props: + - name: label + value: SA-08 + class: zero-padded - name: label value: SA-8 - name: label @@ -43067,10 +36376,6 @@ catalog: parts: - id: sa-8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Apply the following systems security and privacy engineering\ \ principles in the specification, design, development, implementation,\ \ and modification of the system and system components: {{ insert:\ @@ -43121,17 +36426,6 @@ catalog: - id: sa-8_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[01] class: sp800-53a @@ -43143,17 +36437,6 @@ catalog: - id: sa-8_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[02] class: sp800-53a @@ -43165,17 +36448,6 @@ catalog: - id: sa-8_obj-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[03] class: sp800-53a @@ -43187,17 +36459,6 @@ catalog: - id: sa-8_obj-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[04] class: sp800-53a @@ -43209,17 +36470,6 @@ catalog: - id: sa-8_obj-5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[05] class: sp800-53a @@ -43231,17 +36481,6 @@ catalog: - id: sa-8_obj-6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[06] class: sp800-53a @@ -43253,17 +36492,6 @@ catalog: - id: sa-8_obj-7 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[07] class: sp800-53a @@ -43275,17 +36503,6 @@ catalog: - id: sa-8_obj-8 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[08] class: sp800-53a @@ -43297,17 +36514,6 @@ catalog: - id: sa-8_obj-9 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[09] class: sp800-53a @@ -43319,17 +36525,6 @@ catalog: - id: sa-8_obj-10 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[10] class: sp800-53a @@ -43454,9 +36649,9 @@ catalog: - prose: processes, methods, and techniques employed to monitor control compliance by external service providers are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SA-09 + class: zero-padded - name: label value: SA-9 - name: label @@ -43512,9 +36707,6 @@ catalog: - id: sa-9_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Require that providers of external system services comply\ @@ -43523,9 +36715,6 @@ catalog: - id: sa-9_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Define and document organizational oversight and user roles @@ -43534,9 +36723,6 @@ catalog: - id: sa-9_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Employ the following processes, methods, and techniques\ @@ -43582,17 +36768,6 @@ catalog: - id: sa-9_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-09a.[01] class: sp800-53a @@ -43604,17 +36779,6 @@ catalog: - id: sa-9_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-09a.[02] class: sp800-53a @@ -43626,13 +36790,6 @@ catalog: - id: sa-9_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-09a.[03] class: sp800-53a @@ -43654,13 +36811,6 @@ catalog: - id: sa-9_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-09b.[01] class: sp800-53a @@ -43672,13 +36822,6 @@ catalog: - id: sa-9_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-09b.[02] class: sp800-53a @@ -43693,17 +36836,6 @@ catalog: - id: sa-9_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-09c. class: sp800-53a @@ -43828,6 +36960,9 @@ catalog: guidelines: - prose: support from external providers is defined (if selected); props: + - name: label + value: SA-22 + class: zero-padded - name: label value: SA-22 - name: label @@ -43853,9 +36988,6 @@ catalog: - id: sa-22_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Replace system components when support for the components @@ -43864,9 +36996,6 @@ catalog: - id: sa-22_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Provide the following options for alternative sources for\ @@ -43911,17 +37040,6 @@ catalog: - id: sa-22_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-22a. class: sp800-53a @@ -43933,17 +37051,6 @@ catalog: - id: sa-22_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-22b. class: sp800-53a @@ -44089,6 +37196,9 @@ catalog: - prose: events that would require the system and communications protection procedures to be reviewed and updated are defined; props: + - name: label + value: SC-01 + class: zero-padded - name: label value: SC-1 - name: label @@ -44124,11 +37234,6 @@ catalog: - id: sc-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -44169,9 +37274,6 @@ catalog: - id: sc-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, sc-01_odp.04 }} to manage\ @@ -44180,11 +37282,6 @@ catalog: - id: sc-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current system and communications\ @@ -44246,17 +37343,6 @@ catalog: - id: sc-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-01a.[01] class: sp800-53a @@ -44268,17 +37354,6 @@ catalog: - id: sc-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-01a.[02] class: sp800-53a @@ -44290,13 +37365,6 @@ catalog: - id: sc-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SC-01a.[03] class: sp800-53a @@ -44310,13 +37378,6 @@ catalog: - id: sc-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SC-01a.[04] class: sp800-53a @@ -44335,13 +37396,6 @@ catalog: - id: sc-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SC-01a.01(a) class: sp800-53a @@ -44431,13 +37485,6 @@ catalog: - id: sc-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SC-01a.01(b) class: sp800-53a @@ -44457,17 +37504,6 @@ catalog: - id: sc-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-01b. class: sp800-53a @@ -44487,17 +37523,6 @@ catalog: - id: sc-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-01c.01 class: sp800-53a @@ -44532,17 +37557,6 @@ catalog: - id: sc-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-01c.02 class: sp800-53a @@ -44648,6 +37662,9 @@ catalog: - prose: controls to achieve the denial-of-service objective by type of denial-of-service event are defined; props: + - name: label + value: SC-05 + class: zero-padded - name: label value: SC-5 - name: label @@ -44678,9 +37695,6 @@ catalog: - id: sc-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: " {{ insert: param, sc-05_odp.02 }} the effects of the following\ @@ -44689,9 +37703,6 @@ catalog: - id: sc-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Employ the following controls to achieve the denial-of-service\ @@ -44720,17 +37731,6 @@ catalog: - id: sc-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-05a. class: sp800-53a @@ -44742,13 +37742,6 @@ catalog: - id: sc-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-05b. class: sp800-53a @@ -44844,9 +37837,9 @@ catalog: - physically - logically props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-07 + class: zero-padded - name: label value: SC-7 - name: label @@ -44927,9 +37920,6 @@ catalog: - id: sc-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Monitor and control communications at the external managed @@ -44938,9 +37928,6 @@ catalog: - id: sc-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Implement subnetworks for publicly accessible system components\ @@ -44949,9 +37936,6 @@ catalog: - id: sc-7_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Connect to external networks or systems only through managed @@ -45014,17 +37998,6 @@ catalog: - id: sc-7_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-07a.[01] class: sp800-53a @@ -45036,17 +38009,6 @@ catalog: - id: sc-7_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-07a.[02] class: sp800-53a @@ -45058,17 +38020,6 @@ catalog: - id: sc-7_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-07a.[03] class: sp800-53a @@ -45080,17 +38031,6 @@ catalog: - id: sc-7_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-07a.[04] class: sp800-53a @@ -45105,21 +38045,6 @@ catalog: - id: sc-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07b. class: sp800-53a @@ -45132,21 +38057,6 @@ catalog: - id: sc-7_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07c. class: sp800-53a @@ -45235,9 +38145,9 @@ catalog: - confidentiality - integrity props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-08 + class: zero-padded - name: label value: SC-8 - name: label @@ -45298,10 +38208,6 @@ catalog: parts: - id: sc-8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Protect the {{ insert: param, sc-08_odp }} of transmitted information." parts: - id: sc-8_fr @@ -45337,7 +38243,7 @@ catalog: * From a load balancer to a compute instance - * Flows from management tools required for their work - e.g. + * Flows from management tools required for their work – e.g. log collection, scanning, etc. @@ -45379,10 +38285,10 @@ catalog: Controlled Access Area (CAA): Data will be considered physically - protected, and in a CAA if it meets Section 2.3 of the DHS's + protected, and in a CAA if it meets Section 2.3 of the DHS’s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet - Section 2.3 of the DHS' recommended practice by satisfactory + Section 2.3 of the DHS’ recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3). @@ -45440,21 +38346,6 @@ catalog: - id: sc-8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-08 class: sp800-53a @@ -45538,6 +38429,9 @@ catalog: - prevent unauthorized disclosure of information - detect changes to information props: + - name: label + value: SC-08(01) + class: zero-padded - name: label value: SC-8(1) - name: label @@ -45558,10 +38452,6 @@ catalog: parts: - id: sc-8.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement cryptographic mechanisms to {{ insert: param,\ \ sc-08.01_odp }} during transmission." parts: @@ -45621,21 +38511,6 @@ catalog: - id: sc-8.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-08(01) class: sp800-53a @@ -45728,9 +38603,9 @@ catalog: - prose: requirements for key generation, distribution, storage, access, and destruction are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-12 + class: zero-padded - name: label value: SC-12 - name: label @@ -45789,8 +38664,6 @@ catalog: rel: related - href: "#sc-11" rel: related - - href: "#sc-12" - rel: related - href: "#sc-13" rel: related - href: "#sc-17" @@ -45808,10 +38681,6 @@ catalog: parts: - id: sc-12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Establish and manage cryptographic keys when cryptography is\ \ employed within the system in accordance with the following key\ \ management requirements: {{ insert: param, sc-12_odp }}." @@ -45859,21 +38728,6 @@ catalog: - id: sc-12_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-12 class: sp800-53a @@ -45988,9 +38842,9 @@ catalog: - prose: types of cryptography for each specified cryptographic use are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-13 + class: zero-padded - name: label value: SC-13 - name: label @@ -46069,18 +38923,12 @@ catalog: - id: sc-13_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Determine the {{ insert: param, sc-13_odp.01 }} ; and" - id: sc-13_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Implement the following types of cryptography required for\ @@ -46195,17 +39043,6 @@ catalog: - id: sc-13_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-13a. class: sp800-53a @@ -46216,21 +39053,6 @@ catalog: - id: sc-13_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-13b. class: sp800-53a @@ -46317,6 +39139,9 @@ catalog: guidelines: - prose: exceptions where remote activation is to be allowed are defined; props: + - name: label + value: SC-15 + class: zero-padded - name: label value: SC-15 - name: label @@ -46339,9 +39164,6 @@ catalog: - id: sc-15_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Prohibit remote activation of collaborative computing devices\ @@ -46350,9 +39172,6 @@ catalog: - id: sc-15_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Provide an explicit indication of use to users physically @@ -46385,17 +39204,6 @@ catalog: - id: sc-15_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-15a. class: sp800-53a @@ -46408,21 +39216,6 @@ catalog: - id: sc-15_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-15b. class: sp800-53a @@ -46506,6 +39299,9 @@ catalog: class: SP800-53 title: Secure Name/Address Resolution Service (Authoritative Source) props: + - name: label + value: SC-20 + class: zero-padded - name: label value: SC-20 - name: label @@ -46542,9 +39338,6 @@ catalog: - id: sc-20_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Provide additional data origin authentication and integrity @@ -46554,9 +39347,6 @@ catalog: - id: sc-20_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Provide the means to indicate the security status of child @@ -46624,21 +39414,6 @@ catalog: - id: sc-20_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-20a. class: sp800-53a @@ -46680,21 +39455,6 @@ catalog: - id: sc-20_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-20b.[01] class: sp800-53a @@ -46708,21 +39468,6 @@ catalog: - id: sc-20_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-20b.[02] class: sp800-53a @@ -46803,9 +39548,9 @@ catalog: class: SP800-53 title: Secure Name/Address Resolution Service (Recursive or Caching Resolver) props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-21 + class: zero-padded - name: label value: SC-21 - name: label @@ -46826,10 +39571,6 @@ catalog: parts: - id: sc-21_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Request and perform data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources. @@ -46897,21 +39638,6 @@ catalog: - id: sc-21_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-21 class: sp800-53a @@ -47035,6 +39761,9 @@ catalog: class: SP800-53 title: Architecture and Provisioning for Name/Address Resolution Service props: + - name: label + value: SC-22 + class: zero-padded - name: label value: SC-22 - name: label @@ -47059,10 +39788,6 @@ catalog: parts: - id: sc-22_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Ensure the systems that collectively provide name/address resolution service for an organization are fault-tolerant and implement internal and external role separation. @@ -47085,21 +39810,6 @@ catalog: - id: sc-22_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-22 class: sp800-53a @@ -47225,9 +39935,9 @@ catalog: guidelines: - prose: information at rest requiring protection is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-28 + class: zero-padded - name: label value: SC-28 - name: label @@ -47298,10 +40008,6 @@ catalog: parts: - id: sc-28_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Protect the {{ insert: param, sc-28_odp.01 }} of the following\ \ information at rest: {{ insert: param, sc-28_odp.02 }}." parts: @@ -47357,21 +40063,6 @@ catalog: - id: sc-28_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-28 class: sp800-53a @@ -47466,6 +40157,9 @@ catalog: - prose: system components or media requiring cryptographic protection is/are defined; props: + - name: label + value: SC-28(01) + class: zero-padded - name: label value: SC-28(1) - name: label @@ -47488,10 +40182,6 @@ catalog: parts: - id: sc-28.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement cryptographic mechanisms to prevent unauthorized\ \ disclosure and modification of the following information at\ \ rest on {{ insert: param, sc-28.01_odp.02 }}: {{ insert: param,\ @@ -47542,21 +40232,6 @@ catalog: - id: sc-28.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-28(01) class: sp800-53a @@ -47658,6 +40333,9 @@ catalog: class: SP800-53 title: Process Isolation props: + - name: label + value: SC-39 + class: zero-padded - name: label value: SC-39 - name: label @@ -47693,10 +40371,6 @@ catalog: parts: - id: sc-39_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Maintain a separate execution domain for each executing system process. - id: sc-39_gdn @@ -47717,21 +40391,6 @@ catalog: - id: sc-39_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-39 class: sp800-53a @@ -47848,6 +40507,9 @@ catalog: - prose: events that would require the system and information integrity procedures to be reviewed and updated are defined; props: + - name: label + value: SI-01 + class: zero-padded - name: label value: SI-1 - name: label @@ -47883,11 +40545,6 @@ catalog: - id: si-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -47928,9 +40585,6 @@ catalog: - id: si-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, si-01_odp.04 }} to manage\ @@ -47939,11 +40593,6 @@ catalog: - id: si-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current system and information integrity:" @@ -48004,17 +40653,6 @@ catalog: - id: si-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-01a.[01] class: sp800-53a @@ -48026,17 +40664,6 @@ catalog: - id: si-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-01a.[02] class: sp800-53a @@ -48048,13 +40675,6 @@ catalog: - id: si-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SI-01a.[03] class: sp800-53a @@ -48068,13 +40688,6 @@ catalog: - id: si-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SI-01a.[04] class: sp800-53a @@ -48093,13 +40706,6 @@ catalog: - id: si-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SI-01a.01(a) class: sp800-53a @@ -48189,13 +40795,6 @@ catalog: - id: si-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SI-01a.01(b) class: sp800-53a @@ -48215,17 +40814,6 @@ catalog: - id: si-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-01b. class: sp800-53a @@ -48245,17 +40833,6 @@ catalog: - id: si-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-01c.01 class: sp800-53a @@ -48290,17 +40867,6 @@ catalog: - id: si-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-01c.02 class: sp800-53a @@ -48389,6 +40955,9 @@ catalog: - prose: time period within which to install security-relevant software updates after the release of the updates is defined; props: + - name: label + value: SI-02 + class: zero-padded - name: label value: SI-2 - name: label @@ -48451,18 +41020,12 @@ catalog: - id: si-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Identify, report, and correct system flaws; - id: si-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Test software and firmware updates related to flaw remediation @@ -48470,9 +41033,6 @@ catalog: - id: si-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Install security-relevant software and firmware updates\ @@ -48481,9 +41041,6 @@ catalog: - id: si-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Incorporate flaw remediation into the organizational configuration @@ -48530,21 +41087,6 @@ catalog: - id: si-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-02a. class: sp800-53a @@ -48585,17 +41127,6 @@ catalog: - id: si-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-02b. class: sp800-53a @@ -48650,17 +41181,6 @@ catalog: - id: si-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-02c. class: sp800-53a @@ -48693,17 +41213,6 @@ catalog: - id: si-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-02d. class: sp800-53a @@ -48863,9 +41372,9 @@ catalog: - prose: personnel or roles to be alerted when malicious code is detected is/are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-03 + class: zero-padded - name: label value: SI-3 - name: label @@ -48931,9 +41440,6 @@ catalog: - id: si-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Implement {{ insert: param, si-03_odp.01 }} malicious code\ @@ -48942,9 +41448,6 @@ catalog: - id: si-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Automatically update malicious code protection mechanisms @@ -48953,9 +41456,6 @@ catalog: - id: si-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Configure malicious code protection mechanisms to:" @@ -48981,9 +41481,6 @@ catalog: - id: si-3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Address the receipt of false positives during malicious code @@ -49044,17 +41541,6 @@ catalog: - id: si-3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-03a. class: sp800-53a @@ -49089,17 +41575,6 @@ catalog: - id: si-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-03b. class: sp800-53a @@ -49126,17 +41601,6 @@ catalog: - id: si-3_obj.c.1-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-03c.01[01] class: sp800-53a @@ -49149,17 +41613,6 @@ catalog: - id: si-3_obj.c.1-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-03c.01[02] class: sp800-53a @@ -49184,17 +41637,6 @@ catalog: - id: si-3_obj.c.2-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-03c.02[01] class: sp800-53a @@ -49207,17 +41649,6 @@ catalog: - id: si-3_obj.c.2-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-03c.02[02] class: sp800-53a @@ -49236,17 +41667,6 @@ catalog: - id: si-3_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-03d. class: sp800-53a @@ -49397,6 +41817,9 @@ catalog: - prose: a frequency for providing system monitoring to personnel or roles is defined (if selected); props: + - name: label + value: SI-04 + class: zero-padded - name: label value: SI-4 - name: label @@ -49513,9 +41936,6 @@ catalog: - id: si-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Monitor the system to detect:" @@ -49537,9 +41957,6 @@ catalog: - id: si-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Identify unauthorized use of the system through the following\ @@ -49547,9 +41964,6 @@ catalog: - id: si-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Invoke internal monitoring capabilities or deploy monitoring\ @@ -49572,18 +41986,12 @@ catalog: - id: si-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Analyze detected events and anomalies; - id: si-4_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Adjust the level of system monitoring activity when there @@ -49592,9 +42000,6 @@ catalog: - id: si-4_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: Obtain legal opinion regarding system monitoring activities; @@ -49602,9 +42007,6 @@ catalog: - id: si-4_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: "Provide {{ insert: param, si-04_odp.03 }} to {{ insert:\ @@ -49682,21 +42084,6 @@ catalog: - id: si-4_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04a.01 class: sp800-53a @@ -49709,21 +42096,6 @@ catalog: - id: si-4_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04a.02 class: sp800-53a @@ -49770,17 +42142,6 @@ catalog: - id: si-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04b. class: sp800-53a @@ -49799,21 +42160,6 @@ catalog: - id: si-4_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04c.01 class: sp800-53a @@ -49826,21 +42172,6 @@ catalog: - id: si-4_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04c.02 class: sp800-53a @@ -49857,17 +42188,6 @@ catalog: - id: si-4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04d. class: sp800-53a @@ -49898,17 +42218,6 @@ catalog: - id: si-4_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04e. class: sp800-53a @@ -49921,17 +42230,6 @@ catalog: - id: si-4_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04f. class: sp800-53a @@ -49943,21 +42241,6 @@ catalog: - id: si-4_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04g. class: sp800-53a @@ -50091,6 +42374,9 @@ catalog: - prose: external organizations to whom security alerts, advisories, and directives are to be disseminated are defined (if selected); props: + - name: label + value: SI-05 + class: zero-padded - name: label value: SI-5 - name: label @@ -50120,9 +42406,6 @@ catalog: - id: si-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Receive system security alerts, advisories, and directives\ @@ -50130,9 +42413,6 @@ catalog: - id: si-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Generate internal security alerts, advisories, and directives @@ -50140,9 +42420,6 @@ catalog: - id: si-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Disseminate security alerts, advisories, and directives\ @@ -50150,9 +42427,6 @@ catalog: - id: si-5_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Implement security directives in accordance with established @@ -50191,21 +42465,6 @@ catalog: - id: si-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-05a. class: sp800-53a @@ -50217,17 +42476,6 @@ catalog: - id: si-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-05b. class: sp800-53a @@ -50239,21 +42487,6 @@ catalog: - id: si-5_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-05c. class: sp800-53a @@ -50265,17 +42498,6 @@ catalog: - id: si-5_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-05d. class: sp800-53a @@ -50372,6 +42594,9 @@ catalog: class: SP800-53 title: Information Management and Retention props: + - name: label + value: SI-12 + class: zero-padded - name: label value: SI-12 - name: label @@ -50452,10 +42677,6 @@ catalog: parts: - id: si-12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Manage and retain information within the system and information output from the system in accordance with applicable laws, executive orders, directives, regulations, policies, standards, guidelines and @@ -50488,17 +42709,6 @@ catalog: - id: si-12_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-12 class: sp800-53a @@ -50716,6 +42926,9 @@ catalog: - prose: events that require the supply chain risk management procedures to be reviewed and updated are defined; props: + - name: label + value: SR-01 + class: zero-padded - name: label value: SR-1 - name: label @@ -50763,11 +42976,6 @@ catalog: - id: sr-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -50808,9 +43016,6 @@ catalog: - id: sr-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, sr-01_odp.04 }} to manage\ @@ -50819,11 +43024,6 @@ catalog: - id: sr-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current supply chain risk management:" @@ -50885,17 +43085,6 @@ catalog: - id: sr-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-01a.[01] class: sp800-53a @@ -50907,17 +43096,6 @@ catalog: - id: sr-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-01a.[02] class: sp800-53a @@ -50929,13 +43107,6 @@ catalog: - id: sr-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-01a.[03] class: sp800-53a @@ -50949,13 +43120,6 @@ catalog: - id: sr-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-01a.[04] class: sp800-53a @@ -50974,13 +43138,6 @@ catalog: - id: sr-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-01a.01(a) class: sp800-53a @@ -51070,13 +43227,6 @@ catalog: - id: sr-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-01a.01(b) class: sp800-53a @@ -51096,17 +43246,6 @@ catalog: - id: sr-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-01b. class: sp800-53a @@ -51126,17 +43265,6 @@ catalog: - id: sr-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-01c.01 class: sp800-53a @@ -51171,17 +43299,6 @@ catalog: - id: sr-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-01c.02 class: sp800-53a @@ -51281,6 +43398,9 @@ catalog: - prose: the frequency at which to review and update the supply chain risk management plan is defined; props: + - name: label + value: SR-02 + class: zero-padded - name: label value: SR-2 - name: label @@ -51350,9 +43470,6 @@ catalog: - id: sr-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Develop a plan for managing supply chain risks associated\ @@ -51363,9 +43480,6 @@ catalog: - id: sr-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update the supply chain risk management plan\ @@ -51374,9 +43488,6 @@ catalog: - id: sr-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Protect the supply chain risk management plan from unauthorized @@ -51446,17 +43557,6 @@ catalog: - id: sr-2_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-02a.[01] class: sp800-53a @@ -51467,13 +43567,6 @@ catalog: - id: sr-2_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[02] class: sp800-53a @@ -51486,13 +43579,6 @@ catalog: - id: sr-2_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[03] class: sp800-53a @@ -51505,13 +43591,6 @@ catalog: - id: sr-2_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[04] class: sp800-53a @@ -51524,13 +43603,6 @@ catalog: - id: sr-2_obj.a-5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[05] class: sp800-53a @@ -51543,13 +43615,6 @@ catalog: - id: sr-2_obj.a-6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[06] class: sp800-53a @@ -51562,13 +43627,6 @@ catalog: - id: sr-2_obj.a-7 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[07] class: sp800-53a @@ -51581,13 +43639,6 @@ catalog: - id: sr-2_obj.a-8 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[08] class: sp800-53a @@ -51600,13 +43651,6 @@ catalog: - id: sr-2_obj.a-9 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[09] class: sp800-53a @@ -51622,17 +43666,6 @@ catalog: - id: sr-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-02b. class: sp800-53a @@ -51645,17 +43678,6 @@ catalog: - id: sr-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SR-02c. class: sp800-53a @@ -51820,6 +43842,9 @@ catalog: guidelines: - prose: supply chain risk management activities are defined; props: + - name: label + value: SR-02(01) + class: zero-padded - name: label value: SR-2(1) - name: label @@ -51839,10 +43864,6 @@ catalog: parts: - id: sr-2.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Establish a supply chain risk management team consisting\ \ of {{ insert: param, sr-02.01_odp.01 }} to lead and support\ \ the following SCRM activities: {{ insert: param, sr-02.01_odp.02\ @@ -51871,17 +43892,6 @@ catalog: - id: sr-2.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-02(01) class: sp800-53a @@ -51986,6 +43996,9 @@ catalog: - prose: the document identifying the selected and implemented supply chain processes and controls is defined (if selected); props: + - name: label + value: SR-03 + class: zero-padded - name: label value: SR-3 - name: label @@ -52070,9 +44083,6 @@ catalog: - id: sr-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Establish a process or processes to identify and address\ @@ -52082,9 +44092,6 @@ catalog: - id: sr-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Employ the following controls to protect against supply\ @@ -52094,9 +44101,6 @@ catalog: - id: sr-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Document the selected and implemented supply chain processes\ @@ -52149,17 +44153,6 @@ catalog: - id: sr-3_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-03a.[01] class: sp800-53a @@ -52173,17 +44166,6 @@ catalog: - id: sr-3_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-03a.[02] class: sp800-53a @@ -52200,17 +44182,6 @@ catalog: - id: sr-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SR-03b. class: sp800-53a @@ -52224,17 +44195,6 @@ catalog: - id: sr-3_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SR-03c. class: sp800-53a @@ -52349,6 +44309,9 @@ catalog: to protect against, identify, and mitigate supply chain risks are defined; props: + - name: label + value: SR-05 + class: zero-padded - name: label value: SR-5 - name: label @@ -52410,10 +44373,6 @@ catalog: parts: - id: sr-5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Employ the following acquisition strategies, contract tools,\ \ and procurement methods to protect against, identify, and mitigate\ \ supply chain risks: {{ insert: param, sr-05_odp }}." @@ -52443,21 +44402,6 @@ catalog: - id: sr-5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SR-05 class: sp800-53a @@ -52614,6 +44558,9 @@ catalog: - prose: information for which agreements and procedures are to be established are defined (if selected); props: + - name: label + value: SR-08 + class: zero-padded - name: label value: SR-8 - name: label @@ -52651,10 +44598,6 @@ catalog: parts: - id: sr-8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Establish agreements and procedures with entities involved in\ \ the supply chain for the system, system component, or system service\ \ for the {{ insert: param, sr-08_odp.01 }}." @@ -52685,17 +44628,6 @@ catalog: - id: sr-8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-08 class: sp800-53a @@ -52806,6 +44738,9 @@ catalog: - prose: indications of the need for an inspection of systems or system components are defined (if selected); props: + - name: label + value: SR-10 + class: zero-padded - name: label value: SR-10 - name: label @@ -52843,10 +44778,6 @@ catalog: parts: - id: sr-10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Inspect the following systems or system components {{ insert:\ \ param, sr-10_odp.02 }} to detect tampering: {{ insert: param, sr-10_odp.01\ \ }}." @@ -52861,17 +44792,6 @@ catalog: - id: sr-10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-10 class: sp800-53a @@ -52987,6 +44907,9 @@ catalog: - prose: personnel or roles to whom counterfeit system components are to be reported is/are defined (if selected); props: + - name: label + value: SR-11 + class: zero-padded - name: label value: SR-11 - name: label @@ -53020,9 +44943,6 @@ catalog: - id: sr-11_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Develop and implement anti-counterfeit policy and procedures @@ -53031,9 +44951,6 @@ catalog: - id: sr-11_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Report counterfeit system components to {{ insert: param,\ @@ -53074,17 +44991,6 @@ catalog: - id: sr-11_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11a.[01] class: sp800-53a @@ -53095,17 +45001,6 @@ catalog: - id: sr-11_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11a.[02] class: sp800-53a @@ -53116,17 +45011,6 @@ catalog: - id: sr-11_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11a.[03] class: sp800-53a @@ -53138,17 +45022,6 @@ catalog: - id: sr-11_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11a.[04] class: sp800-53a @@ -53163,17 +45036,6 @@ catalog: - id: sr-11_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11b. class: sp800-53a @@ -53300,6 +45162,9 @@ catalog: system components (including hardware, software, and firmware) is/are defined; props: + - name: label + value: SR-11(01) + class: zero-padded - name: label value: SR-11(1) - name: label @@ -53321,10 +45186,6 @@ catalog: parts: - id: sr-11.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Train {{ insert: param, sr-11.01_odp }} to detect counterfeit\ \ system components (including hardware, software, and firmware)." - id: sr-11.1_gdn @@ -53333,17 +45194,6 @@ catalog: - id: sr-11.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11(01) class: sp800-53a @@ -53446,6 +45296,9 @@ catalog: - prose: system components requiring configuration control are defined; props: + - name: label + value: SR-11(02) + class: zero-padded - name: label value: SR-11(2) - name: label @@ -53473,10 +45326,6 @@ catalog: parts: - id: sr-11.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Maintain configuration control over the following system\ \ components awaiting service or repair and serviced or repaired\ \ components awaiting return to service: {{ insert: param, sr-11.02_odp\ @@ -53487,17 +45336,6 @@ catalog: - id: sr-11.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11(02) class: sp800-53a @@ -53610,6 +45448,9 @@ catalog: - prose: techniques and methods for disposing of data, documentation, tools, or system components are defined; props: + - name: label + value: SR-12 + class: zero-padded - name: label value: SR-12 - name: label @@ -53629,10 +45470,6 @@ catalog: parts: - id: sr-12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Dispose of {{ insert: param, sr-12_odp.01 }} using the following\ \ techniques and methods: {{ insert: param, sr-12_odp.02 }}." - id: sr-12_gdn @@ -53653,17 +45490,6 @@ catalog: - id: sr-12_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-12 class: sp800-53a diff --git a/dist/content/rev5/baselines/yaml/FedRAMP_rev5_LOW-baseline_profile.yaml b/dist/content/rev5/baselines/yaml/FedRAMP_rev5_LOW-baseline_profile.yaml index 4ce93ba65..4e736df2d 100644 --- a/dist/content/rev5/baselines/yaml/FedRAMP_rev5_LOW-baseline_profile.yaml +++ b/dist/content/rev5/baselines/yaml/FedRAMP_rev5_LOW-baseline_profile.yaml @@ -1,11 +1,11 @@ --- profile: - uuid: 512149a6-7f04-4c01-bb1b-78eafd6a950d + uuid: a092361d-50c4-4ada-8d3d-bc973ce9c441 metadata: title: FedRAMP Rev 5 Low Baseline published: 2023-08-31T00:00:00Z - last-modified: 2024-01-11T23:40:17Z - version: 5.1.1+fedramp-20240111-0 + last-modified: 2023-12-18T15:21:26Z + version: 5.1.1+20231218-1 oscal-version: 1.1.1 roles: - id: prepared-by @@ -729,704 +729,6 @@ profile: constraints: - description: all alters: - - control-id: ac-1 - adds: - - position: starting - by-id: ac-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ac-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: ac-14 - adds: - - position: starting - by-id: ac-14_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-14_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-14_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-14_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-17 - adds: - - position: starting - by-id: ac-17_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-17_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-17_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-17_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-18 - adds: - - position: starting - by-id: ac-18_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-18_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-18_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-18_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-19 - adds: - - position: starting - by-id: ac-19_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-19_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-19_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-19_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-2 - adds: - - position: starting - by-id: ac-2_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-2_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-2_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.i.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.i.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.i.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.j - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.k-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.k-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.l - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.i - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.j - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.k - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.l - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-22 - adds: - - position: starting - by-id: ac-22_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-22_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-22_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-22_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-22_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-22_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-22_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-22_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-3 - adds: - - position: starting - by-id: ac-3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ac-7 adds: - position: ending @@ -1442,46 +744,6 @@ profile: - name: label value: "Requirement:" prose: In alignment with NIST SP 800-63B - - position: starting - by-id: ac-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ac-8 adds: - position: ending @@ -1528,102 +790,6 @@ profile: prose: If performed as part of a Configuration Baseline check, then the % of items requiring setting that are checked and that pass (or fail) check can be provided. - - position: starting - by-id: ac-8_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-8_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-8_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-8_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-8_obj.a.4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-8_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-8_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ac-20 adds: - position: ending @@ -1654,640 +820,6 @@ profile: SA-9 describes the responsibilities of external system owners. These responsibilities would typically be captured in the agreement required by CA-3. - - position: starting - by-id: ac-20_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-20_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-20_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-20_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: at-1 - adds: - - position: starting - by-id: at-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: at-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: at-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: at-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: at-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: at-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: at-2 - adds: - - position: starting - by-id: at-2_obj.a.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_obj.a.1-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_obj.a.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_obj.a.1-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: at-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: at-2.2 - adds: - - position: starting - by-id: at-2.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: at-3 - adds: - - position: starting - by-id: at-3_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-3_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: at-3_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: at-4 - adds: - - position: starting - by-id: at-4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: at-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: au-1 - adds: - - position: starting - by-id: au-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: au-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: au-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: au-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: au-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: au-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: au-12 - adds: - - position: starting - by-id: au-12_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-12_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-12_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-12_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-12_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-12_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-12 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: au-2 adds: - position: ending @@ -2311,252 +843,6 @@ profile: value: "(e) Guidance:" prose: Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO. - - position: starting - by-id: au-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-2_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-2_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-2_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-2_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-3 - adds: - - position: starting - by-id: au-3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-4 - adds: - - position: starting - by-id: au-4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-4 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-5 - adds: - - position: starting - by-id: au-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: au-6 adds: - position: ending @@ -2575,72 +861,6 @@ profile: be documented and accepted by the JAB/AO. In multi-tenant environments, capability and means for providing review, analysis, and reporting to consumer for data pertaining to consumer shall be documented. - - position: starting - by-id: au-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-6_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-6_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-6 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: au-11 adds: - position: ending @@ -2672,254 +892,6 @@ profile: value: "Guidance:" prose: The service provider is encouraged to align with M-21-31 where possible - - position: starting - by-id: au-11_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-11_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-11 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-8 - adds: - - position: starting - by-id: au-8_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-8 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-9 - adds: - - position: starting - by-id: au-9_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-9_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-9_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-9_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ca-1 - adds: - - position: starting - by-id: ca-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ca-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - control-id: ca-2 adds: - position: ending @@ -2935,222 +907,6 @@ profile: - name: label value: "Guidance:" prose: Reference FedRAMP Annual Assessment Guidance. - - position: starting - by-id: ca-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-2_obj.b.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2_obj.b.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2_obj.b.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-2_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-2_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-2_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ca-2.1 - adds: - - position: starting - by-id: ca-2.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ca-3 - adds: - - position: starting - by-id: ca-3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-3_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ca-5 adds: - position: ending @@ -3172,46 +928,6 @@ profile: - name: label value: "Guidance:" prose: Reference FedRAMP-POAM-Template - - position: starting - by-id: ca-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ca-6 adds: - position: ending @@ -3232,116 +948,6 @@ profile: the types of changes to the information system or the environment of operations that would impact the risk posture. The types of changes are approved and accepted by the JAB/AO. - - position: starting - by-id: ca-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-6_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-6_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-6_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-6_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-6_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-6_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-6_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ca-7 adds: - position: ending @@ -3380,250 +986,6 @@ profile: Monitoring Plan. CSPs should reference the FedRAMP Continuous Monitoring Strategy Guide when developing the Continuous Monitoring Plan. - - position: starting - by-id: ca-7_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ca-7.4 - adds: - - position: starting - by-id: ca-7.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7.4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7.4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7.4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7.4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7.4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7.4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ca-8 adds: - position: ending @@ -3640,356 +1002,6 @@ profile: value: "Guidance:" prose: Scope can be limited to public facing applications in alignment with M-22-09. Reference the FedRAMP Penetration Test Guidance. - - position: starting - by-id: ca-8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ca-9 - adds: - - position: starting - by-id: ca-9_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-9_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-9_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-9_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-9_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-9_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-9_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-9_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-1 - adds: - - position: starting - by-id: cm-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: cm-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: cm-10 - adds: - - position: starting - by-id: cm-10_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-10_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-10_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-10_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-10_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-10_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-11 - adds: - - position: starting - by-id: cm-11_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-11_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-11_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-11_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-11_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-11_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cm-2 adds: - position: ending @@ -4006,120 +1018,6 @@ profile: value: "(b) (1) Guidance:" prose: Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F. - - position: starting - by-id: cm-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-2_obj.b.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-2_obj.b.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-2_obj.b.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-4 - adds: - - position: starting - by-id: cm-4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-5 - adds: - - position: starting - by-id: cm-5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: cm-6 adds: - position: ending @@ -4163,7 +1061,7 @@ profile: of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are - then documented in the CSP's Plan of Action and Milestones + then documented in the CSP’s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable. @@ -4174,88 +1072,6 @@ profile: CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests. - - position: starting - by-id: cm-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-6_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-6_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-6_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-6_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-6 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: cm-7 adds: - position: ending @@ -4275,48 +1091,6 @@ profile: ports, protocols, and/or services or establishes its own list of prohibited or restricted functions, ports, protocols, and/or services if STIGs or CIS is not available. - - position: starting - by-id: cm-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-7 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: cm-8 adds: - position: ending @@ -4332,266 +1106,6 @@ profile: - name: label value: "Requirement:" prose: must be provided at least monthly or when there is a change. - - position: starting - by-id: cm-8_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8_obj.a.4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8_obj.a.5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-8 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: cp-1 - adds: - - position: starting - by-id: cp-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: cp-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: cp-10 - adds: - - position: starting - by-id: cp-10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cp-2 adds: - position: ending @@ -4615,254 +1129,6 @@ profile: value: "Requirement:" prose: "CSPs must use the FedRAMP Information System Contingency\ \ Plan (ISCP) Template (available on the fedramp.gov: https://www.fedramp.gov/assets/resources/templates/SSP-A06-FedRAMP-ISCP-Template.docx)." - - position: starting - by-id: cp-2_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.a.4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.a.5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.a.6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.a.7 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.e-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.e-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cp-3 adds: - position: ending @@ -4885,88 +1151,6 @@ profile: applies to their respective level. Newly hired critical contingency personnel must take this more in-depth training within 60 days of hire date when the training will have more impact. - - position: starting - by-id: cp-3_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-3_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-3_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-3_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-3_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cp-4 adds: - position: ending @@ -4993,112 +1177,6 @@ profile: test results with the security package within the Contingency Plan-designated appendix (Appendix G, Contingency Plan Test Report). - - position: starting - by-id: cp-4_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-4_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-4_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-4 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: cp-9 adds: - position: ending @@ -5143,230 +1221,6 @@ profile: of information system documentation including security information (at least one of which is available online) or provides an equivalent alternative. - - position: starting - by-id: cp-9_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-9_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-9_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-9_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-1 - adds: - - position: starting - by-id: ia-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ia-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ia-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ia-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ia-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ia-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ia-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ia-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ia-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ia-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ia-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - control-id: ia-2 adds: - position: ending @@ -5408,54 +1262,6 @@ profile: all applicable Federal requirements and architecture, dataflow, and security and privacy controls must be documented, assessed, and authorized to operate. - - position: starting - by-id: ia-2_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ia-2.1 adds: - position: ending @@ -5485,28 +1291,6 @@ profile: value: "Guidance:" prose: Multi-factor authentication to subsequent components in the same user domain is not required. - - position: starting - by-id: ia-2.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ia-2.2 adds: - position: ending @@ -5536,28 +1320,6 @@ profile: value: "Guidance:" prose: Multi-factor authentication to subsequent components in the same user domain is not required. - - position: starting - by-id: ia-2.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ia-2.12 adds: - position: ending @@ -5574,148 +1336,6 @@ profile: value: "Guidance:" prose: Include Common Access Card (CAC), i.e., the DoD technical implementation of PIV/FIPS 201/HSPD-12. - - position: starting - by-id: ia-2.12_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2.12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2.12 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ia-2.8 - adds: - - position: starting - by-id: ia-2.8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2.8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2.8 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ia-4 - adds: - - position: starting - by-id: ia-4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-4 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ia-5 adds: - position: ending @@ -5742,206 +1362,6 @@ profile: parties, such as a browser. For example, a SAML assertion can be encrypted using XML-Encryption, or an OpenID Connect ID Token can be encrypted using JSON Web Encryption (JWE). - - position: starting - by-id: ia-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.h-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.h-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.i - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.i - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ia-5.1 adds: - position: ending @@ -5967,7 +1387,7 @@ profile: - name: label value: "(h) Requirement:" prose: >- - For cases where technology doesn't allow multi-factor + For cases where technology doesn’t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters. @@ -5985,146 +1405,6 @@ profile: prose: Note that (c) and (d) require the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13). - - position: starting - by-id: ia-5.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ia-11 adds: - position: ending @@ -6146,390 +1426,6 @@ profile: * AAL1 (low baseline) * 30 days of extended session * No limit on inactivity - - position: starting - by-id: ia-11_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-11_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-6 - adds: - - position: starting - by-id: ia-6_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-6_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-7 - adds: - - position: starting - by-id: ia-7_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-7_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-8 - adds: - - position: starting - by-id: ia-8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-8.1 - adds: - - position: starting - by-id: ia-8.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-8.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-8.2 - adds: - - position: starting - by-id: ia-8.2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-8.2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-8.2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-8.2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-8.4 - adds: - - position: starting - by-id: ia-8.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-8.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-1 - adds: - - position: starting - by-id: ir-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ir-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: ir-2 - adds: - - position: starting - by-id: ir-2_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-2_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-2_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-2_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-2_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ir-4 adds: - position: ending @@ -6559,142 +1455,6 @@ profile: incident handling meet personnel security requirements commensurate with the criticality/sensitivity of the information being processed, stored, and transmitted by the information system. - - position: starting - by-id: ir-4_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-4 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ir-5 - adds: - - position: starting - by-id: ir-5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ir-6 adds: - position: ending @@ -6711,82 +1471,6 @@ profile: value: "Requirement:" prose: Reports security incident information according to FedRAMP Incident Communications Procedure. - - position: starting - by-id: ir-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-7 - adds: - - position: starting - by-id: ir-7_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-7_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-7_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ir-8 adds: - position: ending @@ -6814,1156 +1498,6 @@ profile: personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel. - - position: starting - by-id: ir-8_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.7 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.8 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.9 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.10 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-8_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-8_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-8_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-8_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-8_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-8_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-1 - adds: - - position: starting - by-id: ma-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ma-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ma-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ma-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ma-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ma-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: ma-2 - adds: - - position: starting - by-id: ma-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-2_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-2_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-2_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-2_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-4 - adds: - - position: starting - by-id: ma-4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-4_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-4_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ma-4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-4_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-4_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-5 - adds: - - position: starting - by-id: ma-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ma-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-5_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: mp-1 - adds: - - position: starting - by-id: mp-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: mp-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: mp-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: mp-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: mp-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: mp-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: mp-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: mp-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: mp-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: mp-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: mp-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: mp-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: mp-2 - adds: - - position: starting - by-id: mp-2_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-2_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: mp-6 - adds: - - position: starting - by-id: mp-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: mp-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: mp-7 - adds: - - position: starting - by-id: mp-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: mp-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-1 - adds: - - position: starting - by-id: pe-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pe-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pe-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pe-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pe-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: pe-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: pe-12 - adds: - - position: starting - by-id: pe-12_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-12_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-12_obj-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-12_obj-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-13 - adds: - - position: starting - by-id: pe-13_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13_obj-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13_obj-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13_obj-5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13_obj-6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: pe-14 adds: - position: ending @@ -7980,1268 +1514,6 @@ profile: value: "(a) Requirement:" prose: The service provider measures temperature at server inlets and humidity levels by dew point. - - position: starting - by-id: pe-14_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-14_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-14_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-14_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-15 - adds: - - position: starting - by-id: pe-15_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-15_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-15_obj-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-15_obj-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-15_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-16 - adds: - - position: starting - by-id: pe-16_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-16_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-16_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-16_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-16_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-16_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-16_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-2 - adds: - - position: starting - by-id: pe-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-3 - adds: - - position: starting - by-id: pe-3_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-3_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.d-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.d-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.e-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.e-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.e-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-3_obj.g-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.g-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: pe-6 - adds: - - position: starting - by-id: pe-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-6_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-6_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-6_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-6_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-6_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-8 - adds: - - position: starting - by-id: pe-8_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-8_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-8_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pl-1 - adds: - - position: starting - by-id: pl-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: pl-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: pl-11 - adds: - - position: starting - by-id: pl-11_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-11_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pl-2 - adds: - - position: starting - by-id: pl-2_obj.a.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.4-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.4-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.7 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.8 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.9 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.10-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.10-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.11 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.12-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.12-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.13-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.13-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.14-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-2_obj.a.14-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-2_obj.a.15-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.15-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-2_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-2_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pl-4 - adds: - - position: starting - by-id: pl-4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pl-4.1 - adds: - - position: starting - by-id: pl-4.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-4.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-4.1_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-4.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-4.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-4.1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: pl-8 adds: - position: ending @@ -9258,170 +1530,6 @@ profile: value: "(b) Guidance:" prose: Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F. - - position: starting - by-id: pl-8_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-8_obj.a.4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-8_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.c-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.c-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.c-5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.c-6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-8_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: pl-10 adds: - position: ending @@ -9437,860 +1545,6 @@ profile: - name: label value: "Requirement:" prose: Select the appropriate FedRAMP Baseline - - position: starting - by-id: pl-10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-1 - adds: - - position: starting - by-id: ps-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ps-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: ps-2 - adds: - - position: starting - by-id: ps-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-3 - adds: - - position: starting - by-id: ps-3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-3_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-3_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-4 - adds: - - position: starting - by-id: ps-4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-4_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-4_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-5 - adds: - - position: starting - by-id: ps-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-5_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-5_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-5_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-6 - adds: - - position: starting - by-id: ps-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-6_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-6_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-6_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-7 - adds: - - position: starting - by-id: ps-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-7_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-7_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-7_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-7_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-7_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-7_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-8 - adds: - - position: starting - by-id: ps-8_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-9 - adds: - - position: starting - by-id: ps-9_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-9_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ra-1 - adds: - - position: starting - by-id: ra-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ra-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: ra-2 - adds: - - position: starting - by-id: ra-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ra-3 adds: - position: ending @@ -10314,192 +1568,6 @@ profile: value: "(e) Requirement:" prose: Include all Authorizing Officials; for JAB authorizations to include FedRAMP. - - position: starting - by-id: ra-3_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-3_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-3_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-3_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-3_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-3_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-3_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-3_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-3_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ra-3.1 - adds: - - position: starting - by-id: ra-3.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-3.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-3.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-3.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ra-5 adds: - position: ending @@ -10569,668 +1637,12 @@ profile: Warnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a - \"warning\" as part of the compliance scanning of a CSO, follow + “warning” as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching - on \"Tracking of Compliance Scans\" in FAQs. - - position: starting - by-id: ra-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-5_obj.b.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.b.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.b.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ra-5.11 - adds: - - position: starting - by-id: ra-5.11_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5.11_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ra-5.2 - adds: - - position: starting - by-id: ra-5.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ra-7 - adds: - - position: starting - by-id: ra-7_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-7_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-1 - adds: - - position: starting - by-id: sa-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: sa-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: sa-2 - adds: - - position: starting - by-id: sa-2_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-2_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-2_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-2_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-2_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-2_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-22 - adds: - - position: starting - by-id: sa-22_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-22_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-22_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-22_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-3 - adds: - - position: starting - by-id: sa-3_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.d-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.d-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. + on “Tracking of Compliance Scans” in FAQs. - control-id: sa-4 adds: - position: ending @@ -11262,982 +1674,6 @@ profile: See https://www.niap-ccevs.org/Product/index.cfm or https://www.commoncriteriaportal.org/products/. - - position: starting - by-id: sa-4_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.i - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.i - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-4.10 - adds: - - position: starting - by-id: sa-4.10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4.10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-5 - adds: - - position: starting - by-id: sa-5_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.a.2-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.a.2-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.a.2-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.a.2-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.1-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.1-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.2-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.2-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.3-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.3-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-5_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-5_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-5_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-8 - adds: - - position: starting - by-id: sa-8_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-7 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-8 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-9 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-10 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-9 - adds: - - position: starting - by-id: sa-9_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-9_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-9_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-9_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-9_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-9_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-9_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-9_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-9_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-9 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: sc-1 - adds: - - position: starting - by-id: sc-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sc-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sc-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sc-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sc-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: sc-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: sc-22 - adds: - - position: starting - by-id: sc-22_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-22_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-39 - adds: - - position: starting - by-id: sc-39_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-39_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-5 - adds: - - position: starting - by-id: sc-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sc-7 adds: - position: ending @@ -12261,122 +1697,6 @@ profile: to satisfy SC-7 part b and other controls. See the FedRAMP Subnets White Paper (https://www.fedramp.gov/assets/resources/documents/FedRAMP_subnets_white_paper.pdf) for additional information. - - position: starting - by-id: sc-7_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-7_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-7_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-7_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-8 adds: - position: ending @@ -12415,7 +1735,7 @@ profile: * From a load balancer to a compute instance - * Flows from management tools required for their work - e.g. + * Flows from management tools required for their work – e.g. log collection, scanning, etc. @@ -12457,10 +1777,10 @@ profile: Controlled Access Area (CAA): Data will be considered physically - protected, and in a CAA if it meets Section 2.3 of the DHS's + protected, and in a CAA if it meets Section 2.3 of the DHS’s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 - of the DHS' recommended practice by satisfactory implementation + of the DHS’ recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3). @@ -12485,36 +1805,6 @@ profile: https://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf - - position: starting - by-id: sc-8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-8 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-8.1 adds: - position: ending @@ -12563,30 +1853,6 @@ profile: \ many require encryption to be configured, and enabled by the\ \ customer. The CSP has the responsibility to verify encryption\ \ is properly configured." - - position: starting - by-id: sc-8.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-8.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sc-12 adds: - position: ending @@ -12617,36 +1883,6 @@ profile: prose: Wildcard certificates may be used internally within the system, but are not permitted for external customer access to the system. - - position: starting - by-id: sc-12_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-12 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-13 adds: - position: ending @@ -12735,56 +1971,6 @@ profile: prose: "At a minimum, this control applies to cryptography in\ \ use for the following controls: AU-9(3), CP-9(8), IA-2(6),\ \ IA-5(1), MP-5, SC-8(1), and SC-28(1)." - - position: starting - by-id: sc-13_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-13_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-13_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-13_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-13 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-15 adds: - position: ending @@ -12802,50 +1988,6 @@ profile: prose: The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use. - - position: starting - by-id: sc-15_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-15_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-15_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-15_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sc-20 adds: - position: ending @@ -12886,72 +2028,6 @@ profile: prose: CSPs are recommended to self-check DNSSEC configuration through one of many available analyzers such as Sandia National Labs (https://dnsviz.net) - - position: starting - by-id: sc-20_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-20_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-20_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-20_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-20_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sc-21 adds: - position: ending @@ -13003,36 +2079,6 @@ profile: * DNSSEC resolution to access a component inside the boundary is excluded. - - position: starting - by-id: sc-21_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-21_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-21 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-28 adds: - position: ending @@ -13066,36 +2112,6 @@ profile: value: "Guidance:" prose: Note that this enhancement requires the use of cryptography in accordance with SC-13. - - position: starting - by-id: sc-28_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-28_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-28 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-28.1 adds: - position: ending @@ -13132,400 +2148,6 @@ profile: C. For a database application housing data for multiple customers, encryption with unique keys for each customer at the database record level may be more appropriate. - - position: starting - by-id: sc-28.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-28.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-1 - adds: - - position: starting - by-id: si-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: si-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: si-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: si-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: si-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: si-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: si-12 - adds: - - position: starting - by-id: si-12_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-2 - adds: - - position: starting - by-id: si-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-3 - adds: - - position: starting - by-id: si-3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-3_obj.c.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-3_obj.c.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-3_obj.c.2-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-3_obj.c.2-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-3_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: si-4 adds: - position: ending @@ -13541,194 +2163,6 @@ profile: - name: label value: "Guidance:" prose: See US-CERT Incident Response Reporting Guidelines. - - position: starting - by-id: si-4_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: si-5 adds: - position: ending @@ -13744,478 +2178,6 @@ profile: Operational Directives applicable to their cloud service offering per FedRAMP guidance. This includes listing the applicable directives and stating compliance status. - - position: starting - by-id: si-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-5_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-5_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-5_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-1 - adds: - - position: starting - by-id: sr-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: sr-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sr-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: sr-10 - adds: - - position: starting - by-id: sr-10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-11.1 - adds: - - position: starting - by-id: sr-11.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-11.2 - adds: - - position: starting - by-id: sr-11.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-12 - adds: - - position: starting - by-id: sr-12_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-2 - adds: - - position: starting - by-id: sr-2_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-2_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-7 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-8 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-9 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sr-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sr-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sr-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-2.1 - adds: - - position: starting - by-id: sr-2.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-2.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sr-3 adds: - position: ending @@ -14233,106 +2195,6 @@ profile: prose: CSO must document and maintain the supply chain custody, including replacement devices, to ensure the integrity of the devices before being introduced to the boundary. - - position: starting - by-id: sr-3_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-3_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sr-3_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sr-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sr-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sr-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-5 - adds: - - position: starting - by-id: sr-5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sr-5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sr-8 adds: - position: ending @@ -14350,26 +2212,6 @@ profile: prose: CSOs must ensure and document how they receive notifications from their supply chain vendor of newly discovered vulnerabilities including zero-day vulnerabilities. - - position: starting - by-id: sr-8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sr-11 adds: - position: ending @@ -14387,88 +2229,6 @@ profile: prose: CSOs must ensure that their supply chain vendors provide authenticity of software and patches and the vendor must have a plan to protect the development pipeline. - - position: starting - by-id: sr-11_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sr-11_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. back-matter: resources: - uuid: 985475ee-d4d6-4581-8fdf-d84d3d8caa48 @@ -14483,10 +2243,10 @@ profile: rlinks: - href: https://www.fedramp.gov/assets/img/logo-main-fedramp.png - uuid: 051a77c1-b61d-4995-8275-dacfe688d510 - title: NIST Special Publication (SP) 800-53 + title: NIST Special Publication (SP) 800-53 revision 5 props: - name: version value: 5.1.1 rlinks: - - href: https://raw.githubusercontent.com/usnistgov/oscal-content/v1.2.0/nist.gov/SP800-53/rev5/yaml/NIST_SP-800-53_rev5_catalog.yaml + - href: NIST_SP-800-53_rev5_catalog.yaml media-type: application/oscal+yaml diff --git a/dist/content/rev5/baselines/yaml/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog.yaml b/dist/content/rev5/baselines/yaml/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog.yaml index 7fddaeb20..ae5859c90 100644 --- a/dist/content/rev5/baselines/yaml/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog.yaml +++ b/dist/content/rev5/baselines/yaml/FedRAMP_rev5_MODERATE-baseline-resolved-profile_catalog.yaml @@ -1,11 +1,11 @@ --- catalog: - uuid: eb6bef32-6355-473b-bda6-410c70d50797 + uuid: 1386400e-7824-43de-a156-0c0dceee1c04 metadata: title: FedRAMP Rev 5 Moderate Baseline published: 2023-08-31T00:00:00Z - last-modified: 2024-01-19T14:51:19.392491-05:00 - version: 5.1.1+fedramp-20240111-0 + last-modified: 2024-02-06T11:19:16.235649-05:00 + version: 5.1.1+20231218-1 oscal-version: 1.1.1 links: - href: FedRAMP_rev5_MODERATE-baseline_profile.yaml @@ -120,6 +120,9 @@ catalog: - prose: events that would require procedures to be reviewed and updated are defined; props: + - name: label + value: AC-01 + class: zero-padded - name: label value: AC-1 - name: label @@ -163,11 +166,6 @@ catalog: - id: ac-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -207,9 +205,6 @@ catalog: - id: ac-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ac-01_odp.04 }} to manage\ @@ -218,11 +213,6 @@ catalog: - id: ac-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current access control:" @@ -282,17 +272,6 @@ catalog: - id: ac-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-01a.[01] class: sp800-53a @@ -303,17 +282,6 @@ catalog: - id: ac-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-01a.[02] class: sp800-53a @@ -325,13 +293,6 @@ catalog: - id: ac-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-01a.[03] class: sp800-53a @@ -344,13 +305,6 @@ catalog: - id: ac-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-01a.[04] class: sp800-53a @@ -369,13 +323,6 @@ catalog: - id: ac-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-01a.01(a) class: sp800-53a @@ -464,13 +411,6 @@ catalog: - id: ac-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-01a.01(b) class: sp800-53a @@ -490,17 +430,6 @@ catalog: - id: ac-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-01b. class: sp800-53a @@ -520,17 +449,6 @@ catalog: - id: ac-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-01c.01 class: sp800-53a @@ -563,17 +481,6 @@ catalog: - id: ac-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-01c.02 class: sp800-53a @@ -709,9 +616,9 @@ catalog: guidelines: - prose: the frequency of account review is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02 + class: zero-padded - name: label value: AC-2 - name: label @@ -792,9 +699,6 @@ catalog: - id: ac-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Define and document the types of accounts allowed and specifically @@ -802,18 +706,12 @@ catalog: - id: ac-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Assign account managers; - id: ac-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Require {{ insert: param, ac-02_odp.01 }} for group and\ @@ -821,9 +719,6 @@ catalog: - id: ac-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Specify:" @@ -850,9 +745,6 @@ catalog: - id: ac-2_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: "Require approvals by {{ insert: param, ac-02_odp.03 }} for\ @@ -860,9 +752,6 @@ catalog: - id: ac-2_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Create, enable, modify, disable, and remove accounts in\ @@ -870,18 +759,12 @@ catalog: - id: ac-2_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: Monitor the use of accounts; - id: ac-2_smt.h name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: h. prose: "Notify account managers and {{ insert: param, ac-02_odp.05\ @@ -911,9 +794,6 @@ catalog: - id: ac-2_smt.i name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: i. prose: "Authorize access to the system based on:" @@ -939,9 +819,6 @@ catalog: - id: ac-2_smt.j name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: j. prose: "Review accounts for compliance with account management requirements\ @@ -949,9 +826,6 @@ catalog: - id: ac-2_smt.k name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: k. prose: Establish and implement a process for changing shared or @@ -960,9 +834,6 @@ catalog: - id: ac-2_smt.l name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: l. prose: Align account management processes with personnel termination @@ -1036,13 +907,6 @@ catalog: - id: ac-2_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-02a.[01] class: sp800-53a @@ -1054,13 +918,6 @@ catalog: - id: ac-2_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-02a.[02] class: sp800-53a @@ -1075,17 +932,6 @@ catalog: - id: ac-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-02b. class: sp800-53a @@ -1096,17 +942,6 @@ catalog: - id: ac-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-02c. class: sp800-53a @@ -1118,13 +953,6 @@ catalog: - id: ac-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-02d. class: sp800-53a @@ -1187,17 +1015,6 @@ catalog: - id: ac-2_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02e. class: sp800-53a @@ -1209,17 +1026,6 @@ catalog: - id: ac-2_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02f. class: sp800-53a @@ -1285,17 +1091,6 @@ catalog: - id: ac-2_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02g. class: sp800-53a @@ -1306,17 +1101,6 @@ catalog: - id: ac-2_obj.h name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02h. class: sp800-53a @@ -1370,17 +1154,6 @@ catalog: - id: ac-2_obj.i.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02i.01 class: sp800-53a @@ -1392,17 +1165,6 @@ catalog: - id: ac-2_obj.i.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02i.02 class: sp800-53a @@ -1414,17 +1176,6 @@ catalog: - id: ac-2_obj.i.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02i.03 class: sp800-53a @@ -1439,17 +1190,6 @@ catalog: - id: ac-2_obj.j name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02j. class: sp800-53a @@ -1468,17 +1208,6 @@ catalog: - id: ac-2_obj.k-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02k.[01] class: sp800-53a @@ -1491,17 +1220,6 @@ catalog: - id: ac-2_obj.k-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02k.[02] class: sp800-53a @@ -1517,17 +1235,6 @@ catalog: - id: ac-2_obj.l name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-02l. class: sp800-53a @@ -1673,9 +1380,9 @@ catalog: - prose: "automated mechanisms used to support the management\ \ of system accounts are defined; " props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02(01) + class: zero-padded - name: label value: AC-2(1) - name: label @@ -1692,10 +1399,6 @@ catalog: parts: - id: ac-2.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Support the management of system accounts using {{ insert:\ \ param, ac-02.01_odp }}." - id: ac-2.1_gdn @@ -1710,17 +1413,6 @@ catalog: - id: ac-2.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(01) class: sp800-53a @@ -1816,9 +1508,9 @@ catalog: - prose: the time period after which to automatically remove or disable temporary or emergency accounts is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02(02) + class: zero-padded - name: label value: AC-2(2) - name: label @@ -1835,10 +1527,6 @@ catalog: parts: - id: ac-2.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Automatically {{ insert: param, ac-02.02_odp.01 }} temporary\ \ and emergency accounts after {{ insert: param, ac-02.02_odp.02\ \ }}." @@ -1852,13 +1540,6 @@ catalog: - id: ac-2.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(02) class: sp800-53a @@ -1963,9 +1644,9 @@ catalog: - prose: time period for account inactivity before disabling is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02(03) + class: zero-padded - name: label value: AC-2(3) - name: label @@ -1988,36 +1669,24 @@ catalog: - id: ac-2.3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Have expired; - id: ac-2.3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Are no longer associated with a user or individual; - id: ac-2.3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: Are in violation of organizational policy; or - id: ac-2.3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (d) prose: "Have been inactive for {{ insert: param, ac-02.03_odp.02\ @@ -2065,17 +1734,6 @@ catalog: - id: ac-2.3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(03)(a) class: sp800-53a @@ -2087,17 +1745,6 @@ catalog: - id: ac-2.3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(03)(b) class: sp800-53a @@ -2110,17 +1757,6 @@ catalog: - id: ac-2.3_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(03)(c) class: sp800-53a @@ -2133,17 +1769,6 @@ catalog: - id: ac-2.3_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(03)(d) class: sp800-53a @@ -2235,9 +1860,9 @@ catalog: class: SP800-53-enhancement title: Automated Audit Actions props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02(04) + class: zero-padded - name: label value: AC-2(4) - name: label @@ -2258,31 +1883,16 @@ catalog: parts: - id: ac-2.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Automatically audit account creation, modification, enabling, disabling, and removal actions. - id: ac-2.4_gdn name: guidance prose: Account management audit records are defined in accordance - with [AU-2](#au-2) and reviewed, analyzed, and reported in accordance - with [AU-6](#au-6). + with [AU-02](#au-2) and reviewed, analyzed, and reported in accordance + with [AU-06](#au-6). - id: ac-2.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(04) class: sp800-53a @@ -2422,9 +2032,9 @@ catalog: - prose: the time period of expected inactivity or description of when to log out is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02(05) + class: zero-padded - name: label value: AC-2(5) - name: label @@ -2446,10 +2056,6 @@ catalog: parts: - id: ac-2.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Require that users log out when {{ insert: param, ac-02.05_odp\ \ }}." parts: @@ -2472,17 +2078,6 @@ catalog: - id: ac-2.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(05) class: sp800-53a @@ -2558,9 +2153,9 @@ catalog: - a role-based access scheme - an attribute-based access scheme props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02(07) + class: zero-padded - name: label value: AC-2(7) - name: label @@ -2581,9 +2176,6 @@ catalog: - id: ac-2.7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Establish and administer privileged user accounts in\ @@ -2591,27 +2183,18 @@ catalog: - id: ac-2.7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Monitor privileged role or attribute assignments; - id: ac-2.7_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: Monitor changes to roles or attributes; and - id: ac-2.7_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (d) prose: Revoke access when privileged role or attribute assignments @@ -2637,17 +2220,6 @@ catalog: - id: ac-2.7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(07)(a) class: sp800-53a @@ -2659,17 +2231,6 @@ catalog: - id: ac-2.7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(07)(b) class: sp800-53a @@ -2680,17 +2241,6 @@ catalog: - id: ac-2.7_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(07)(c) class: sp800-53a @@ -2701,17 +2251,6 @@ catalog: - id: ac-2.7_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(07)(d) class: sp800-53a @@ -2816,9 +2355,9 @@ catalog: - prose: conditions for establishing shared and group accounts are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02(09) + class: zero-padded - name: label value: AC-2(9) - name: label @@ -2835,10 +2374,6 @@ catalog: parts: - id: ac-2.9_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Only permit the use of shared and group accounts that meet\ \ {{ insert: param, ac-02.09_odp }}." parts: @@ -2860,17 +2395,6 @@ catalog: - id: ac-2.9_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-02(09) class: sp800-53a @@ -2963,9 +2487,9 @@ catalog: guidelines: - prose: personnel or roles to report atypical usage is/are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02(12) + class: zero-padded - name: label value: AC-2(12) - name: label @@ -2999,9 +2523,6 @@ catalog: - id: ac-2.12_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Monitor system accounts for {{ insert: param, ac-02.12_odp.01\ @@ -3009,9 +2530,6 @@ catalog: - id: ac-2.12_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Report atypical usage of system accounts to {{ insert:\ @@ -3055,17 +2573,6 @@ catalog: - id: ac-2.12_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(12)(a) class: sp800-53a @@ -3077,17 +2584,6 @@ catalog: - id: ac-2.12_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(12)(b) class: sp800-53a @@ -3190,9 +2686,9 @@ catalog: guidelines: - prose: significant risks leading to disabling accounts are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-02(13) + class: zero-padded - name: label value: AC-2(13) - name: label @@ -3213,10 +2709,6 @@ catalog: parts: - id: ac-2.13_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Disable accounts of individuals within {{ insert: param,\ \ ac-02.13_odp.01 }} of discovery of {{ insert: param, ac-02.13_odp.02\ \ }}." @@ -3234,17 +2726,6 @@ catalog: - id: ac-2.13_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-02(13) class: sp800-53a @@ -3328,9 +2809,9 @@ catalog: class: SP800-53 title: Access Enforcement props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-03 + class: zero-padded - name: label value: AC-3 - name: label @@ -3449,10 +2930,6 @@ catalog: parts: - id: ac-3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. @@ -3472,17 +2949,6 @@ catalog: - id: ac-3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-03 class: sp800-53a @@ -3567,6 +3033,9 @@ catalog: - prose: information flow control policies within the system and between connected systems are defined; props: + - name: label + value: AC-04 + class: zero-padded - name: label value: AC-4 - name: label @@ -3623,10 +3092,6 @@ catalog: parts: - id: ac-4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Enforce approved authorizations for controlling the flow of\ \ information within the system and between connected systems based\ \ on {{ insert: param, ac-04_odp }}." @@ -3683,17 +3148,6 @@ catalog: - id: ac-4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-04 class: sp800-53a @@ -3798,6 +3252,9 @@ catalog: guidelines: - prose: required separations by types of information are defined; props: + - name: label + value: AC-04(21) + class: zero-padded - name: label value: AC-4(21) - name: label @@ -3819,10 +3276,6 @@ catalog: parts: - id: ac-4.21_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Separate information flows logically or physically using\ \ {{ insert: param, ac-4.21_prm_1 }} to accomplish {{ insert:\ \ param, ac-04.21_odp.03 }}." @@ -3838,17 +3291,6 @@ catalog: - id: ac-4.21_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-04(21) class: sp800-53a @@ -3967,6 +3409,9 @@ catalog: guidelines: - prose: duties of individuals requiring separation are defined; props: + - name: label + value: AC-05 + class: zero-padded - name: label value: AC-5 - name: label @@ -4017,18 +3462,12 @@ catalog: - id: ac-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Identify and document {{ insert: param, ac-05_odp }} ; and" - id: ac-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Define system access authorizations to support separation @@ -4069,13 +3508,6 @@ catalog: - id: ac-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-05a. class: sp800-53a @@ -4086,13 +3518,6 @@ catalog: - id: ac-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-05b. class: sp800-53a @@ -4176,9 +3601,9 @@ catalog: class: SP800-53 title: Least Privilege props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-06 + class: zero-padded - name: label value: AC-6 - name: label @@ -4217,10 +3642,6 @@ catalog: parts: - id: ac-6_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks. @@ -4237,17 +3658,6 @@ catalog: - id: ac-6_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-06 class: sp800-53a @@ -4348,6 +3758,9 @@ catalog: - prose: security-relevant information for authorized access is defined; props: + - name: label + value: AC-06(01) + class: zero-padded - name: label value: AC-6(1) - name: label @@ -4380,18 +3793,12 @@ catalog: - id: ac-6.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: " {{ insert: param, ac-6.1_prm_2 }} ; and" - id: ac-6.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: " {{ insert: param, ac-06.01_odp.05 }}." @@ -4416,17 +3823,6 @@ catalog: - id: ac-6.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-06(01)(a) class: sp800-53a @@ -4470,17 +3866,6 @@ catalog: - id: ac-6.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-06(01)(b) class: sp800-53a @@ -4571,9 +3956,9 @@ catalog: the access to which requires users to use non-privileged accounts to access non-security functions, are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-06(02) + class: zero-padded - name: label value: AC-6(2) - name: label @@ -4598,10 +3983,6 @@ catalog: parts: - id: ac-6.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Require that users of system accounts (or roles) with access\ \ to {{ insert: param, ac-06.02_odp }} use non-privileged accounts\ \ or roles, when accessing nonsecurity functions." @@ -4635,17 +4016,6 @@ catalog: - id: ac-6.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-06(02) class: sp800-53a @@ -4730,9 +4100,9 @@ catalog: - prose: personnel or roles to which privileged accounts on the system are to be restricted is/are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-06(05) + class: zero-padded - name: label value: AC-6(5) - name: label @@ -4755,10 +4125,6 @@ catalog: parts: - id: ac-6.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Restrict privileged accounts on the system to {{ insert:\ \ param, ac-06.05_odp }}." - id: ac-6.5_gdn @@ -4776,17 +4142,6 @@ catalog: - id: ac-6.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-06(05) class: sp800-53a @@ -4881,6 +4236,9 @@ catalog: - prose: roles or classes of users to which privileges are assigned are defined; props: + - name: label + value: AC-06(07) + class: zero-padded - name: label value: AC-6(7) - name: label @@ -4903,9 +4261,6 @@ catalog: - id: ac-6.7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Review {{ insert: param, ac-06.07_odp.01 }} the privileges\ @@ -4914,9 +4269,6 @@ catalog: - id: ac-6.7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Reassign or remove privileges, if necessary, to correctly @@ -4940,17 +4292,6 @@ catalog: - id: ac-6.7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-06(07)(a) class: sp800-53a @@ -4963,17 +4304,6 @@ catalog: - id: ac-6.7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-06(07)(b) class: sp800-53a @@ -5065,6 +4395,9 @@ catalog: class: SP800-53-enhancement title: Log Use of Privileged Functions props: + - name: label + value: AC-06(09) + class: zero-padded - name: label value: AC-6(9) - name: label @@ -5087,10 +4420,6 @@ catalog: parts: - id: ac-6.9_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Log the execution of privileged functions. - id: ac-6.9_gdn name: guidance @@ -5104,17 +4433,6 @@ catalog: - id: ac-6.9_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-06(09) class: sp800-53a @@ -5200,9 +4518,9 @@ catalog: class: SP800-53-enhancement title: Prohibit Non-privileged Users from Executing Privileged Functions props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-06(10) + class: zero-padded - name: label value: AC-6(10) - name: label @@ -5219,10 +4537,6 @@ catalog: parts: - id: ac-6.10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Prevent non-privileged users from executing privileged functions. - id: ac-6.10_gdn name: guidance @@ -5239,17 +4553,6 @@ catalog: - id: ac-6.10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-06(10) class: sp800-53a @@ -5365,6 +4668,9 @@ catalog: - prose: other action to be taken when the maximum number of unsuccessful attempts is exceeded is defined (if selected); props: + - name: label + value: AC-07 + class: zero-padded - name: label value: AC-7 - name: label @@ -5397,9 +4703,6 @@ catalog: - id: ac-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Enforce a limit of {{ insert: param, ac-07_odp.01 }} consecutive\ @@ -5408,9 +4711,6 @@ catalog: - id: ac-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Automatically {{ insert: param, ac-07_odp.03 }} when the\ @@ -5463,17 +4763,6 @@ catalog: - id: ac-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-07a. class: sp800-53a @@ -5486,17 +4775,6 @@ catalog: - id: ac-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-07b. class: sp800-53a @@ -5586,6 +4864,9 @@ catalog: - prose: conditions for system use to be displayed by the system before granting further access are defined; props: + - name: label + value: AC-08 + class: zero-padded - name: label value: AC-8 - name: label @@ -5613,9 +4894,6 @@ catalog: - id: ac-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Display {{ insert: param, ac-08_odp.01 }} to users before\ @@ -5653,9 +4931,6 @@ catalog: - id: ac-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Retain the notification message or banner on the screen until @@ -5664,9 +4939,6 @@ catalog: - id: ac-8_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "For publicly accessible systems:" @@ -5760,17 +5032,6 @@ catalog: - id: ac-8_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-08a. class: sp800-53a @@ -5782,13 +5043,6 @@ catalog: - id: ac-8_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-08a.01 class: sp800-53a @@ -5800,13 +5054,6 @@ catalog: - id: ac-8_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-08a.02 class: sp800-53a @@ -5818,13 +5065,6 @@ catalog: - id: ac-8_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-08a.03 class: sp800-53a @@ -5837,13 +5077,6 @@ catalog: - id: ac-8_obj.a.4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-08a.04 class: sp800-53a @@ -5858,17 +5091,6 @@ catalog: - id: ac-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-08b. class: sp800-53a @@ -5881,13 +5103,6 @@ catalog: - id: ac-8_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-08c. class: sp800-53a @@ -6039,6 +5254,9 @@ catalog: - prose: time period of inactivity after which a device lock is initiated is defined (if selected); props: + - name: label + value: AC-11 + class: zero-padded - name: label value: AC-11 - name: label @@ -6065,9 +5283,6 @@ catalog: - id: ac-11_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Prevent further access to the system by {{ insert: param,\ @@ -6075,9 +5290,6 @@ catalog: - id: ac-11_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Retain the device lock until the user reestablishes access @@ -6105,17 +5317,6 @@ catalog: - id: ac-11_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-11a. class: sp800-53a @@ -6127,17 +5328,6 @@ catalog: - id: ac-11_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-11b. class: sp800-53a @@ -6213,6 +5403,9 @@ catalog: class: SP800-53-enhancement title: Pattern-hiding Displays props: + - name: label + value: AC-11(01) + class: zero-padded - name: label value: AC-11(1) - name: label @@ -6229,10 +5422,6 @@ catalog: parts: - id: ac-11.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Conceal, via the device lock, information previously visible on the display with a publicly viewable image. - id: ac-11.1_gdn @@ -6245,17 +5434,6 @@ catalog: - id: ac-11.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-11(01) class: sp800-53a @@ -6336,6 +5514,9 @@ catalog: - prose: conditions or trigger events requiring session disconnect are defined; props: + - name: label + value: AC-12 + class: zero-padded - name: label value: AC-12 - name: label @@ -6356,10 +5537,6 @@ catalog: parts: - id: ac-12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Automatically terminate a user session after {{ insert: param,\ \ ac-12_odp }}." - id: ac-12_gdn @@ -6381,17 +5558,6 @@ catalog: - id: ac-12_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-12 class: sp800-53a @@ -6475,6 +5641,9 @@ catalog: - prose: user actions that can be performed on the system without identification or authentication are defined; props: + - name: label + value: AC-14 + class: zero-padded - name: label value: AC-14 - name: label @@ -6499,9 +5668,6 @@ catalog: - id: ac-14_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Identify {{ insert: param, ac-14_odp }} that can be performed\ @@ -6510,9 +5676,6 @@ catalog: - id: ac-14_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Document and provide supporting rationale in the security @@ -6549,17 +5712,6 @@ catalog: - id: ac-14_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-14a. class: sp800-53a @@ -6572,13 +5724,6 @@ catalog: - id: ac-14_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-14b. class: sp800-53a @@ -6668,6 +5813,9 @@ catalog: class: SP800-53 title: Remote Access props: + - name: label + value: AC-17 + class: zero-padded - name: label value: AC-17 - name: label @@ -6736,9 +5884,6 @@ catalog: - id: ac-17_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish and document usage restrictions, configuration/connection @@ -6747,9 +5892,6 @@ catalog: - id: ac-17_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Authorize each type of remote access to the system prior @@ -6787,17 +5929,6 @@ catalog: - id: ac-17_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-17a. class: sp800-53a @@ -6841,17 +5972,6 @@ catalog: - id: ac-17_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-17b. class: sp800-53a @@ -6935,6 +6055,9 @@ catalog: class: SP800-53-enhancement title: Monitoring and Control props: + - name: label + value: AC-17(01) + class: zero-padded - name: label value: AC-17(1) - name: label @@ -6962,10 +6085,6 @@ catalog: parts: - id: ac-17.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ automated mechanisms to monitor and control remote access methods. - id: ac-17.1_gdn @@ -6980,17 +6099,6 @@ catalog: - id: ac-17.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-17(01) class: sp800-53a @@ -7090,9 +6198,9 @@ catalog: class: SP800-53-enhancement title: Protection of Confidentiality and Integrity Using Encryption props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AC-17(02) + class: zero-padded - name: label value: AC-17(2) - name: label @@ -7115,10 +6223,6 @@ catalog: parts: - id: ac-17.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Implement cryptographic mechanisms to protect the confidentiality and integrity of remote access sessions. - id: ac-17.2_gdn @@ -7131,17 +6235,6 @@ catalog: - id: ac-17.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-17(02) class: sp800-53a @@ -7220,6 +6313,9 @@ catalog: class: SP800-53-enhancement title: Managed Access Control Points props: + - name: label + value: AC-17(03) + class: zero-padded - name: label value: AC-17(3) - name: label @@ -7238,10 +6334,6 @@ catalog: parts: - id: ac-17.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Route remote accesses through authorized and managed network access control points. - id: ac-17.3_gdn @@ -7253,17 +6345,6 @@ catalog: - id: ac-17.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-17(03) class: sp800-53a @@ -7352,6 +6433,9 @@ catalog: - prose: needs requiring access to security-relevant information via remote access are defined; props: + - name: label + value: AC-17(04) + class: zero-padded - name: label value: AC-17(4) - name: label @@ -7378,9 +6462,6 @@ catalog: - id: ac-17.4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Authorize the execution of privileged commands and access\ @@ -7390,9 +6471,6 @@ catalog: - id: ac-17.4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Document the rationale for remote access in the security @@ -7422,17 +6500,6 @@ catalog: - id: ac-17.4_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-17(04)(a)[01] class: sp800-53a @@ -7445,17 +6512,6 @@ catalog: - id: ac-17.4_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-17(04)(a)[02] class: sp800-53a @@ -7468,17 +6524,6 @@ catalog: - id: ac-17.4_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-17(04)(a)[03] class: sp800-53a @@ -7491,17 +6536,6 @@ catalog: - id: ac-17.4_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-17(04)(a)[04] class: sp800-53a @@ -7517,13 +6551,6 @@ catalog: - id: ac-17.4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AC-17(04)(b) class: sp800-53a @@ -7598,6 +6625,9 @@ catalog: class: SP800-53 title: Wireless Access props: + - name: label + value: AC-18 + class: zero-padded - name: label value: AC-18 - name: label @@ -7646,9 +6676,6 @@ catalog: - id: ac-18_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish configuration requirements, connection requirements, @@ -7657,9 +6684,6 @@ catalog: - id: ac-18_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Authorize each type of wireless access to the system prior @@ -7680,17 +6704,6 @@ catalog: - id: ac-18_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-18a. class: sp800-53a @@ -7734,17 +6747,6 @@ catalog: - id: ac-18_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-18b. class: sp800-53a @@ -7835,6 +6837,9 @@ catalog: - users - devices props: + - name: label + value: AC-18(01) + class: zero-padded - name: label value: AC-18(1) - name: label @@ -7857,10 +6862,6 @@ catalog: parts: - id: ac-18.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Protect wireless access to the system using authentication\ \ of {{ insert: param, ac-18.01_odp }} and encryption." - id: ac-18.1_gdn @@ -7880,17 +6881,6 @@ catalog: - id: ac-18.1_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-18(01)[01] class: sp800-53a @@ -7902,17 +6892,6 @@ catalog: - id: ac-18.1_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-18(01)[02] class: sp800-53a @@ -7991,6 +6970,9 @@ catalog: class: SP800-53-enhancement title: Disable Wireless Networking props: + - name: label + value: AC-18(03) + class: zero-padded - name: label value: AC-18(3) - name: label @@ -8010,10 +6992,6 @@ catalog: parts: - id: ac-18.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Disable, when not intended for use, wireless networking capabilities embedded within system components prior to issuance and deployment. - id: ac-18.3_gdn @@ -8027,17 +7005,6 @@ catalog: - id: ac-18.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-18(03) class: sp800-53a @@ -8112,6 +7079,9 @@ catalog: class: SP800-53 title: Access Control for Mobile Devices props: + - name: label + value: AC-19 + class: zero-padded - name: label value: AC-19 - name: label @@ -8178,9 +7148,6 @@ catalog: - id: ac-19_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish configuration requirements, connection requirements, @@ -8190,9 +7157,6 @@ catalog: - id: ac-19_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Authorize the connection of mobile devices to organizational @@ -8252,17 +7216,6 @@ catalog: - id: ac-19_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-19a. class: sp800-53a @@ -8309,17 +7262,6 @@ catalog: - id: ac-19_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-19b. class: sp800-53a @@ -8422,6 +7364,9 @@ catalog: guidelines: - prose: mobile devices on which to employ encryption are defined; props: + - name: label + value: AC-19(05) + class: zero-padded - name: label value: AC-19(5) - name: label @@ -8444,10 +7389,6 @@ catalog: parts: - id: ac-19.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Employ {{ insert: param, ac-19.05_odp.01 }} to protect the\ \ confidentiality and integrity of information on {{ insert: param,\ \ ac-19.05_odp.02 }}." @@ -8460,17 +7401,6 @@ catalog: - id: ac-19.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-19(05) class: sp800-53a @@ -8575,6 +7505,9 @@ catalog: guidelines: - prose: types of external systems prohibited from use are defined; props: + - name: label + value: AC-20 + class: zero-padded - name: label value: AC-20 - name: label @@ -8617,9 +7550,6 @@ catalog: - id: ac-20_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: " {{ insert: param, ac-20_odp.01 }} , consistent with the\ @@ -8643,9 +7573,6 @@ catalog: - id: ac-20_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Prohibit the use of {{ insert: param, ac-20_odp.04 }}." @@ -8737,17 +7664,6 @@ catalog: - id: ac-20_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-20a. class: sp800-53a @@ -8787,17 +7703,6 @@ catalog: - id: ac-20_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-20b. class: sp800-53a @@ -8883,6 +7788,9 @@ catalog: class: SP800-53-enhancement title: Limits on Authorized Use props: + - name: label + value: AC-20(01) + class: zero-padded - name: label value: AC-20(1) - name: label @@ -8908,9 +7816,6 @@ catalog: - id: ac-20.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Verification of the implementation of controls on the @@ -8919,9 +7824,6 @@ catalog: - id: ac-20.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Retention of approved system connection or processing @@ -8947,17 +7849,6 @@ catalog: - id: ac-20.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-20(01)(a) class: sp800-53a @@ -8973,17 +7864,6 @@ catalog: - id: ac-20.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-20(01)(b) class: sp800-53a @@ -9060,6 +7940,9 @@ catalog: storage devices by authorized individuals on external systems are defined; props: + - name: label + value: AC-20(02) + class: zero-padded - name: label value: AC-20(2) - name: label @@ -9080,10 +7963,6 @@ catalog: parts: - id: ac-20.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Restrict the use of organization-controlled portable storage\ \ devices by authorized individuals on external systems using\ \ {{ insert: param, ac-20.02_odp }}." @@ -9095,17 +7974,6 @@ catalog: - id: ac-20.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-20(02) class: sp800-53a @@ -9199,6 +8067,9 @@ catalog: in making information-sharing and collaboration decisions are defined; props: + - name: label + value: AC-21 + class: zero-padded - name: label value: AC-21 - name: label @@ -9237,9 +8108,6 @@ catalog: - id: ac-21_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Enable authorized users to determine whether access authorizations\ @@ -9249,9 +8117,6 @@ catalog: - id: ac-21_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Employ {{ insert: param, ac-21_odp.02 }} to assist users\ @@ -9282,17 +8147,6 @@ catalog: - id: ac-21_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-21a. class: sp800-53a @@ -9306,17 +8160,6 @@ catalog: - id: ac-21_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-21b. class: sp800-53a @@ -9430,6 +8273,9 @@ catalog: - prose: the frequency at which to review the content on the publicly accessible system for non-public information is defined; props: + - name: label + value: AC-22 + class: zero-padded - name: label value: AC-22 - name: label @@ -9458,9 +8304,6 @@ catalog: - id: ac-22_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Designate individuals authorized to make information publicly @@ -9468,9 +8311,6 @@ catalog: - id: ac-22_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Train authorized individuals to ensure that publicly accessible @@ -9478,9 +8318,6 @@ catalog: - id: ac-22_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Review the proposed content of information prior to posting @@ -9489,9 +8326,6 @@ catalog: - id: ac-22_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Review the content on the publicly accessible system for\ @@ -9523,17 +8357,6 @@ catalog: - id: ac-22_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-22a. class: sp800-53a @@ -9545,17 +8368,6 @@ catalog: - id: ac-22_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AC-22b. class: sp800-53a @@ -9567,17 +8379,6 @@ catalog: - id: ac-22_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-22c. class: sp800-53a @@ -9590,17 +8391,6 @@ catalog: - id: ac-22_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AC-22d. class: sp800-53a @@ -9764,6 +8554,9 @@ catalog: - prose: events that would require procedures to be reviewed and updated are defined; props: + - name: label + value: AT-01 + class: zero-padded - name: label value: AT-1 - name: label @@ -9803,11 +8596,6 @@ catalog: - id: at-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -9848,9 +8636,6 @@ catalog: - id: at-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, at-01_odp.04 }} to manage\ @@ -9859,11 +8644,6 @@ catalog: - id: at-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current awareness and training:" @@ -9923,17 +8703,6 @@ catalog: - id: at-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-01a.[01] class: sp800-53a @@ -9944,17 +8713,6 @@ catalog: - id: at-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-01a.[02] class: sp800-53a @@ -9966,13 +8724,6 @@ catalog: - id: at-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AT-01a.[03] class: sp800-53a @@ -9985,13 +8736,6 @@ catalog: - id: at-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AT-01a.[04] class: sp800-53a @@ -10010,13 +8754,6 @@ catalog: - id: at-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AT-01a.01(a) class: sp800-53a @@ -10105,13 +8842,6 @@ catalog: - id: at-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AT-01a.01(b) class: sp800-53a @@ -10131,17 +8861,6 @@ catalog: - id: at-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-01b. class: sp800-53a @@ -10161,17 +8880,6 @@ catalog: - id: at-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-01c.01 class: sp800-53a @@ -10205,17 +8913,6 @@ catalog: - id: at-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-01c.02 class: sp800-53a @@ -10340,6 +9037,9 @@ catalog: - prose: events that would require literacy training and awareness content to be updated are defined; props: + - name: label + value: AT-02 + class: zero-padded - name: label value: AT-2 - name: label @@ -10405,9 +9105,6 @@ catalog: - id: at-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Provide security and privacy literacy training to system\ @@ -10430,9 +9127,6 @@ catalog: - id: at-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Employ the following techniques to increase the security\ @@ -10441,9 +9135,6 @@ catalog: - id: at-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Update literacy training and awareness content {{ insert:\ @@ -10452,9 +9143,6 @@ catalog: - id: at-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Incorporate lessons learned from internal or external security @@ -10516,17 +9204,6 @@ catalog: - id: at-2_obj.a.1-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02a.01[01] class: sp800-53a @@ -10539,17 +9216,6 @@ catalog: - id: at-2_obj.a.1-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02a.01[02] class: sp800-53a @@ -10562,17 +9228,6 @@ catalog: - id: at-2_obj.a.1-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02a.01[03] class: sp800-53a @@ -10585,17 +9240,6 @@ catalog: - id: at-2_obj.a.1-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02a.01[04] class: sp800-53a @@ -10611,17 +9255,6 @@ catalog: - id: at-2_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02a.02 class: sp800-53a @@ -10661,13 +9294,6 @@ catalog: - id: at-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AT-02b. class: sp800-53a @@ -10679,17 +9305,6 @@ catalog: - id: at-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02c. class: sp800-53a @@ -10722,17 +9337,6 @@ catalog: - id: at-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02d. class: sp800-53a @@ -10821,6 +9425,9 @@ catalog: class: SP800-53-enhancement title: Insider Threat props: + - name: label + value: AT-02(02) + class: zero-padded - name: label value: AT-2(2) - name: label @@ -10842,10 +9449,6 @@ catalog: parts: - id: at-2.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Provide literacy training on recognizing and reporting potential indicators of insider threat. - id: at-2.2_gdn @@ -10867,17 +9470,6 @@ catalog: - id: at-2.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02(02) class: sp800-53a @@ -10964,6 +9556,9 @@ catalog: class: SP800-53-enhancement title: Social Engineering and Mining props: + - name: label + value: AT-02(03) + class: zero-padded - name: label value: AT-2(3) - name: label @@ -10983,10 +9578,6 @@ catalog: parts: - id: at-2.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Provide literacy training on recognizing and reporting potential and actual instances of social engineering and social mining. - id: at-2.3_gdn @@ -11005,17 +9596,6 @@ catalog: - id: at-2.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-02(03) class: sp800-53a @@ -11157,6 +9737,9 @@ catalog: - prose: events that require role-based training content to be updated are defined; props: + - name: label + value: AT-03 + class: zero-padded - name: label value: AT-3 - name: label @@ -11228,9 +9811,6 @@ catalog: - id: at-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Provide role-based security and privacy training to personnel\ @@ -11254,9 +9834,6 @@ catalog: - id: at-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Update role-based training content {{ insert: param, at-03_odp.04\ @@ -11264,9 +9841,6 @@ catalog: - id: at-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Incorporate lessons learned from internal or external security @@ -11331,17 +9905,6 @@ catalog: - id: at-3_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-03a.01 class: sp800-53a @@ -11400,17 +9963,6 @@ catalog: - id: at-3_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-03a.02 class: sp800-53a @@ -11448,13 +10000,6 @@ catalog: - id: at-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AT-03b. class: sp800-53a @@ -11487,17 +10032,6 @@ catalog: - id: at-3_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-03c. class: sp800-53a @@ -11589,6 +10123,9 @@ catalog: - prose: time period for retaining individual training records is defined; props: + - name: label + value: AT-04 + class: zero-padded - name: label value: AT-4 - name: label @@ -11624,9 +10161,6 @@ catalog: - id: at-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Document and monitor information security and privacy training @@ -11635,9 +10169,6 @@ catalog: - id: at-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Retain individual training records for {{ insert: param,\ @@ -11658,17 +10189,6 @@ catalog: - id: at-4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AT-04a. class: sp800-53a @@ -11703,13 +10223,6 @@ catalog: - id: at-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AT-04b. class: sp800-53a @@ -11829,6 +10342,9 @@ catalog: - prose: events that would require audit and accountability procedures to be reviewed and updated are defined; props: + - name: label + value: AU-01 + class: zero-padded - name: label value: AU-1 - name: label @@ -11864,11 +10380,6 @@ catalog: - id: au-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -11909,9 +10420,6 @@ catalog: - id: au-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, au-01_odp.04 }} to manage\ @@ -11920,11 +10428,6 @@ catalog: - id: au-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current audit and accountability:" @@ -11984,17 +10487,6 @@ catalog: - id: au-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-01a.[01] class: sp800-53a @@ -12005,17 +10497,6 @@ catalog: - id: au-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-01a.[02] class: sp800-53a @@ -12027,13 +10508,6 @@ catalog: - id: au-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AU-01a.[03] class: sp800-53a @@ -12047,13 +10521,6 @@ catalog: - id: au-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AU-01a.[04] class: sp800-53a @@ -12072,13 +10539,6 @@ catalog: - id: au-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AU-01a.01(a) class: sp800-53a @@ -12168,13 +10628,6 @@ catalog: - id: au-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: AU-01a.01(b) class: sp800-53a @@ -12194,17 +10647,6 @@ catalog: - id: au-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-01b. class: sp800-53a @@ -12224,17 +10666,6 @@ catalog: - id: au-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-01c.01 class: sp800-53a @@ -12268,17 +10699,6 @@ catalog: - id: au-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-01c.02 class: sp800-53a @@ -12396,9 +10816,9 @@ catalog: - prose: the frequency of event types selected for logging are reviewed and updated; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-02 + class: zero-padded - name: label value: AU-2 - name: label @@ -12489,9 +10909,6 @@ catalog: - id: au-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Identify the types of events that the system is capable\ @@ -12500,9 +10917,6 @@ catalog: - id: au-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Coordinate the event logging function with other organizational @@ -12511,9 +10925,6 @@ catalog: - id: au-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Specify the following event types for logging within the\ @@ -12521,9 +10932,6 @@ catalog: - id: au-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Provide a rationale for why the event types selected for @@ -12532,9 +10940,6 @@ catalog: - id: au-2_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: "Review and update the event types selected for logging {{\ @@ -12619,17 +11024,6 @@ catalog: - id: au-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-02a. class: sp800-53a @@ -12641,17 +11035,6 @@ catalog: - id: au-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-02b. class: sp800-53a @@ -12671,17 +11054,6 @@ catalog: - id: au-2_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-02c.[01] class: sp800-53a @@ -12693,13 +11065,6 @@ catalog: - id: au-2_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-02c.[02] class: sp800-53a @@ -12714,17 +11079,6 @@ catalog: - id: au-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-02d. class: sp800-53a @@ -12737,13 +11091,6 @@ catalog: - id: au-2_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-02e. class: sp800-53a @@ -12821,9 +11168,9 @@ catalog: class: SP800-53 title: Content of Audit Records props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-03 + class: zero-padded - name: label value: AU-3 - name: label @@ -12866,54 +11213,36 @@ catalog: - id: au-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: What type of event occurred; - id: au-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: When the event occurred; - id: au-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Where the event occurred; - id: au-3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Source of the event; - id: au-3_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Outcome of the event; and - id: au-3_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: Identity of any individuals, subjects, or objects/entities @@ -12935,17 +11264,6 @@ catalog: - id: au-3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-03 class: sp800-53a @@ -13102,9 +11420,9 @@ catalog: - prose: additional information to be included in audit records is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-03(01) + class: zero-padded - name: label value: AU-3(1) - name: label @@ -13121,10 +11439,6 @@ catalog: parts: - id: au-3.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Generate audit records containing the following additional\ \ information: {{ insert: param, au-03.01_odp }}." parts: @@ -13157,17 +11471,6 @@ catalog: - id: au-3.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-03(01) class: sp800-53a @@ -13258,9 +11561,9 @@ catalog: guidelines: - prose: audit log retention requirements are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-04 + class: zero-padded - name: label value: AU-4 - name: label @@ -13296,10 +11599,6 @@ catalog: parts: - id: au-4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Allocate audit log storage capacity to accommodate {{ insert:\ \ param, au-04_odp }}." - id: au-4_gdn @@ -13312,17 +11611,6 @@ catalog: - id: au-4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-04 class: sp800-53a @@ -13420,9 +11708,9 @@ catalog: - prose: additional actions to be taken in the event of an audit logging process failure are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-05 + class: zero-padded - name: label value: AU-5 - name: label @@ -13459,9 +11747,6 @@ catalog: - id: au-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Alert {{ insert: param, au-05_odp.01 }} within {{ insert:\ @@ -13470,9 +11755,6 @@ catalog: - id: au-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Take the following additional actions: {{ insert: param,\ @@ -13504,17 +11786,6 @@ catalog: - id: au-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-05a. class: sp800-53a @@ -13527,17 +11798,6 @@ catalog: - id: au-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-05b. class: sp800-53a @@ -13645,9 +11905,9 @@ catalog: - prose: personnel or roles to receive findings from reviews and analyses of system records is/are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-06 + class: zero-padded - name: label value: AU-6 - name: label @@ -13733,9 +11993,6 @@ catalog: - id: au-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Review and analyze system audit records {{ insert: param,\ @@ -13745,18 +12002,12 @@ catalog: - id: au-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Report findings to {{ insert: param, au-06_odp.03 }} ; and" - id: au-6_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Adjust the level of audit record review, analysis, and reporting @@ -13805,17 +12056,6 @@ catalog: - id: au-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-06a. class: sp800-53a @@ -13829,17 +12069,6 @@ catalog: - id: au-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-06b. class: sp800-53a @@ -13851,17 +12080,6 @@ catalog: - id: au-6_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-06c. class: sp800-53a @@ -13936,9 +12154,9 @@ catalog: - prose: automated mechanisms used for integrating audit record review, analysis, and reporting processes are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-06(01) + class: zero-padded - name: label value: AU-6(1) - name: label @@ -13960,10 +12178,6 @@ catalog: parts: - id: au-6.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Integrate audit record review, analysis, and reporting processes\ \ using {{ insert: param, au-06.01_odp }}." - id: au-6.1_gdn @@ -13975,17 +12189,6 @@ catalog: - id: au-6.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-06(01) class: sp800-53a @@ -14067,9 +12270,9 @@ catalog: class: SP800-53-enhancement title: Correlate Audit Record Repositories props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-06(03) + class: zero-padded - name: label value: AU-6(3) - name: label @@ -14093,10 +12296,6 @@ catalog: parts: - id: au-6.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Analyze and correlate audit records across different repositories to gain organization-wide situational awareness. - id: au-6.3_gdn @@ -14108,17 +12307,6 @@ catalog: - id: au-6.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-06(03) class: sp800-53a @@ -14196,6 +12384,9 @@ catalog: class: SP800-53 title: Audit Record Reduction and Report Generation props: + - name: label + value: AU-07 + class: zero-padded - name: label value: AU-7 - name: label @@ -14245,9 +12436,6 @@ catalog: - id: au-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Supports on-demand audit record review, analysis, and reporting @@ -14255,9 +12443,6 @@ catalog: - id: au-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Does not alter the original content or time ordering of audit @@ -14285,21 +12470,6 @@ catalog: - id: au-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-07a. class: sp800-53a @@ -14336,17 +12506,6 @@ catalog: - id: au-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-07b. class: sp800-53a @@ -14451,6 +12610,9 @@ catalog: - prose: fields within audit records that can be processed, sorted, or searched are defined; props: + - name: label + value: AU-07(01) + class: zero-padded - name: label value: AU-7(1) - name: label @@ -14470,10 +12632,6 @@ catalog: parts: - id: au-7.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Provide and implement the capability to process, sort, and\ \ search audit records for events of interest based on the following\ \ content: {{ insert: param, au-07.01_odp }}." @@ -14489,17 +12647,6 @@ catalog: - id: au-7.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-07(01) class: sp800-53a @@ -14616,9 +12763,9 @@ catalog: - prose: granularity of time measurement for audit record timestamps is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-08 + class: zero-padded - name: label value: AU-8 - name: label @@ -14645,9 +12792,6 @@ catalog: - id: au-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Use internal system clocks to generate time stamps for audit @@ -14655,9 +12799,6 @@ catalog: - id: au-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Record time stamps for audit records that meet {{ insert:\ @@ -14686,17 +12827,6 @@ catalog: - id: au-8_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-08a. class: sp800-53a @@ -14708,17 +12838,6 @@ catalog: - id: au-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-08b. class: sp800-53a @@ -14802,6 +12921,9 @@ catalog: access, modification, or deletion of audit information is/are defined; props: + - name: label + value: AU-09 + class: zero-padded - name: label value: AU-9 - name: label @@ -14854,9 +12976,6 @@ catalog: - id: au-9_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Protect audit information and audit logging tools from unauthorized @@ -14864,9 +12983,6 @@ catalog: - id: au-9_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Alert {{ insert: param, au-09_odp }} upon detection of unauthorized\ @@ -14892,17 +13008,6 @@ catalog: - id: au-9_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-09a. class: sp800-53a @@ -14914,17 +13019,6 @@ catalog: - id: au-9_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-09b. class: sp800-53a @@ -15014,6 +13108,9 @@ catalog: - prose: a subset of privileged users or roles authorized to access management of audit logging functionality is defined; props: + - name: label + value: AU-09(04) + class: zero-padded - name: label value: AU-9(4) - name: label @@ -15032,10 +13129,6 @@ catalog: parts: - id: au-9.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Authorize access to management of audit logging functionality\ \ to only {{ insert: param, au-09.04_odp }}." - id: au-9.4_gdn @@ -15049,17 +13142,6 @@ catalog: - id: au-9.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-09(04) class: sp800-53a @@ -15160,9 +13242,9 @@ catalog: - prose: a time period to retain audit records that is consistent with the records retention policy is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-11 + class: zero-padded - name: label value: AU-11 - name: label @@ -15197,10 +13279,6 @@ catalog: parts: - id: au-11_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Retain audit records for {{ insert: param, au-11_odp }} to provide\ \ support for after-the-fact investigations of incidents and to meet\ \ regulatory and organizational information retention requirements." @@ -15245,17 +13323,6 @@ catalog: - id: au-11_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-11 class: sp800-53a @@ -15337,9 +13404,9 @@ catalog: - prose: personnel or roles allowed to select the event types that are to be logged by specific components of the system is/are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: AU-12 + class: zero-padded - name: label value: AU-12 - name: label @@ -15396,9 +13463,6 @@ catalog: - id: au-12_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Provide audit record generation capability for the event\ @@ -15407,9 +13471,6 @@ catalog: - id: au-12_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Allow {{ insert: param, au-12_odp.02 }} to select the event\ @@ -15418,9 +13479,6 @@ catalog: - id: au-12_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Generate audit records for the event types defined in [AU-2c](#au-2_smt.c) @@ -15441,17 +13499,6 @@ catalog: - id: au-12_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-12a. class: sp800-53a @@ -15464,17 +13511,6 @@ catalog: - id: au-12_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: AU-12b. class: sp800-53a @@ -15487,13 +13523,6 @@ catalog: - id: au-12_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: AU-12c. class: sp800-53a @@ -15629,6 +13658,9 @@ catalog: - prose: events that would require assessment, authorization, and monitoring procedures to be reviewed and updated are defined; props: + - name: label + value: CA-01 + class: zero-padded - name: label value: CA-1 - name: label @@ -15676,11 +13708,6 @@ catalog: - id: ca-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -15721,9 +13748,6 @@ catalog: - id: ca-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ca-01_odp.04 }} to manage\ @@ -15732,11 +13756,6 @@ catalog: - id: ca-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current assessment, authorization,\ @@ -15799,17 +13818,6 @@ catalog: - id: ca-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-01a.[01] class: sp800-53a @@ -15821,17 +13829,6 @@ catalog: - id: ca-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-01a.[02] class: sp800-53a @@ -15843,13 +13840,6 @@ catalog: - id: ca-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-01a.[03] class: sp800-53a @@ -15863,13 +13853,6 @@ catalog: - id: ca-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-01a.[04] class: sp800-53a @@ -15888,13 +13871,6 @@ catalog: - id: ca-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-01a.01(a) class: sp800-53a @@ -15984,13 +13960,6 @@ catalog: - id: ca-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-01a.01(b) class: sp800-53a @@ -16010,17 +13979,6 @@ catalog: - id: ca-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-01b. class: sp800-53a @@ -16040,17 +13998,6 @@ catalog: - id: ca-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-01c.01 class: sp800-53a @@ -16085,17 +14032,6 @@ catalog: - id: ca-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-01c.02 class: sp800-53a @@ -16193,6 +14129,9 @@ catalog: - prose: individuals or roles to whom control assessment results are to be provided are defined; props: + - name: label + value: CA-02 + class: zero-padded - name: label value: CA-2 - name: label @@ -16260,9 +14199,6 @@ catalog: - id: ca-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Select the appropriate assessor or assessment team for the @@ -16270,9 +14206,6 @@ catalog: - id: ca-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Develop a control assessment plan that describes the scope\ @@ -16301,9 +14234,6 @@ catalog: - id: ca-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Ensure the control assessment plan is reviewed and approved @@ -16312,9 +14242,6 @@ catalog: - id: ca-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Assess the controls in the system and its environment of\ @@ -16325,9 +14252,6 @@ catalog: - id: ca-2_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Produce a control assessment report that document the results @@ -16335,9 +14259,6 @@ catalog: - id: ca-2_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Provide the results of the control assessment to {{ insert:\ @@ -16433,13 +14354,6 @@ catalog: - id: ca-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-02a. class: sp800-53a @@ -16458,17 +14372,6 @@ catalog: - id: ca-2_obj.b.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02b.01 class: sp800-53a @@ -16481,17 +14384,6 @@ catalog: - id: ca-2_obj.b.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02b.02 class: sp800-53a @@ -16504,17 +14396,6 @@ catalog: - id: ca-2_obj.b.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02b.03 class: sp800-53a @@ -16564,17 +14445,6 @@ catalog: - id: ca-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02c. class: sp800-53a @@ -16587,17 +14457,6 @@ catalog: - id: ca-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02d. class: sp800-53a @@ -16636,13 +14495,6 @@ catalog: - id: ca-2_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-02e. class: sp800-53a @@ -16654,13 +14506,6 @@ catalog: - id: ca-2_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-02f. class: sp800-53a @@ -16735,6 +14580,9 @@ catalog: class: SP800-53-enhancement title: Independent Assessors props: + - name: label + value: CA-02(01) + class: zero-padded - name: label value: CA-2(1) - name: label @@ -16754,10 +14602,6 @@ catalog: parts: - id: ca-2.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ independent assessors or assessment teams to conduct control assessments. parts: @@ -16820,17 +14664,6 @@ catalog: - id: ca-2.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02(01) class: sp800-53a @@ -16910,6 +14743,9 @@ catalog: - prose: requirements to be met by the control assessment performed by an external organization on the system are defined; props: + - name: label + value: CA-02(03) + class: zero-padded - name: label value: CA-2(3) - name: label @@ -16931,10 +14767,6 @@ catalog: parts: - id: ca-2.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Leverage the results of control assessments performed by\ \ {{ insert: param, ca-02.03_odp.01 }} on {{ insert: param, ca-02.03_odp.02\ \ }} when the assessment meets {{ insert: param, ca-02.03_odp.03\ @@ -16962,17 +14794,6 @@ catalog: - id: ca-2.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-02(03) class: sp800-53a @@ -17064,6 +14885,9 @@ catalog: - prose: the frequency at which to review and update agreements is defined; props: + - name: label + value: CA-03 + class: zero-padded - name: label value: CA-3 - name: label @@ -17115,9 +14939,6 @@ catalog: - id: ca-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Approve and manage the exchange of information between the\ @@ -17126,9 +14947,6 @@ catalog: - id: ca-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Document, as part of each exchange agreement, the interface @@ -17138,9 +14956,6 @@ catalog: - id: ca-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Review and update the agreements {{ insert: param, ca-03_odp.03\ @@ -17199,17 +15014,6 @@ catalog: - id: ca-3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-03a. class: sp800-53a @@ -17222,13 +15026,6 @@ catalog: - id: ca-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-03b. class: sp800-53a @@ -17304,17 +15101,6 @@ catalog: - id: ca-3_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-03c. class: sp800-53a @@ -17404,6 +15190,9 @@ catalog: independent audits or reviews, and continuous monitoring activities is defined; props: + - name: label + value: CA-05 + class: zero-padded - name: label value: CA-5 - name: label @@ -17443,9 +15232,6 @@ catalog: - id: ca-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Develop a plan of action and milestones for the system to @@ -17456,9 +15242,6 @@ catalog: - id: ca-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Update existing plan of action and milestones {{ insert:\ @@ -17496,17 +15279,6 @@ catalog: - id: ca-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-05a. class: sp800-53a @@ -17521,17 +15293,6 @@ catalog: - id: ca-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-05b. class: sp800-53a @@ -17616,6 +15377,9 @@ catalog: guidelines: - prose: frequency at which to update the authorizations is defined; props: + - name: label + value: CA-06 + class: zero-padded - name: label value: CA-6 - name: label @@ -17659,9 +15423,6 @@ catalog: - id: ca-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Assign a senior official as the authorizing official for @@ -17669,9 +15430,6 @@ catalog: - id: ca-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Assign a senior official as the authorizing official for @@ -17679,9 +15437,6 @@ catalog: - id: ca-6_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Ensure that the authorizing official for the system, before\ @@ -17703,9 +15458,6 @@ catalog: - id: ca-6_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Ensure that the authorizing official for common controls @@ -17714,9 +15466,6 @@ catalog: - id: ca-6_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: "Update the authorizations {{ insert: param, ca-06_odp }}." @@ -17779,17 +15528,6 @@ catalog: - id: ca-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-06a. class: sp800-53a @@ -17801,17 +15539,6 @@ catalog: - id: ca-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-06b. class: sp800-53a @@ -17831,17 +15558,6 @@ catalog: - id: ca-6_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-06c.01 class: sp800-53a @@ -17854,17 +15570,6 @@ catalog: - id: ca-6_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-06c.02 class: sp800-53a @@ -17879,17 +15584,6 @@ catalog: - id: ca-6_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-06d. class: sp800-53a @@ -17901,13 +15595,6 @@ catalog: - id: ca-6_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-06e. class: sp800-53a @@ -18019,6 +15706,9 @@ catalog: - prose: frequency at which the privacy status of the system is reported is defined; props: + - name: label + value: CA-07 + class: zero-padded - name: label value: CA-7 - name: label @@ -18161,9 +15851,6 @@ catalog: - id: ca-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Establishing the following system-level metrics to be monitored:\ @@ -18171,9 +15858,6 @@ catalog: - id: ca-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Establishing {{ insert: param, ca-07_odp.02 }} for monitoring\ @@ -18182,9 +15866,6 @@ catalog: - id: ca-7_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Ongoing control assessments in accordance with the continuous @@ -18192,9 +15873,6 @@ catalog: - id: ca-7_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Ongoing monitoring of system and organization-defined metrics @@ -18202,9 +15880,6 @@ catalog: - id: ca-7_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Correlation and analysis of information generated by control @@ -18212,9 +15887,6 @@ catalog: - id: ca-7_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: Response actions to address results of the analysis of control @@ -18222,9 +15894,6 @@ catalog: - id: ca-7_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: "Reporting the security and privacy status of the system\ @@ -18315,17 +15984,6 @@ catalog: - id: ca-7_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07[01] class: sp800-53a @@ -18336,17 +15994,6 @@ catalog: - id: ca-7_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07[02] class: sp800-53a @@ -18358,17 +16005,6 @@ catalog: - id: ca-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07a. class: sp800-53a @@ -18381,17 +16017,6 @@ catalog: - id: ca-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07b. class: sp800-53a @@ -18425,17 +16050,6 @@ catalog: - id: ca-7_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07c. class: sp800-53a @@ -18447,17 +16061,6 @@ catalog: - id: ca-7_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07d. class: sp800-53a @@ -18470,17 +16073,6 @@ catalog: - id: ca-7_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07e. class: sp800-53a @@ -18492,17 +16084,6 @@ catalog: - id: ca-7_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07f. class: sp800-53a @@ -18515,17 +16096,6 @@ catalog: - id: ca-7_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07g. class: sp800-53a @@ -18658,6 +16228,9 @@ catalog: class: SP800-53-enhancement title: Independent Assessment props: + - name: label + value: CA-07(01) + class: zero-padded - name: label value: CA-7(1) - name: label @@ -18677,10 +16250,6 @@ catalog: parts: - id: ca-7.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ independent assessors or assessment teams to monitor the controls in the system on an ongoing basis. - id: ca-7.1_gdn @@ -18699,17 +16268,6 @@ catalog: - id: ca-7.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07(01) class: sp800-53a @@ -18786,6 +16344,9 @@ catalog: class: SP800-53-enhancement title: Risk Monitoring props: + - name: label + value: CA-07(04) + class: zero-padded - name: label value: CA-7(4) - name: label @@ -18814,27 +16375,18 @@ catalog: - id: ca-7.4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Effectiveness monitoring; - id: ca-7.4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Compliance monitoring; and - id: ca-7.4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: Change monitoring. @@ -18851,17 +16403,6 @@ catalog: - id: ca-7.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07(04) class: sp800-53a @@ -18871,17 +16412,6 @@ catalog: - id: ca-7.4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07(04)(a) class: sp800-53a @@ -18892,17 +16422,6 @@ catalog: - id: ca-7.4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07(04)(b) class: sp800-53a @@ -18913,17 +16432,6 @@ catalog: - id: ca-7.4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-07(04)(c) class: sp800-53a @@ -19027,6 +16535,9 @@ catalog: - prose: systems or system components on which penetration testing is to be conducted are defined; props: + - name: label + value: CA-08 + class: zero-padded - name: label value: CA-8 - name: label @@ -19054,10 +16565,6 @@ catalog: parts: - id: ca-8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Conduct penetration testing {{ insert: param, ca-08_odp.01 }}\ \ on {{ insert: param, ca-08_odp.02 }}." parts: @@ -19113,17 +16620,6 @@ catalog: - id: ca-8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-08 class: sp800-53a @@ -19199,6 +16695,9 @@ catalog: class: SP800-53-enhancement title: Independent Penetration Testing Agent or Team props: + - name: label + value: CA-08(01) + class: zero-padded - name: label value: CA-8(1) - name: label @@ -19220,10 +16719,6 @@ catalog: parts: - id: ca-8.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ an independent penetration testing agent or team to perform penetration testing on the system or system components. - id: ca-8.1_gdn @@ -19239,17 +16734,6 @@ catalog: - id: ca-8.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-08(01) class: sp800-53a @@ -19315,9 +16799,9 @@ catalog: - prose: red team exercises to simulate attempts by adversaries to compromise organizational systems are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CA-08(02) + class: zero-padded - name: label value: CA-8(2) - name: label @@ -19337,10 +16821,6 @@ catalog: parts: - id: ca-8.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Employ the following red-team exercises to simulate attempts\ \ by adversaries to compromise organizational systems in accordance\ \ with applicable rules of engagement: {{ insert: param, ca-08.02_odp\ @@ -19348,7 +16828,7 @@ catalog: parts: - id: ca-8.2_fr name: item - title: CA-8(2) Additional FedRAMP Requirements and Guidance + title: CM-2 Additional FedRAMP Requirements and Guidance parts: - id: ca-8.2_fr_gdn.1 name: guidance @@ -19386,17 +16866,6 @@ catalog: - id: ca-8.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-08(02) class: sp800-53a @@ -19496,6 +16965,9 @@ catalog: - prose: frequency at which to review the continued need for each internal connection is defined; props: + - name: label + value: CA-09 + class: zero-padded - name: label value: CA-9 - name: label @@ -19537,9 +17009,6 @@ catalog: - id: ca-9_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Authorize internal connections of {{ insert: param, ca-09_odp.01\ @@ -19547,9 +17016,6 @@ catalog: - id: ca-9_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Document, for each internal connection, the interface characteristics, @@ -19558,9 +17024,6 @@ catalog: - id: ca-9_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Terminate internal system connections after {{ insert: param,\ @@ -19568,9 +17031,6 @@ catalog: - id: ca-9_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Review {{ insert: param, ca-09_odp.03 }} the continued need\ @@ -19601,17 +17061,6 @@ catalog: - id: ca-9_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-09a. class: sp800-53a @@ -19623,13 +17072,6 @@ catalog: - id: ca-9_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CA-09b. class: sp800-53a @@ -19684,17 +17126,6 @@ catalog: - id: ca-9_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-09c. class: sp800-53a @@ -19706,17 +17137,6 @@ catalog: - id: ca-9_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CA-09d. class: sp800-53a @@ -19865,6 +17285,9 @@ catalog: - prose: events that would require configuration management procedures to be reviewed and updated are defined; props: + - name: label + value: CM-01 + class: zero-padded - name: label value: CM-1 - name: label @@ -19904,11 +17327,6 @@ catalog: - id: cm-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -19949,9 +17367,6 @@ catalog: - id: cm-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, cm-01_odp.04 }} to manage\ @@ -19960,11 +17375,6 @@ catalog: - id: cm-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current configuration management:" @@ -20025,17 +17435,6 @@ catalog: - id: cm-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-01a.[01] class: sp800-53a @@ -20046,17 +17445,6 @@ catalog: - id: cm-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-01a.[02] class: sp800-53a @@ -20068,13 +17456,6 @@ catalog: - id: cm-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-01a.[03] class: sp800-53a @@ -20088,13 +17469,6 @@ catalog: - id: cm-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-01a.[04] class: sp800-53a @@ -20113,13 +17487,6 @@ catalog: - id: cm-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-01a.01(a) class: sp800-53a @@ -20209,13 +17576,6 @@ catalog: - id: cm-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-01a.01(b) class: sp800-53a @@ -20234,17 +17594,6 @@ catalog: - id: cm-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-01b. class: sp800-53a @@ -20264,17 +17613,6 @@ catalog: - id: cm-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-01c.01 class: sp800-53a @@ -20308,17 +17646,6 @@ catalog: - id: cm-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-01c.02 class: sp800-53a @@ -20420,6 +17747,9 @@ catalog: - prose: the circumstances requiring baseline configuration review and update are defined; props: + - name: label + value: CM-02 + class: zero-padded - name: label value: CM-2 - name: label @@ -20483,9 +17813,6 @@ catalog: - id: cm-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Develop, document, and maintain under configuration control, @@ -20493,9 +17820,6 @@ catalog: - id: cm-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update the baseline configuration of the system:" @@ -20553,13 +17877,6 @@ catalog: - id: cm-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-02a. class: sp800-53a @@ -20599,17 +17916,6 @@ catalog: - id: cm-2_obj.b.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-02b.01 class: sp800-53a @@ -20621,17 +17927,6 @@ catalog: - id: cm-2_obj.b.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-02b.02 class: sp800-53a @@ -20644,17 +17939,6 @@ catalog: - id: cm-2_obj.b.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-02b.03 class: sp800-53a @@ -20764,6 +18048,9 @@ catalog: - prose: automated mechanisms for maintaining baseline configuration of the system are defined; props: + - name: label + value: CM-02(02) + class: zero-padded - name: label value: CM-2(2) - name: label @@ -20789,10 +18076,6 @@ catalog: parts: - id: cm-2.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Maintain the currency, completeness, accuracy, and availability\ \ of the baseline configuration of the system using {{ insert:\ \ param, cm-02.02_odp }}." @@ -20813,17 +18096,6 @@ catalog: - id: cm-2.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-02(02) class: sp800-53a @@ -20964,6 +18236,9 @@ catalog: - prose: the number of previous baseline configuration versions to be retained is defined; props: + - name: label + value: CM-02(03) + class: zero-padded - name: label value: CM-2(3) - name: label @@ -20983,10 +18258,6 @@ catalog: parts: - id: cm-2.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Retain {{ insert: param, cm-02.03_odp }} of previous versions\ \ of baseline configurations of the system to support rollback." - id: cm-2.3_gdn @@ -20997,13 +18268,6 @@ catalog: - id: cm-2.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-02(03) class: sp800-53a @@ -21099,6 +18363,9 @@ catalog: - prose: the controls to be applied when the individuals return from travel are defined; props: + - name: label + value: CM-02(07) + class: zero-padded - name: label value: CM-2(7) - name: label @@ -21126,9 +18393,6 @@ catalog: - id: cm-2.7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Issue {{ insert: param, cm-02.07_odp.01 }} with {{ insert:\ @@ -21137,9 +18401,6 @@ catalog: - id: cm-2.7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Apply the following controls to the systems or components\ @@ -21173,17 +18434,6 @@ catalog: - id: cm-2.7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-02(07)(a) class: sp800-53a @@ -21197,17 +18447,6 @@ catalog: - id: cm-2.7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-02(07)(b) class: sp800-53a @@ -21329,6 +18568,9 @@ catalog: - prose: configuration change conditions that prompt the configuration control element to convene are defined (if selected); props: + - name: label + value: CM-03 + class: zero-padded - name: label value: CM-3 - name: label @@ -21402,9 +18644,6 @@ catalog: - id: cm-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Determine and document the types of changes to the system @@ -21412,9 +18651,6 @@ catalog: - id: cm-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Review proposed configuration-controlled changes to the system @@ -21423,9 +18659,6 @@ catalog: - id: cm-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Document configuration change decisions associated with the @@ -21433,9 +18666,6 @@ catalog: - id: cm-3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Implement approved configuration-controlled changes to the @@ -21443,9 +18673,6 @@ catalog: - id: cm-3_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: "Retain records of configuration-controlled changes to the\ @@ -21453,9 +18680,6 @@ catalog: - id: cm-3_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: Monitor and review activities associated with configuration-controlled @@ -21463,9 +18687,6 @@ catalog: - id: cm-3_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: "Coordinate and provide oversight for configuration change\ @@ -21520,17 +18741,6 @@ catalog: - id: cm-3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03a. class: sp800-53a @@ -21542,17 +18752,6 @@ catalog: - id: cm-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03b. class: sp800-53a @@ -21586,17 +18785,6 @@ catalog: - id: cm-3_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03c. class: sp800-53a @@ -21608,13 +18796,6 @@ catalog: - id: cm-3_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-03d. class: sp800-53a @@ -21626,13 +18807,6 @@ catalog: - id: cm-3_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-03e. class: sp800-53a @@ -21644,17 +18818,6 @@ catalog: - id: cm-3_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03f. class: sp800-53a @@ -21694,17 +18857,6 @@ catalog: - id: cm-3_obj.g-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03g.[01] class: sp800-53a @@ -21716,17 +18868,6 @@ catalog: - id: cm-3_obj.g-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03g.[02] class: sp800-53a @@ -21835,6 +18976,9 @@ catalog: class: SP800-53-enhancement title: Testing, Validation, and Documentation of Changes props: + - name: label + value: CM-03(02) + class: zero-padded - name: label value: CM-3(2) - name: label @@ -21854,10 +18998,6 @@ catalog: parts: - id: cm-3.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Test, validate, and document changes to the system before finalizing the implementation of the changes. - id: cm-3.2_gdn @@ -21879,17 +19019,6 @@ catalog: - id: cm-3.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03(02) class: sp800-53a @@ -22046,6 +19175,9 @@ catalog: security and privacy representatives are to be members is defined; props: + - name: label + value: CM-03(04) + class: zero-padded - name: label value: CM-3(4) - name: label @@ -22062,10 +19194,6 @@ catalog: parts: - id: cm-3.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Require {{ insert: param, cm-3.4_prm_1 }} to be members\ \ of the {{ insert: param, cm-03.04_odp.03 }}." - id: cm-3.4_gdn @@ -22085,17 +19213,6 @@ catalog: - id: cm-3.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-03(04) class: sp800-53a @@ -22190,6 +19307,9 @@ catalog: class: SP800-53 title: Impact Analyses props: + - name: label + value: CM-04 + class: zero-padded - name: label value: CM-4 - name: label @@ -22233,10 +19353,6 @@ catalog: parts: - id: cm-4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Analyze changes to the system to determine potential security and privacy impacts prior to change implementation. - id: cm-4_gdn @@ -22258,17 +19374,6 @@ catalog: - id: cm-4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-04 class: sp800-53a @@ -22403,6 +19508,9 @@ catalog: class: SP800-53-enhancement title: Verification of Controls props: + - name: label + value: CM-04(02) + class: zero-padded - name: label value: CM-4(2) - name: label @@ -22428,10 +19536,6 @@ catalog: parts: - id: cm-4.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: After system changes, verify that the impacted controls are implemented correctly, operating as intended, and producing the desired outcome with regard to meeting the security and privacy @@ -22444,17 +19548,6 @@ catalog: - id: cm-4.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-04(02) class: sp800-53a @@ -22637,9 +19730,9 @@ catalog: class: SP800-53 title: Access Restrictions for Change props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-05 + class: zero-padded - name: label value: CM-5 - name: label @@ -22678,10 +19771,6 @@ catalog: parts: - id: cm-5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system. - id: cm-5_gdn @@ -22699,17 +19788,6 @@ catalog: - id: cm-5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-05 class: sp800-53a @@ -22884,6 +19962,9 @@ catalog: - prose: mechanisms used to automate the enforcement of access restrictions are defined; props: + - name: label + value: CM-05(01) + class: zero-padded - name: label value: CM-5(1) - name: label @@ -22918,9 +19999,6 @@ catalog: - id: cm-5.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Enforce access restrictions using {{ insert: param,\ @@ -22928,9 +20006,6 @@ catalog: - id: cm-5.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Automatically generate audit records of the enforcement @@ -22951,13 +20026,6 @@ catalog: - id: cm-5.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-05(01)(a) class: sp800-53a @@ -22969,17 +20037,6 @@ catalog: - id: cm-5.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-05(01)(b) class: sp800-53a @@ -23090,6 +20147,9 @@ catalog: guidelines: - prose: frequency at which to reevaluate privileges is defined; props: + - name: label + value: CM-05(05) + class: zero-padded - name: label value: CM-5(5) - name: label @@ -23112,9 +20172,6 @@ catalog: - id: cm-5.5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Limit privileges to change system components and system-related @@ -23123,9 +20180,6 @@ catalog: - id: cm-5.5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Review and reevaluate privileges {{ insert: param, cm-5.5_prm_1\ @@ -23150,13 +20204,6 @@ catalog: - id: cm-5.5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-05(05)(a) class: sp800-53a @@ -23189,17 +20236,6 @@ catalog: - id: cm-5.5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-05(05)(b) class: sp800-53a @@ -23337,9 +20373,9 @@ catalog: - prose: operational requirements necessitating approval of deviations are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-06 + class: zero-padded - name: label value: CM-6 - name: label @@ -23429,9 +20465,6 @@ catalog: - id: cm-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Establish and document configuration settings for components\ @@ -23441,18 +20474,12 @@ catalog: - id: cm-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Implement the configuration settings; - id: cm-6_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Identify, document, and approve any deviations from established\ @@ -23461,9 +20488,6 @@ catalog: - id: cm-6_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Monitor and control changes to the configuration settings @@ -23510,7 +20534,7 @@ catalog: assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are - then documented in the CSP's Plan of Action and + then documented in the CSP’s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable. @@ -23577,13 +20601,6 @@ catalog: - id: cm-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-06a. class: sp800-53a @@ -23597,17 +20614,6 @@ catalog: - id: cm-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-06b. class: sp800-53a @@ -23618,17 +20624,6 @@ catalog: - id: cm-6_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-06c. class: sp800-53a @@ -23662,17 +20657,6 @@ catalog: - id: cm-6_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-06d. class: sp800-53a @@ -23832,9 +20816,9 @@ catalog: - prose: automated mechanisms to verify configuration settings are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-06(01) + class: zero-padded - name: label value: CM-6(1) - name: label @@ -23853,10 +20837,6 @@ catalog: parts: - id: cm-6.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Manage, apply, and verify configuration settings for {{\ \ insert: param, cm-06.01_odp.01 }} using {{ insert: param, cm-6.1_prm_2\ \ }}." @@ -23871,13 +20851,6 @@ catalog: - id: cm-6.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-06(01) class: sp800-53a @@ -24039,9 +21012,9 @@ catalog: guidelines: - prose: services to be prohibited or restricted are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-07 + class: zero-padded - name: label value: CM-7 - name: label @@ -24107,9 +21080,6 @@ catalog: - id: cm-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Configure the system to provide only {{ insert: param, cm-07_odp.01\ @@ -24117,9 +21087,6 @@ catalog: - id: cm-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Prohibit or restrict the use of the following functions,\ @@ -24169,17 +21136,6 @@ catalog: - id: cm-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-07a. class: sp800-53a @@ -24191,13 +21147,6 @@ catalog: - id: cm-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-07b. class: sp800-53a @@ -24376,9 +21325,9 @@ catalog: - prose: services to be disabled or removed when deemed unnecessary or non-secure are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-07(01) + class: zero-padded - name: label value: CM-7(1) - name: label @@ -24404,9 +21353,6 @@ catalog: - id: cm-7.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Review the system {{ insert: param, cm-07.01_odp.01\ @@ -24415,9 +21361,6 @@ catalog: - id: cm-7.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Disable or remove {{ insert: param, cm-7.1_prm_2 }}." @@ -24446,17 +21389,6 @@ catalog: - id: cm-7.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-07(01)(a) class: sp800-53a @@ -24469,17 +21401,6 @@ catalog: - id: cm-7.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-07(01)(b) class: sp800-53a @@ -24650,9 +21571,9 @@ catalog: regarding software program usage and restrictions are defined (if selected); props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-07(02) + class: zero-padded - name: label value: CM-7(2) - name: label @@ -24679,10 +21600,6 @@ catalog: parts: - id: cm-7.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Prevent program execution in accordance with {{ insert:\ \ param, cm-07.02_odp.01 }}." parts: @@ -24716,13 +21633,6 @@ catalog: - id: cm-7.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-07(02) class: sp800-53a @@ -24838,9 +21748,9 @@ catalog: - prose: frequency at which to review and update the list of authorized software programs is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-07(05) + class: zero-padded - name: label value: CM-7(5) - name: label @@ -24882,18 +21792,12 @@ catalog: - id: cm-7.5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Identify {{ insert: param, cm-07.05_odp.01 }};" - id: cm-7.5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Employ a deny-all, permit-by-exception policy to allow @@ -24902,9 +21806,6 @@ catalog: - id: cm-7.5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: "Review and update the list of authorized software programs\ @@ -24937,17 +21838,6 @@ catalog: - id: cm-7.5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-07(05)(a) class: sp800-53a @@ -24958,13 +21848,6 @@ catalog: - id: cm-7.5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-07(05)(b) class: sp800-53a @@ -24976,17 +21859,6 @@ catalog: - id: cm-7.5_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-07(05)(c) class: sp800-53a @@ -25107,9 +21979,9 @@ catalog: - prose: frequency at which to review and update the system component inventory is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CM-08 + class: zero-padded - name: label value: CM-8 - name: label @@ -25179,9 +22051,6 @@ catalog: - id: cm-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Develop and document an inventory of system components that:" @@ -25223,9 +22092,6 @@ catalog: - id: cm-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update the system component inventory {{ insert:\ @@ -25294,17 +22160,6 @@ catalog: - id: cm-8_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08a.01 class: sp800-53a @@ -25316,17 +22171,6 @@ catalog: - id: cm-8_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08a.02 class: sp800-53a @@ -25338,17 +22182,6 @@ catalog: - id: cm-8_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08a.03 class: sp800-53a @@ -25361,17 +22194,6 @@ catalog: - id: cm-8_obj.a.4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08a.04 class: sp800-53a @@ -25384,17 +22206,6 @@ catalog: - id: cm-8_obj.a.5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08a.05 class: sp800-53a @@ -25409,17 +22220,6 @@ catalog: - id: cm-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08b. class: sp800-53a @@ -25502,6 +22302,9 @@ catalog: class: SP800-53-enhancement title: Updates During Installation and Removal props: + - name: label + value: CM-08(01) + class: zero-padded - name: label value: CM-8(1) - name: label @@ -25523,10 +22326,6 @@ catalog: parts: - id: cm-8.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Update the inventory of system components as part of component installations, removals, and system updates. - id: cm-8.1_gdn @@ -25541,17 +22340,6 @@ catalog: - id: cm-8.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-08(01) class: sp800-53a @@ -25708,6 +22496,9 @@ catalog: - prose: personnel or roles to be notified when unauthorized components are detected is/are defined (if selected); props: + - name: label + value: CM-08(03) + class: zero-padded - name: label value: CM-8(3) - name: label @@ -25749,9 +22540,6 @@ catalog: - id: cm-8.3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Detect the presence of unauthorized hardware, software,\ @@ -25761,9 +22549,6 @@ catalog: - id: cm-8.3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Take the following actions when unauthorized components\ @@ -25796,13 +22581,6 @@ catalog: - id: cm-8.3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-08(03)(a) class: sp800-53a @@ -25849,13 +22627,6 @@ catalog: - id: cm-8.3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-08(03)(b) class: sp800-53a @@ -26013,6 +22784,9 @@ catalog: - prose: personnel or roles to review and approve the configuration management plan is/are defined; props: + - name: label + value: CM-09 + class: zero-padded - name: label value: CM-9 - name: label @@ -26053,9 +22827,6 @@ catalog: - id: cm-9_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Addresses roles, responsibilities, and configuration management @@ -26063,9 +22834,6 @@ catalog: - id: cm-9_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Establishes a process for identifying configuration items @@ -26074,9 +22842,6 @@ catalog: - id: cm-9_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Defines the configuration items for the system and places @@ -26084,9 +22849,6 @@ catalog: - id: cm-9_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Is reviewed and approved by {{ insert: param, cm-09_odp\ @@ -26094,9 +22856,6 @@ catalog: - id: cm-9_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Protects the configuration management plan from unauthorized @@ -26151,13 +22910,6 @@ catalog: - id: cm-9_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-09 class: sp800-53a @@ -26186,13 +22938,6 @@ catalog: - id: cm-9_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-09a. class: sp800-53a @@ -26241,17 +22986,6 @@ catalog: - id: cm-9_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-09b.[01] class: sp800-53a @@ -26264,13 +22998,6 @@ catalog: - id: cm-9_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-09b.[02] class: sp800-53a @@ -26292,13 +23019,6 @@ catalog: - id: cm-9_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-09c.[01] class: sp800-53a @@ -26310,13 +23030,6 @@ catalog: - id: cm-9_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CM-09c.[02] class: sp800-53a @@ -26331,17 +23044,6 @@ catalog: - id: cm-9_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-09d. class: sp800-53a @@ -26353,13 +23055,6 @@ catalog: - id: cm-9_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-09e. class: sp800-53a @@ -26482,6 +23177,9 @@ catalog: class: SP800-53 title: Software Usage Restrictions props: + - name: label + value: CM-10 + class: zero-padded - name: label value: CM-10 - name: label @@ -26512,9 +23210,6 @@ catalog: - id: cm-10_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Use software and associated documentation in accordance with @@ -26522,9 +23217,6 @@ catalog: - id: cm-10_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Track the use of software and associated documentation protected @@ -26532,9 +23224,6 @@ catalog: - id: cm-10_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Control and document the use of peer-to-peer file sharing @@ -26556,17 +23245,6 @@ catalog: - id: cm-10_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-10a. class: sp800-53a @@ -26578,17 +23256,6 @@ catalog: - id: cm-10_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-10b. class: sp800-53a @@ -26600,17 +23267,6 @@ catalog: - id: cm-10_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-10c. class: sp800-53a @@ -26724,6 +23380,9 @@ catalog: guidelines: - prose: frequency with which to monitor compliance is defined; props: + - name: label + value: CM-11 + class: zero-padded - name: label value: CM-11 - name: label @@ -26764,9 +23423,6 @@ catalog: - id: cm-11_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Establish {{ insert: param, cm-11_odp.01 }} governing the\ @@ -26774,9 +23430,6 @@ catalog: - id: cm-11_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Enforce software installation policies through the following\ @@ -26784,9 +23437,6 @@ catalog: - id: cm-11_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Monitor policy compliance {{ insert: param, cm-11_odp.03\ @@ -26814,17 +23464,6 @@ catalog: - id: cm-11_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-11a. class: sp800-53a @@ -26836,17 +23475,6 @@ catalog: - id: cm-11_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-11b. class: sp800-53a @@ -26858,13 +23486,6 @@ catalog: - id: cm-11_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-11c. class: sp800-53a @@ -26970,6 +23591,9 @@ catalog: - prose: information for which the location is to be identified and documented is defined; props: + - name: label + value: CM-12 + class: zero-padded - name: label value: CM-12 - name: label @@ -27029,9 +23653,6 @@ catalog: - id: cm-12_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Identify and document the location of {{ insert: param,\ @@ -27040,9 +23661,6 @@ catalog: - id: cm-12_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Identify and document the users who have access to the system @@ -27051,9 +23669,6 @@ catalog: - id: cm-12_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Document changes to the location (i.e., system or system @@ -27099,17 +23714,6 @@ catalog: - id: cm-12_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-12a.[01] class: sp800-53a @@ -27121,17 +23725,6 @@ catalog: - id: cm-12_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-12a.[02] class: sp800-53a @@ -27143,17 +23736,6 @@ catalog: - id: cm-12_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-12a.[03] class: sp800-53a @@ -27168,17 +23750,6 @@ catalog: - id: cm-12_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-12b. class: sp800-53a @@ -27213,17 +23784,6 @@ catalog: - id: cm-12_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CM-12c. class: sp800-53a @@ -27373,6 +23933,9 @@ catalog: - prose: system components where the information is located are defined; props: + - name: label + value: CM-12(01) + class: zero-padded - name: label value: CM-12(1) - name: label @@ -27392,10 +23955,6 @@ catalog: parts: - id: cm-12.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Use automated tools to identify {{ insert: param, cm-12.01_odp.01\ \ }} on {{ insert: param, cm-12.01_odp.02 }} to ensure controls\ \ are in place to protect organizational information and individual\ @@ -27423,13 +23982,6 @@ catalog: - id: cm-12.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CM-12(01) class: sp800-53a @@ -27586,6 +24138,9 @@ catalog: - prose: events that would require procedures to be reviewed and updated are defined; props: + - name: label + value: CP-01 + class: zero-padded - name: label value: CP-1 - name: label @@ -27625,11 +24180,6 @@ catalog: - id: cp-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -27669,9 +24219,6 @@ catalog: - id: cp-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, cp-01_odp.04 }} to manage\ @@ -27680,11 +24227,6 @@ catalog: - id: cp-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current contingency planning:" @@ -27744,17 +24286,6 @@ catalog: - id: cp-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-01a.[01] class: sp800-53a @@ -27765,17 +24296,6 @@ catalog: - id: cp-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-01a.[02] class: sp800-53a @@ -27787,13 +24307,6 @@ catalog: - id: cp-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-01a.[03] class: sp800-53a @@ -27806,13 +24319,6 @@ catalog: - id: cp-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-01a.[04] class: sp800-53a @@ -27831,13 +24337,6 @@ catalog: - id: cp-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-01a.01(a) class: sp800-53a @@ -27926,13 +24425,6 @@ catalog: - id: cp-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-01a.01(b) class: sp800-53a @@ -27952,17 +24444,6 @@ catalog: - id: cp-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-01b. class: sp800-53a @@ -27982,17 +24463,6 @@ catalog: - id: cp-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-01c.01 class: sp800-53a @@ -28026,17 +24496,6 @@ catalog: - id: cp-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-01c.02 class: sp800-53a @@ -28158,6 +24617,9 @@ catalog: - prose: key contingency organizational elements to communicate changes to are defined; props: + - name: label + value: CP-02 + class: zero-padded - name: label value: CP-2 - name: label @@ -28230,9 +24692,6 @@ catalog: - id: cp-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Develop a contingency plan for the system that:" @@ -28288,9 +24747,6 @@ catalog: - id: cp-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Distribute copies of the contingency plan to {{ insert:\ @@ -28298,9 +24754,6 @@ catalog: - id: cp-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Coordinate contingency planning activities with incident @@ -28308,9 +24761,6 @@ catalog: - id: cp-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Review the contingency plan for the system {{ insert: param,\ @@ -28318,9 +24768,6 @@ catalog: - id: cp-2_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Update the contingency plan to address changes to the organization, @@ -28329,9 +24776,6 @@ catalog: - id: cp-2_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Communicate contingency plan changes to {{ insert: param,\ @@ -28339,9 +24783,6 @@ catalog: - id: cp-2_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: Incorporate lessons learned from contingency plan testing, @@ -28350,9 +24791,6 @@ catalog: - id: cp-2_smt.h name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: h. prose: Protect the contingency plan from unauthorized disclosure @@ -28423,13 +24861,6 @@ catalog: - id: cp-2_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.01 class: sp800-53a @@ -28442,13 +24873,6 @@ catalog: - id: cp-2_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.02 class: sp800-53a @@ -28492,13 +24916,6 @@ catalog: - id: cp-2_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.03 class: sp800-53a @@ -28542,13 +24959,6 @@ catalog: - id: cp-2_obj.a.4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.04 class: sp800-53a @@ -28561,13 +24971,6 @@ catalog: - id: cp-2_obj.a.5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.05 class: sp800-53a @@ -28580,13 +24983,6 @@ catalog: - id: cp-2_obj.a.6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.06 class: sp800-53a @@ -28598,13 +24994,6 @@ catalog: - id: cp-2_obj.a.7 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: CP-02a.07 class: sp800-53a @@ -28647,17 +25036,6 @@ catalog: - id: cp-2_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02b.[01] class: sp800-53a @@ -28669,17 +25047,6 @@ catalog: - id: cp-2_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02b.[02] class: sp800-53a @@ -28694,17 +25061,6 @@ catalog: - id: cp-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02c. class: sp800-53a @@ -28716,17 +25072,6 @@ catalog: - id: cp-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02d. class: sp800-53a @@ -28745,17 +25090,6 @@ catalog: - id: cp-2_obj.e-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02e.[01] class: sp800-53a @@ -28767,17 +25101,6 @@ catalog: - id: cp-2_obj.e-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02e.[02] class: sp800-53a @@ -28792,17 +25115,6 @@ catalog: - id: cp-2_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02f. class: sp800-53a @@ -28835,17 +25147,6 @@ catalog: - id: cp-2_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02g. class: sp800-53a @@ -28879,21 +25180,6 @@ catalog: - id: cp-2_obj.h name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-02h. class: sp800-53a @@ -28994,6 +25280,9 @@ catalog: class: SP800-53-enhancement title: Coordinate with Related Plans props: + - name: label + value: CP-02(01) + class: zero-padded - name: label value: CP-2(1) - name: label @@ -29010,10 +25299,6 @@ catalog: parts: - id: cp-2.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Coordinate contingency plan development with organizational elements responsible for related plans. - id: cp-2.1_gdn @@ -29027,17 +25312,6 @@ catalog: - id: cp-2.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02(01) class: sp800-53a @@ -29135,6 +25409,9 @@ catalog: - prose: the contingency plan activation time period within which to resume mission and business functions is defined; props: + - name: label + value: CP-02(03) + class: zero-padded - name: label value: CP-2(3) - name: label @@ -29151,10 +25428,6 @@ catalog: parts: - id: cp-2.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Plan for the resumption of {{ insert: param, cp-02.03_odp.01\ \ }} mission and business functions within {{ insert: param, cp-02.03_odp.02\ \ }} of contingency plan activation." @@ -29170,17 +25443,6 @@ catalog: - id: cp-2.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02(03) class: sp800-53a @@ -29272,6 +25534,9 @@ catalog: - all - essential props: + - name: label + value: CP-02(08) + class: zero-padded - name: label value: CP-2(8) - name: label @@ -29292,10 +25557,6 @@ catalog: parts: - id: cp-2.8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Identify critical system assets supporting {{ insert: param,\ \ cp-02.08_odp }} mission and business functions." - id: cp-2.8_gdn @@ -29321,17 +25582,6 @@ catalog: - id: cp-2.8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-02(08) class: sp800-53a @@ -29420,6 +25670,9 @@ catalog: - prose: events necessitating review and update of contingency training are defined; props: + - name: label + value: CP-03 + class: zero-padded - name: label value: CP-3 - name: label @@ -29461,9 +25714,6 @@ catalog: - id: cp-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Provide contingency training to system users consistent\ @@ -29491,9 +25741,6 @@ catalog: - id: cp-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update contingency training content {{ insert:\ @@ -29556,17 +25803,6 @@ catalog: - id: cp-3_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-03a.01 class: sp800-53a @@ -29580,17 +25816,6 @@ catalog: - id: cp-3_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-03a.02 class: sp800-53a @@ -29603,17 +25828,6 @@ catalog: - id: cp-3_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-03a.03 class: sp800-53a @@ -29636,17 +25850,6 @@ catalog: - id: cp-3_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-03b.[01] class: sp800-53a @@ -29658,17 +25861,6 @@ catalog: - id: cp-3_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-03b.[02] class: sp800-53a @@ -29765,9 +25957,9 @@ catalog: - prose: tests for determining readiness to execute the contingency plan are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: CP-04 + class: zero-padded - name: label value: CP-4 - name: label @@ -29817,9 +26009,6 @@ catalog: - id: cp-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Test the contingency plan for the system {{ insert: param,\ @@ -29829,18 +26018,12 @@ catalog: - id: cp-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Review the contingency plan test results; and - id: cp-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Initiate corrective actions, if needed. @@ -29892,21 +26075,6 @@ catalog: - id: cp-4_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-04a.[01] class: sp800-53a @@ -29918,21 +26086,6 @@ catalog: - id: cp-4_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-04a.[02] class: sp800-53a @@ -29944,21 +26097,6 @@ catalog: - id: cp-4_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-04a.[03] class: sp800-53a @@ -29973,17 +26111,6 @@ catalog: - id: cp-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-04b. class: sp800-53a @@ -29994,17 +26121,6 @@ catalog: - id: cp-4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-04c. class: sp800-53a @@ -30080,6 +26196,9 @@ catalog: class: SP800-53-enhancement title: Coordinate with Related Plans props: + - name: label + value: CP-04(01) + class: zero-padded - name: label value: CP-4(1) - name: label @@ -30103,10 +26222,6 @@ catalog: parts: - id: cp-4.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Coordinate contingency plan testing with organizational elements responsible for related plans. - id: cp-4.1_gdn @@ -30124,21 +26239,6 @@ catalog: - id: cp-4.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-04(01) class: sp800-53a @@ -30210,6 +26310,9 @@ catalog: class: SP800-53 title: Alternate Storage Site props: + - name: label + value: CP-06 + class: zero-padded - name: label value: CP-6 - name: label @@ -30250,9 +26353,6 @@ catalog: - id: cp-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish an alternate storage site, including necessary @@ -30261,9 +26361,6 @@ catalog: - id: cp-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Ensure that the alternate storage site provides controls @@ -30300,21 +26397,6 @@ catalog: - id: cp-6_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-06a.[01] class: sp800-53a @@ -30325,21 +26407,6 @@ catalog: - id: cp-6_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-06a.[02] class: sp800-53a @@ -30355,21 +26422,6 @@ catalog: - id: cp-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-06b. class: sp800-53a @@ -30449,6 +26501,9 @@ catalog: class: SP800-53-enhancement title: Separation from Primary Site props: + - name: label + value: CP-06(01) + class: zero-padded - name: label value: CP-6(1) - name: label @@ -30467,10 +26522,6 @@ catalog: parts: - id: cp-6.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Identify an alternate storage site that is sufficiently separated from the primary storage site to reduce susceptibility to the same threats. @@ -30487,21 +26538,6 @@ catalog: - id: cp-6.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-06(01) class: sp800-53a @@ -30562,6 +26598,9 @@ catalog: class: SP800-53-enhancement title: Accessibility props: + - name: label + value: CP-06(03) + class: zero-padded - name: label value: CP-6(3) - name: label @@ -30580,10 +26619,6 @@ catalog: parts: - id: cp-6.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Identify potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outline explicit mitigation actions. @@ -30607,17 +26642,6 @@ catalog: - id: cp-6.3_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-06(03)[01] class: sp800-53a @@ -30630,17 +26654,6 @@ catalog: - id: cp-6.3_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-06(03)[02] class: sp800-53a @@ -30726,6 +26739,9 @@ catalog: - prose: time period consistent with recovery time and recovery point objectives is defined; props: + - name: label + value: CP-07 + class: zero-padded - name: label value: CP-7 - name: label @@ -30770,9 +26786,6 @@ catalog: - id: cp-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Establish an alternate processing site, including necessary\ @@ -30783,9 +26796,6 @@ catalog: - id: cp-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Make available at the alternate processing site, the equipment @@ -30796,9 +26806,6 @@ catalog: - id: cp-7_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Provide controls at the alternate processing site that are @@ -30841,21 +26848,6 @@ catalog: - id: cp-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-07a. class: sp800-53a @@ -30877,21 +26869,6 @@ catalog: - id: cp-7_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-07b.[01] class: sp800-53a @@ -30905,21 +26882,6 @@ catalog: - id: cp-7_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-07b.[02] class: sp800-53a @@ -30936,21 +26898,6 @@ catalog: - id: cp-7_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-07c. class: sp800-53a @@ -31042,6 +26989,9 @@ catalog: class: SP800-53-enhancement title: Separation from Primary Site props: + - name: label + value: CP-07(01) + class: zero-padded - name: label value: CP-7(1) - name: label @@ -31060,10 +27010,6 @@ catalog: parts: - id: cp-7.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Identify an alternate processing site that is sufficiently separated from the primary processing site to reduce susceptibility to the same threats. @@ -31096,17 +27042,6 @@ catalog: - id: cp-7.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-07(01) class: sp800-53a @@ -31167,6 +27102,9 @@ catalog: class: SP800-53-enhancement title: Accessibility props: + - name: label + value: CP-07(02) + class: zero-padded - name: label value: CP-7(2) - name: label @@ -31185,10 +27123,6 @@ catalog: parts: - id: cp-7.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Identify potential accessibility problems to alternate processing sites in the event of an area-wide disruption or disaster and outlines explicit mitigation actions. @@ -31207,17 +27141,6 @@ catalog: - id: cp-7.2_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-07(02)[01] class: sp800-53a @@ -31230,17 +27153,6 @@ catalog: - id: cp-7.2_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-07(02)[02] class: sp800-53a @@ -31303,6 +27215,9 @@ catalog: class: SP800-53-enhancement title: Priority of Service props: + - name: label + value: CP-07(03) + class: zero-padded - name: label value: CP-7(3) - name: label @@ -31319,10 +27234,6 @@ catalog: parts: - id: cp-7.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Develop alternate processing site agreements that contain priority-of-service provisions in accordance with availability requirements (including recovery time objectives). @@ -31337,17 +27248,6 @@ catalog: - id: cp-7.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-07(03) class: sp800-53a @@ -31422,6 +27322,9 @@ catalog: business functions when the primary telecommunications capabilities are unavailable is defined; props: + - name: label + value: CP-08 + class: zero-padded - name: label value: CP-8 - name: label @@ -31448,10 +27351,6 @@ catalog: parts: - id: cp-8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Establish alternate telecommunications services, including necessary\ \ agreements to permit the resumption of {{ insert: param, cp-08_odp.01\ \ }} for essential mission and business functions within {{ insert:\ @@ -31486,21 +27385,6 @@ catalog: - id: cp-8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-08 class: sp800-53a @@ -31581,6 +27465,9 @@ catalog: class: SP800-53-enhancement title: Priority of Service Provisions props: + - name: label + value: CP-08(01) + class: zero-padded - name: label value: CP-8(1) - name: label @@ -31601,9 +27488,6 @@ catalog: - id: cp-8.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Develop primary and alternate telecommunications service @@ -31613,9 +27497,6 @@ catalog: - id: cp-8.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Request Telecommunications Service Priority for all telecommunications @@ -31648,21 +27529,6 @@ catalog: - id: cp-8.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-08(01)(a) class: sp800-53a @@ -31699,21 +27565,6 @@ catalog: - id: cp-8.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-08(01)(b) class: sp800-53a @@ -31799,6 +27650,9 @@ catalog: class: SP800-53-enhancement title: Single Points of Failure props: + - name: label + value: CP-08(02) + class: zero-padded - name: label value: CP-8(2) - name: label @@ -31815,10 +27669,6 @@ catalog: parts: - id: cp-8.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Obtain alternate telecommunications services to reduce the likelihood of sharing a single point of failure with primary telecommunications services. @@ -31832,17 +27682,6 @@ catalog: - id: cp-8.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: CP-08(02) class: sp800-53a @@ -31938,6 +27777,9 @@ catalog: consistent with recovery time and recovery point objectives is defined; props: + - name: label + value: CP-09 + class: zero-padded - name: label value: CP-9 - name: label @@ -31986,9 +27828,6 @@ catalog: - id: cp-9_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Conduct backups of user-level information contained in {{\ @@ -31997,9 +27836,6 @@ catalog: - id: cp-9_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Conduct backups of system-level information contained in\ @@ -32007,9 +27843,6 @@ catalog: - id: cp-9_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Conduct backups of system documentation, including security-\ @@ -32018,9 +27851,6 @@ catalog: - id: cp-9_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Protect the confidentiality, integrity, and availability @@ -32089,21 +27919,6 @@ catalog: - id: cp-9_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09a. class: sp800-53a @@ -32116,21 +27931,6 @@ catalog: - id: cp-9_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09b. class: sp800-53a @@ -32142,21 +27942,6 @@ catalog: - id: cp-9_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09c. class: sp800-53a @@ -32169,17 +27954,6 @@ catalog: - id: cp-9_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09d. class: sp800-53a @@ -32299,6 +28073,9 @@ catalog: - prose: frequency at which to test backup information for information integrity is defined; props: + - name: label + value: CP-09(01) + class: zero-padded - name: label value: CP-9(1) - name: label @@ -32317,10 +28094,6 @@ catalog: parts: - id: cp-9.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Test backup information {{ insert: param, cp-9.1_prm_1 }}\ \ to verify media reliability and information integrity." - id: cp-9.1_gdn @@ -32338,21 +28111,6 @@ catalog: - id: cp-9.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09(01) class: sp800-53a @@ -32453,6 +28211,9 @@ catalog: - prose: backup information to protect against unauthorized disclosure and modification is defined; props: + - name: label + value: CP-09(08) + class: zero-padded - name: label value: CP-9(8) - name: label @@ -32475,10 +28236,6 @@ catalog: parts: - id: cp-9.8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement cryptographic mechanisms to prevent unauthorized\ \ disclosure and modification of {{ insert: param, cp-09.08_odp\ \ }}." @@ -32509,21 +28266,6 @@ catalog: - id: cp-9.8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-09(08) class: sp800-53a @@ -32612,6 +28354,9 @@ catalog: - prose: time period consistent with recovery time and recovery point objectives for the reconstitution of the system is determined; props: + - name: label + value: CP-10 + class: zero-padded - name: label value: CP-10 - name: label @@ -32646,10 +28391,6 @@ catalog: parts: - id: cp-10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Provide for the recovery and reconstitution of the system to\ \ a known state within {{ insert: param, cp-10_prm_1 }} after a disruption,\ \ compromise, or failure." @@ -32674,21 +28415,6 @@ catalog: - id: cp-10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-10 class: sp800-53a @@ -32791,6 +28517,9 @@ catalog: class: SP800-53-enhancement title: Transaction Recovery props: + - name: label + value: CP-10(02) + class: zero-padded - name: label value: CP-10(2) - name: label @@ -32807,10 +28536,6 @@ catalog: parts: - id: cp-10.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Implement transaction recovery for systems that are transaction-based. - id: cp-10.2_gdn name: guidance @@ -32820,21 +28545,6 @@ catalog: - id: cp-10.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: CP-10(02) class: sp800-53a @@ -32975,6 +28685,9 @@ catalog: - prose: events that would require identification and authentication procedures to be reviewed and updated are defined; props: + - name: label + value: IA-01 + class: zero-padded - name: label value: IA-1 - name: label @@ -33026,11 +28739,6 @@ catalog: - id: ia-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -33071,9 +28779,6 @@ catalog: - id: ia-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ia-01_odp.04 }} to manage\ @@ -33082,11 +28787,6 @@ catalog: - id: ia-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current identification and authentication:" @@ -33147,17 +28847,6 @@ catalog: - id: ia-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IA-01a.[01] class: sp800-53a @@ -33169,17 +28858,6 @@ catalog: - id: ia-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IA-01a.[02] class: sp800-53a @@ -33191,13 +28869,6 @@ catalog: - id: ia-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IA-01a.[03] class: sp800-53a @@ -33211,13 +28882,6 @@ catalog: - id: ia-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IA-01a.[04] class: sp800-53a @@ -33236,13 +28900,6 @@ catalog: - id: ia-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IA-01a.01(a) class: sp800-53a @@ -33331,13 +28988,6 @@ catalog: - id: ia-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IA-01a.01(b) class: sp800-53a @@ -33357,17 +29007,6 @@ catalog: - id: ia-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IA-01b. class: sp800-53a @@ -33387,17 +29026,6 @@ catalog: - id: ia-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IA-01c.01 class: sp800-53a @@ -33432,17 +29060,6 @@ catalog: - id: ia-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IA-01c.02 class: sp800-53a @@ -33531,9 +29148,9 @@ catalog: class: SP800-53 title: Identification and Authentication (Organizational Users) props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-02 + class: zero-padded - name: label value: IA-2 - name: label @@ -33621,10 +29238,6 @@ catalog: parts: - id: ia-2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users. @@ -33714,21 +29327,6 @@ catalog: - id: ia-2_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02[01] class: sp800-53a @@ -33739,21 +29337,6 @@ catalog: - id: ia-2_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02[02] class: sp800-53a @@ -33839,9 +29422,9 @@ catalog: class: SP800-53-enhancement title: Multi-factor Authentication to Privileged Accounts props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-02(01) + class: zero-padded - name: label value: IA-2(1) - name: label @@ -33862,10 +29445,6 @@ catalog: parts: - id: ia-2.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Implement multi-factor authentication for access to privileged accounts. parts: @@ -33917,13 +29496,6 @@ catalog: - id: ia-2.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02(01) class: sp800-53a @@ -34009,9 +29581,9 @@ catalog: class: SP800-53-enhancement title: Multi-factor Authentication to Non-privileged Accounts props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-02(02) + class: zero-padded - name: label value: IA-2(2) - name: label @@ -34030,10 +29602,6 @@ catalog: parts: - id: ia-2.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Implement multi-factor authentication for access to non-privileged accounts. parts: @@ -34085,13 +29653,6 @@ catalog: - id: ia-2.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02(02) class: sp800-53a @@ -34177,9 +29738,9 @@ catalog: class: SP800-53-enhancement title: Individual Authentication with Group Authentication props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-02(05) + class: zero-padded - name: label value: IA-2(5) - name: label @@ -34199,10 +29760,6 @@ catalog: parts: - id: ia-2.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: When shared accounts or authenticators are employed, require users to be individually authenticated before granting access to the shared accounts or resources. @@ -34213,13 +29770,6 @@ catalog: - id: ia-2.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02(05) class: sp800-53a @@ -34332,9 +29882,9 @@ catalog: by a device separate from the system gaining access to accounts is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-02(06) + class: zero-padded - name: label value: IA-2(6) - name: label @@ -34360,9 +29910,6 @@ catalog: - id: ia-2.6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: One of the factors is provided by a device separate from @@ -34370,9 +29917,6 @@ catalog: - id: ia-2.6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "The device meets {{ insert: param, ia-02.06_odp.03 }}." @@ -34416,17 +29960,6 @@ catalog: - id: ia-2.6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02(06)(a) class: sp800-53a @@ -34440,17 +29973,6 @@ catalog: - id: ia-2.6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02(06)(b) class: sp800-53a @@ -34550,9 +30072,9 @@ catalog: - privileged accounts - non-privileged accounts props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-02(08) + class: zero-padded - name: label value: IA-2(8) - name: label @@ -34569,10 +30091,6 @@ catalog: parts: - id: ia-2.8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement replay-resistant authentication mechanisms for\ \ access to {{ insert: param, ia-02.08_odp }}." - id: ia-2.8_gdn @@ -34585,17 +30103,6 @@ catalog: - id: ia-2.8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02(08) class: sp800-53a @@ -34686,9 +30193,9 @@ catalog: class: SP800-53-enhancement title: Acceptance of PIV Credentials props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-02(12) + class: zero-padded - name: label value: IA-2(12) - name: label @@ -34705,10 +30212,6 @@ catalog: parts: - id: ia-2.12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Accept and electronically verify Personal Identity Verification-compliant credentials. parts: @@ -34738,17 +30241,6 @@ catalog: - id: ia-2.12_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-02(12) class: sp800-53a @@ -34853,6 +30345,9 @@ catalog: - remote - network props: + - name: label + value: IA-03 + class: zero-padded - name: label value: IA-3 - name: label @@ -34891,10 +30386,6 @@ catalog: parts: - id: ia-3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Uniquely identify and authenticate {{ insert: param, ia-03_odp.01\ \ }} before establishing a {{ insert: param, ia-03_odp.02 }} connection." - id: ia-3_gdn @@ -34918,17 +30409,6 @@ catalog: - id: ia-3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-03 class: sp800-53a @@ -35027,9 +30507,9 @@ catalog: guidelines: - prose: a time period for preventing reuse of identifiers is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-04 + class: zero-padded - name: label value: IA-4 - name: label @@ -35093,9 +30573,6 @@ catalog: - id: ia-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Receiving authorization from {{ insert: param, ia-04_odp.01\ @@ -35104,9 +30581,6 @@ catalog: - id: ia-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Selecting an identifier that identifies an individual, group, @@ -35114,9 +30588,6 @@ catalog: - id: ia-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Assigning the identifier to the intended individual, group, @@ -35124,9 +30595,6 @@ catalog: - id: ia-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Preventing reuse of identifiers for {{ insert: param, ia-04_odp.02\ @@ -35155,17 +30623,6 @@ catalog: - id: ia-4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-04a. class: sp800-53a @@ -35178,17 +30635,6 @@ catalog: - id: ia-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-04b. class: sp800-53a @@ -35200,17 +30646,6 @@ catalog: - id: ia-4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-04c. class: sp800-53a @@ -35222,17 +30657,6 @@ catalog: - id: ia-4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-04d. class: sp800-53a @@ -35329,6 +30753,9 @@ catalog: - prose: characteristics used to identify individual status is defined; props: + - name: label + value: IA-04(04) + class: zero-padded - name: label value: IA-4(4) - name: label @@ -35345,10 +30772,6 @@ catalog: parts: - id: ia-4.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Manage individual identifiers by uniquely identifying each\ \ individual as {{ insert: param, ia-04.04_odp }}." - id: ia-4.4_gdn @@ -35363,17 +30786,6 @@ catalog: - id: ia-4.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-04(04) class: sp800-53a @@ -35453,9 +30865,9 @@ catalog: - prose: events that trigger the change or refreshment of authenticators are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IA-05 + class: zero-padded - name: label value: IA-5 - name: label @@ -35530,9 +30942,6 @@ catalog: - id: ia-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Verifying, as part of the initial authenticator distribution, @@ -35541,9 +30950,6 @@ catalog: - id: ia-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Establishing initial authenticator content for any authenticators @@ -35551,9 +30957,6 @@ catalog: - id: ia-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Ensuring that authenticators have sufficient strength of @@ -35561,9 +30964,6 @@ catalog: - id: ia-5_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Establishing and implementing administrative procedures for @@ -35572,18 +30972,12 @@ catalog: - id: ia-5_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Changing default authenticators prior to first use; - id: ia-5_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Changing or refreshing authenticators {{ insert: param,\ @@ -35591,9 +30985,6 @@ catalog: - id: ia-5_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: Protecting authenticator content from unauthorized disclosure @@ -35601,9 +30992,6 @@ catalog: - id: ia-5_smt.h name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: h. prose: Requiring individuals to take, and having devices implement, @@ -35611,9 +30999,6 @@ catalog: - id: ia-5_smt.i name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: i. prose: Changing authenticators for group or role accounts when membership @@ -35683,17 +31068,6 @@ catalog: - id: ia-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05a. class: sp800-53a @@ -35707,17 +31081,6 @@ catalog: - id: ia-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05b. class: sp800-53a @@ -35730,17 +31093,6 @@ catalog: - id: ia-5_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05c. class: sp800-53a @@ -35752,17 +31104,6 @@ catalog: - id: ia-5_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05d. class: sp800-53a @@ -35776,17 +31117,6 @@ catalog: - id: ia-5_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05e. class: sp800-53a @@ -35798,17 +31128,6 @@ catalog: - id: ia-5_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05f. class: sp800-53a @@ -35821,17 +31140,6 @@ catalog: - id: ia-5_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05g. class: sp800-53a @@ -35850,17 +31158,6 @@ catalog: - id: ia-5_obj.h-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05h.[01] class: sp800-53a @@ -35872,17 +31169,6 @@ catalog: - id: ia-5_obj.h-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05h.[02] class: sp800-53a @@ -35897,17 +31183,6 @@ catalog: - id: ia-5_obj.i name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05i. class: sp800-53a @@ -36004,6 +31279,9 @@ catalog: guidelines: - prose: authenticator composition and complexity rules are defined; props: + - name: label + value: IA-05(01) + class: zero-padded - name: label value: IA-5(1) - name: label @@ -36030,9 +31308,6 @@ catalog: - id: ia-5.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Maintain a list of commonly-used, expected, or compromised\ @@ -36042,9 +31317,6 @@ catalog: - id: ia-5.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Verify, when users create or update passwords, that the @@ -36053,9 +31325,6 @@ catalog: - id: ia-5.1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: Transmit passwords only over cryptographically-protected @@ -36063,9 +31332,6 @@ catalog: - id: ia-5.1_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (d) prose: Store passwords using an approved salted key derivation @@ -36073,9 +31339,6 @@ catalog: - id: ia-5.1_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (e) prose: Require immediate selection of a new password upon account @@ -36083,9 +31346,6 @@ catalog: - id: ia-5.1_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (f) prose: Allow user selection of long passwords and passphrases, @@ -36093,9 +31353,6 @@ catalog: - id: ia-5.1_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (g) prose: Employ automated tools to assist the user in selecting @@ -36103,9 +31360,6 @@ catalog: - id: ia-5.1_smt.h name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (h) prose: "Enforce the following composition and complexity rules:\ @@ -36130,7 +31384,7 @@ catalog: - name: label value: "(h) Requirement:" prose: >- - For cases where technology doesn't allow + For cases where technology doesn’t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII @@ -36177,17 +31431,6 @@ catalog: - id: ia-5.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(a) class: sp800-53a @@ -36202,17 +31445,6 @@ catalog: - id: ia-5.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(b) class: sp800-53a @@ -36226,13 +31458,6 @@ catalog: - id: ia-5.1_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(c) class: sp800-53a @@ -36244,13 +31469,6 @@ catalog: - id: ia-5.1_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(d) class: sp800-53a @@ -36263,13 +31481,6 @@ catalog: - id: ia-5.1_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(e) class: sp800-53a @@ -36281,13 +31492,6 @@ catalog: - id: ia-5.1_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(f) class: sp800-53a @@ -36300,13 +31504,6 @@ catalog: - id: ia-5.1_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(g) class: sp800-53a @@ -36318,17 +31515,6 @@ catalog: - id: ia-5.1_obj.h name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(01)(h) class: sp800-53a @@ -36414,6 +31600,9 @@ catalog: class: SP800-53-enhancement title: Public Key-based Authentication props: + - name: label + value: IA-05(02) + class: zero-padded - name: label value: IA-5(2) - name: label @@ -36438,9 +31627,6 @@ catalog: - id: ia-5.2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "For public key-based authentication:" @@ -36462,9 +31648,6 @@ catalog: - id: ia-5.2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "When public key infrastructure (PKI) is used:" @@ -36513,13 +31696,6 @@ catalog: - id: ia-5.2_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(02)(a)(01) class: sp800-53a @@ -36531,13 +31707,6 @@ catalog: - id: ia-5.2_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(02)(a)(02) class: sp800-53a @@ -36559,13 +31728,6 @@ catalog: - id: ia-5.2_obj.b.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(02)(b)(01) class: sp800-53a @@ -36579,13 +31741,6 @@ catalog: - id: ia-5.2_obj.b.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(02)(b)(02) class: sp800-53a @@ -36675,6 +31830,9 @@ catalog: class: SP800-53-enhancement title: Protection of Authenticators props: + - name: label + value: IA-05(06) + class: zero-padded - name: label value: IA-5(6) - name: label @@ -36693,10 +31851,6 @@ catalog: parts: - id: ia-5.6_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Protect authenticators commensurate with the security category of the information to which use of the authenticator permits access. - id: ia-5.6_gdn @@ -36710,13 +31864,6 @@ catalog: - id: ia-5.6_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(06) class: sp800-53a @@ -36796,6 +31943,9 @@ catalog: class: SP800-53-enhancement title: No Embedded Unencrypted Static Authenticators props: + - name: label + value: IA-05(07) + class: zero-padded - name: label value: IA-5(7) - name: label @@ -36812,10 +31962,6 @@ catalog: parts: - id: ia-5.7_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Ensure that unencrypted static authenticators are not embedded in applications or other forms of static storage. parts: @@ -36843,13 +31989,6 @@ catalog: - id: ia-5.7_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-05(07) class: sp800-53a @@ -36937,6 +32076,9 @@ catalog: class: SP800-53 title: Authentication Feedback props: + - name: label + value: IA-06 + class: zero-padded - name: label value: IA-6 - name: label @@ -36953,10 +32095,6 @@ catalog: parts: - id: ia-6_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals. @@ -36977,13 +32115,6 @@ catalog: - id: ia-6_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-06 class: sp800-53a @@ -37055,6 +32186,9 @@ catalog: class: SP800-53 title: Cryptographic Module Authentication props: + - name: label + value: IA-07 + class: zero-padded - name: label value: IA-7 - name: label @@ -37081,10 +32215,6 @@ catalog: parts: - id: ia-7_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication. @@ -37097,21 +32227,6 @@ catalog: - id: ia-7_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-07 class: sp800-53a @@ -37186,6 +32301,9 @@ catalog: class: SP800-53 title: Identification and Authentication (Non-organizational Users) props: + - name: label + value: IA-08 + class: zero-padded - name: label value: IA-8 - name: label @@ -37246,10 +32364,6 @@ catalog: parts: - id: ia-8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users. - id: ia-8_gdn @@ -37268,13 +32382,6 @@ catalog: - id: ia-8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-08 class: sp800-53a @@ -37354,6 +32461,9 @@ catalog: class: SP800-53-enhancement title: Acceptance of PIV Credentials from Other Agencies props: + - name: label + value: IA-08(01) + class: zero-padded - name: label value: IA-8(1) - name: label @@ -37372,10 +32482,6 @@ catalog: parts: - id: ia-8.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Accept and electronically verify Personal Identity Verification-compliant credentials from other federal agencies. - id: ia-8.1_gdn @@ -37389,13 +32495,6 @@ catalog: - id: ia-8.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-08(01) class: sp800-53a @@ -37512,6 +32611,9 @@ catalog: class: SP800-53-enhancement title: Acceptance of External Authenticators props: + - name: label + value: IA-08(02) + class: zero-padded - name: label value: IA-8(2) - name: label @@ -37532,9 +32634,6 @@ catalog: - id: ia-8.2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Accept only external authenticators that are NIST-compliant; @@ -37542,9 +32641,6 @@ catalog: - id: ia-8.2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Document and maintain a list of accepted external authenticators. @@ -37570,13 +32666,6 @@ catalog: - id: ia-8.2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-08(02)(a) class: sp800-53a @@ -37588,17 +32677,6 @@ catalog: - id: ia-8.2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-08(02)(b) class: sp800-53a @@ -37725,6 +32803,9 @@ catalog: guidelines: - prose: identity management profiles are defined; props: + - name: label + value: IA-08(04) + class: zero-padded - name: label value: IA-8(4) - name: label @@ -37741,10 +32822,6 @@ catalog: parts: - id: ia-8.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Conform to the following profiles for identity management\ \ {{ insert: param, ia-08.04_odp }}." - id: ia-8.4_gdn @@ -37759,21 +32836,6 @@ catalog: - id: ia-8.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-08(04) class: sp800-53a @@ -37864,6 +32926,9 @@ catalog: - prose: circumstances or situations requiring re-authentication are defined; props: + - name: label + value: IA-11 + class: zero-padded - name: label value: IA-11 - name: label @@ -37893,10 +32958,6 @@ catalog: parts: - id: ia-11_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Require users to re-authenticate when {{ insert: param, ia-11_odp\ \ }}." parts: @@ -37927,21 +32988,6 @@ catalog: - id: ia-11_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-11 class: sp800-53a @@ -38028,6 +33074,9 @@ catalog: class: SP800-53 title: Identity Proofing props: + - name: label + value: IA-12 + class: zero-padded - name: label value: IA-12 - name: label @@ -38072,9 +33121,6 @@ catalog: - id: ia-12_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Identity proof users that require accounts for logical access @@ -38083,18 +33129,12 @@ catalog: - id: ia-12_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Resolve user identities to a unique individual; and - id: ia-12_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Collect, validate, and verify identity evidence. @@ -38132,21 +33172,6 @@ catalog: - id: ia-12_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-12a. class: sp800-53a @@ -38160,17 +33185,6 @@ catalog: - id: ia-12_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-12b. class: sp800-53a @@ -38181,17 +33195,6 @@ catalog: - id: ia-12_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-12c. class: sp800-53a @@ -38302,6 +33305,9 @@ catalog: class: SP800-53-enhancement title: Identity Evidence props: + - name: label + value: IA-12(02) + class: zero-padded - name: label value: IA-12(2) - name: label @@ -38318,10 +33324,6 @@ catalog: parts: - id: ia-12.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Require evidence of individual identification be presented to the registration authority. - id: ia-12.2_gdn @@ -38336,17 +33338,6 @@ catalog: - id: ia-12.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-12(02) class: sp800-53a @@ -38424,6 +33415,9 @@ catalog: - prose: methods of validation and verification of identity evidence are defined; props: + - name: label + value: IA-12(03) + class: zero-padded - name: label value: IA-12(3) - name: label @@ -38440,10 +33434,6 @@ catalog: parts: - id: ia-12.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Require that the presented identity evidence be validated\ \ and verified through {{ insert: param, ia-12.03_odp }}." - id: ia-12.3_gdn @@ -38462,21 +33452,6 @@ catalog: - id: ia-12.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-12(03) class: sp800-53a @@ -38554,6 +33529,9 @@ catalog: - registration code - notice of proofing props: + - name: label + value: IA-12(05) + class: zero-padded - name: label value: IA-12(5) - name: label @@ -38572,10 +33550,6 @@ catalog: parts: - id: ia-12.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Require that a {{ insert: param, ia-12.05_odp }} be delivered\ \ through an out-of-band channel to verify the users address (physical\ \ or digital) of record." @@ -38606,17 +33580,6 @@ catalog: - id: ia-12.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IA-12(05) class: sp800-53a @@ -38744,6 +33707,9 @@ catalog: - prose: events that would require the incident response procedures to be reviewed and updated are defined; props: + - name: label + value: IR-01 + class: zero-padded - name: label value: IR-1 - name: label @@ -38787,11 +33753,6 @@ catalog: - id: ir-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -38831,9 +33792,6 @@ catalog: - id: ir-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ir-01_odp.04 }} to manage\ @@ -38842,11 +33800,6 @@ catalog: - id: ir-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current incident response:" @@ -38906,17 +33859,6 @@ catalog: - id: ir-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-01a.[01] class: sp800-53a @@ -38927,17 +33869,6 @@ catalog: - id: ir-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-01a.[02] class: sp800-53a @@ -38949,13 +33880,6 @@ catalog: - id: ir-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-01a.[03] class: sp800-53a @@ -38968,13 +33892,6 @@ catalog: - id: ir-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-01a.[04] class: sp800-53a @@ -38993,13 +33910,6 @@ catalog: - id: ir-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-01a.01(a) class: sp800-53a @@ -39088,13 +33998,6 @@ catalog: - id: ir-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-01a.01(b) class: sp800-53a @@ -39114,17 +34017,6 @@ catalog: - id: ir-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-01b. class: sp800-53a @@ -39144,17 +34036,6 @@ catalog: - id: ir-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-01c.01 class: sp800-53a @@ -39188,17 +34069,6 @@ catalog: - id: ir-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-01c.02 class: sp800-53a @@ -39305,6 +34175,9 @@ catalog: - prose: events that initiate a review of the incident response training content are defined; props: + - name: label + value: IR-02 + class: zero-padded - name: label value: IR-2 - name: label @@ -39346,9 +34219,6 @@ catalog: - id: ir-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Provide incident response training to system users consistent\ @@ -39377,9 +34247,6 @@ catalog: - id: ir-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update incident response training content {{\ @@ -39420,17 +34287,6 @@ catalog: - id: ir-2_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-02a.01 class: sp800-53a @@ -39444,17 +34300,6 @@ catalog: - id: ir-2_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-02a.02 class: sp800-53a @@ -39467,17 +34312,6 @@ catalog: - id: ir-2_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-02a.03 class: sp800-53a @@ -39500,17 +34334,6 @@ catalog: - id: ir-2_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-02b.[01] class: sp800-53a @@ -39522,17 +34345,6 @@ catalog: - id: ir-2_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-02b.[02] class: sp800-53a @@ -39613,9 +34425,9 @@ catalog: - prose: tests used to test the effectiveness of the incident response capability for the system are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IR-03 + class: zero-padded - name: label value: IR-3 - name: label @@ -39651,10 +34463,6 @@ catalog: parts: - id: ir-3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Test the effectiveness of the incident response capability for\ \ the system {{ insert: param, ir-03_odp.01 }} using the following\ \ tests: {{ insert: param, ir-03_odp.02 }}." @@ -39688,17 +34496,6 @@ catalog: - id: ir-3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-03 class: sp800-53a @@ -39766,6 +34563,9 @@ catalog: class: SP800-53-enhancement title: Coordination with Related Plans props: + - name: label + value: IR-03(02) + class: zero-padded - name: label value: IR-3(2) - name: label @@ -39785,10 +34585,6 @@ catalog: parts: - id: ir-3.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Coordinate incident response testing with organizational elements responsible for related plans. - id: ir-3.2_gdn @@ -39800,17 +34596,6 @@ catalog: - id: ir-3.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-03(02) class: sp800-53a @@ -39886,9 +34671,9 @@ catalog: class: SP800-53 title: Incident Handling props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IR-04 + class: zero-padded - name: label value: IR-4 - name: label @@ -39969,9 +34754,6 @@ catalog: - id: ir-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Implement an incident handling capability for incidents that @@ -39980,9 +34762,6 @@ catalog: - id: ir-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Coordinate incident handling activities with contingency @@ -39990,9 +34769,6 @@ catalog: - id: ir-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Incorporate lessons learned from ongoing incident handling @@ -40001,9 +34777,6 @@ catalog: - id: ir-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Ensure the rigor, intensity, scope, and results of incident @@ -40075,17 +34848,6 @@ catalog: - id: ir-4_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04a.[01] class: sp800-53a @@ -40097,17 +34859,6 @@ catalog: - id: ir-4_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04a.[02] class: sp800-53a @@ -40166,17 +34917,6 @@ catalog: - id: ir-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04b. class: sp800-53a @@ -40195,17 +34935,6 @@ catalog: - id: ir-4_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04c.[01] class: sp800-53a @@ -40218,17 +34947,6 @@ catalog: - id: ir-4_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04c.[02] class: sp800-53a @@ -40243,17 +34961,6 @@ catalog: - id: ir-4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04d. class: sp800-53a @@ -40379,9 +35086,9 @@ catalog: - prose: automated mechanisms used to support the incident handling process are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: IR-04(01) + class: zero-padded - name: label value: IR-4(1) - name: label @@ -40398,10 +35105,6 @@ catalog: parts: - id: ir-4.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Support the incident handling process using {{ insert: param,\ \ ir-04.01_odp }}." - id: ir-4.1_gdn @@ -40413,17 +35116,6 @@ catalog: - id: ir-4.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-04(01) class: sp800-53a @@ -40503,6 +35195,9 @@ catalog: class: SP800-53 title: Incident Monitoring props: + - name: label + value: IR-05 + class: zero-padded - name: label value: IR-5 - name: label @@ -40546,10 +35241,6 @@ catalog: parts: - id: ir-5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Track and document incidents. - id: ir-5_gdn name: guidance @@ -40565,17 +35256,6 @@ catalog: - id: ir-5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-05 class: sp800-53a @@ -40681,6 +35361,9 @@ catalog: - prose: authorities to whom incident information is to be reported are defined; props: + - name: label + value: IR-06 + class: zero-padded - name: label value: IR-6 - name: label @@ -40719,9 +35402,6 @@ catalog: - id: ir-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Require personnel to report suspected incidents to the organizational\ @@ -40730,9 +35410,6 @@ catalog: - id: ir-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Report incident information to {{ insert: param, ir-06_odp.02\ @@ -40766,17 +35443,6 @@ catalog: - id: ir-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-06a. class: sp800-53a @@ -40789,17 +35455,6 @@ catalog: - id: ir-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-06b. class: sp800-53a @@ -40890,6 +35545,9 @@ catalog: - prose: automated mechanisms used for reporting incidents are defined; props: + - name: label + value: IR-06(01) + class: zero-padded - name: label value: IR-6(1) - name: label @@ -40908,10 +35566,6 @@ catalog: parts: - id: ir-6.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Report incidents using {{ insert: param, ir-06.01_odp }}." - id: ir-6.1_gdn name: guidance @@ -40922,21 +35576,6 @@ catalog: - id: ir-6.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-06(01) class: sp800-53a @@ -41017,6 +35656,9 @@ catalog: class: SP800-53-enhancement title: Supply Chain Coordination props: + - name: label + value: IR-06(03) + class: zero-padded - name: label value: IR-6(3) - name: label @@ -41035,10 +35677,6 @@ catalog: parts: - id: ir-6.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Provide incident information to the provider of the product or service and other organizations involved in the supply chain or supply chain governance for systems or system components related @@ -41060,17 +35698,6 @@ catalog: - id: ir-6.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-06(03) class: sp800-53a @@ -41172,6 +35799,9 @@ catalog: class: SP800-53 title: Incident Response Assistance props: + - name: label + value: IR-07 + class: zero-padded - name: label value: IR-7 - name: label @@ -41208,10 +35838,6 @@ catalog: parts: - id: ir-7_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Provide an incident response support resource, integral to the organizational incident response capability, that offers advice and assistance to users of the system for the handling and reporting of @@ -41232,17 +35858,6 @@ catalog: - id: ir-7_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-07[01] class: sp800-53a @@ -41254,17 +35869,6 @@ catalog: - id: ir-7_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-07[02] class: sp800-53a @@ -41349,6 +35953,9 @@ catalog: - prose: automated mechanisms used to increase the availability of incident response information and support are defined; props: + - name: label + value: IR-07(01) + class: zero-padded - name: label value: IR-7(1) - name: label @@ -41365,10 +35972,6 @@ catalog: parts: - id: ir-7.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Increase the availability of incident response information\ \ and support using {{ insert: param, ir-07.01_odp }}." - id: ir-7.1_gdn @@ -41383,21 +35986,6 @@ catalog: - id: ir-7.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-07(01) class: sp800-53a @@ -41531,6 +36119,9 @@ catalog: - prose: organizational elements to which changes to the incident response plan are communicated are defined; props: + - name: label + value: IR-08 + class: zero-padded - name: label value: IR-8 - name: label @@ -41577,9 +36168,6 @@ catalog: - id: ir-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Develop an incident response plan that:" @@ -41655,9 +36243,6 @@ catalog: - id: ir-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Distribute copies of the incident response plan to {{ insert:\ @@ -41665,9 +36250,6 @@ catalog: - id: ir-8_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Update the incident response plan to address system and organizational @@ -41676,9 +36258,6 @@ catalog: - id: ir-8_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Communicate incident response plan changes to {{ insert:\ @@ -41686,9 +36265,6 @@ catalog: - id: ir-8_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Protect the incident response plan from unauthorized disclosure @@ -41744,13 +36320,6 @@ catalog: - id: ir-8_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.01 class: sp800-53a @@ -41763,13 +36332,6 @@ catalog: - id: ir-8_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.02 class: sp800-53a @@ -41781,13 +36343,6 @@ catalog: - id: ir-8_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.03 class: sp800-53a @@ -41800,13 +36355,6 @@ catalog: - id: ir-8_obj.a.4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.04 class: sp800-53a @@ -41819,13 +36367,6 @@ catalog: - id: ir-8_obj.a.5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.05 class: sp800-53a @@ -41837,13 +36378,6 @@ catalog: - id: ir-8_obj.a.6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.06 class: sp800-53a @@ -41856,13 +36390,6 @@ catalog: - id: ir-8_obj.a.7 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.07 class: sp800-53a @@ -41875,13 +36402,6 @@ catalog: - id: ir-8_obj.a.8 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.08 class: sp800-53a @@ -41893,13 +36413,6 @@ catalog: - id: ir-8_obj.a.9 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.09 class: sp800-53a @@ -41912,13 +36425,6 @@ catalog: - id: ir-8_obj.a.10 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-08a.10 class: sp800-53a @@ -41934,13 +36440,6 @@ catalog: - id: ir-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-08b. class: sp800-53a @@ -41973,17 +36472,6 @@ catalog: - id: ir-8_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-08c. class: sp800-53a @@ -41996,17 +36484,6 @@ catalog: - id: ir-8_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-08d. class: sp800-53a @@ -42039,13 +36516,6 @@ catalog: - id: ir-8_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-08e. class: sp800-53a @@ -42154,6 +36624,9 @@ catalog: guidelines: - prose: actions to be performed are defined; props: + - name: label + value: IR-09 + class: zero-padded - name: label value: IR-9 - name: label @@ -42189,9 +36662,6 @@ catalog: - id: ir-9_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Assigning {{ insert: param, ir-09_odp.01 }} with responsibility\ @@ -42199,9 +36669,6 @@ catalog: - id: ir-9_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Identifying the specific information involved in the system @@ -42209,9 +36676,6 @@ catalog: - id: ir-9_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Alerting {{ insert: param, ir-09_odp.02 }} of the information\ @@ -42220,18 +36684,12 @@ catalog: - id: ir-9_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Isolating the contaminated system or system component; - id: ir-9_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Eradicating the information from the contaminated system @@ -42239,9 +36697,6 @@ catalog: - id: ir-9_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: Identifying other systems or system components that may have @@ -42249,9 +36704,6 @@ catalog: - id: ir-9_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: "Performing the following additional actions: {{ insert:\ @@ -42282,17 +36734,6 @@ catalog: - id: ir-9_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-09a. class: sp800-53a @@ -42304,17 +36745,6 @@ catalog: - id: ir-9_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: IR-09b. class: sp800-53a @@ -42326,17 +36756,6 @@ catalog: - id: ir-9_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-09c. class: sp800-53a @@ -42349,17 +36768,6 @@ catalog: - id: ir-9_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-09d. class: sp800-53a @@ -42371,17 +36779,6 @@ catalog: - id: ir-9_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-09e. class: sp800-53a @@ -42393,17 +36790,6 @@ catalog: - id: ir-9_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-09f. class: sp800-53a @@ -42415,17 +36801,6 @@ catalog: - id: ir-9_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-09g. class: sp800-53a @@ -42518,6 +36893,9 @@ catalog: - prose: frequency at which to provide information spillage response training is defined; props: + - name: label + value: IR-09(02) + class: zero-padded - name: label value: IR-9(2) - name: label @@ -42542,10 +36920,6 @@ catalog: parts: - id: ir-9.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Provide information spillage response training {{ insert:\ \ param, ir-09.02_odp }}." - id: ir-9.2_gdn @@ -42558,13 +36932,6 @@ catalog: - id: ir-9.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-09(02) class: sp800-53a @@ -42636,6 +37003,9 @@ catalog: out assigned tasks while contaminated systems are undergoing corrective actions are defined; props: + - name: label + value: IR-09(03) + class: zero-padded - name: label value: IR-9(3) - name: label @@ -42652,10 +37022,6 @@ catalog: parts: - id: ir-9.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement the following procedures to ensure that organizational\ \ personnel impacted by information spills can continue to carry\ \ out assigned tasks while contaminated systems are undergoing\ @@ -42670,13 +37036,6 @@ catalog: - id: ir-9.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: IR-09(03) class: sp800-53a @@ -42749,6 +37108,9 @@ catalog: - prose: controls employed for personnel exposed to information not within assigned access authorizations are defined; props: + - name: label + value: IR-09(04) + class: zero-padded - name: label value: IR-9(4) - name: label @@ -42765,10 +37127,6 @@ catalog: parts: - id: ir-9.4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Employ the following controls for personnel exposed to information\ \ not within assigned access authorizations: {{ insert: param,\ \ ir-09.04_odp }}." @@ -42782,13 +37140,6 @@ catalog: - id: ir-9.4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: IR-09(04) class: sp800-53a @@ -42923,6 +37274,9 @@ catalog: - prose: events that would require the maintenance procedures to be reviewed and updated are defined; props: + - name: label + value: MA-01 + class: zero-padded - name: label value: MA-1 - name: label @@ -42960,11 +37314,6 @@ catalog: - id: ma-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -43004,9 +37353,6 @@ catalog: - id: ma-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ma-01_odp.04 }} to manage\ @@ -43015,11 +37361,6 @@ catalog: - id: ma-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current maintenance:" @@ -43079,17 +37420,6 @@ catalog: - id: ma-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-01a.[01] class: sp800-53a @@ -43100,17 +37430,6 @@ catalog: - id: ma-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-01a.[02] class: sp800-53a @@ -43122,13 +37441,6 @@ catalog: - id: ma-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MA-01a.[03] class: sp800-53a @@ -43141,13 +37453,6 @@ catalog: - id: ma-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MA-01a.[04] class: sp800-53a @@ -43166,13 +37471,6 @@ catalog: - id: ma-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MA-01a.01(a) class: sp800-53a @@ -43261,13 +37559,6 @@ catalog: - id: ma-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MA-01a.01(b) class: sp800-53a @@ -43287,17 +37578,6 @@ catalog: - id: ma-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-01b. class: sp800-53a @@ -43317,17 +37597,6 @@ catalog: - id: ma-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-01c.01 class: sp800-53a @@ -43360,17 +37629,6 @@ catalog: - id: ma-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-01c.02 class: sp800-53a @@ -43467,6 +37725,9 @@ catalog: - prose: information to be included in organizational maintenance records is defined; props: + - name: label + value: MA-02 + class: zero-padded - name: label value: MA-2 - name: label @@ -43513,9 +37774,6 @@ catalog: - id: ma-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Schedule, document, and review records of maintenance, repair, @@ -43524,9 +37782,6 @@ catalog: - id: ma-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Approve and monitor all maintenance activities, whether performed @@ -43535,9 +37790,6 @@ catalog: - id: ma-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Require that {{ insert: param, ma-02_odp.01 }} explicitly\ @@ -43547,9 +37799,6 @@ catalog: - id: ma-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Sanitize equipment to remove the following information from\ @@ -43559,9 +37808,6 @@ catalog: - id: ma-2_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Check all potentially impacted controls to verify that the @@ -43570,9 +37816,6 @@ catalog: - id: ma-2_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Include the following information in organizational maintenance\ @@ -43599,21 +37842,6 @@ catalog: - id: ma-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-02a. class: sp800-53a @@ -43660,17 +37888,6 @@ catalog: - id: ma-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-02b. class: sp800-53a @@ -43705,17 +37922,6 @@ catalog: - id: ma-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-02c. class: sp800-53a @@ -43729,17 +37935,6 @@ catalog: - id: ma-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MA-02d. class: sp800-53a @@ -43752,13 +37947,6 @@ catalog: - id: ma-2_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-02e. class: sp800-53a @@ -43771,13 +37959,6 @@ catalog: - id: ma-2_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-02f. class: sp800-53a @@ -43875,6 +38056,9 @@ catalog: - prose: frequency at which to review previously approved system maintenance tools is defined; props: + - name: label + value: MA-03 + class: zero-padded - name: label value: MA-3 - name: label @@ -43899,9 +38083,6 @@ catalog: - id: ma-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Approve, control, and monitor the use of system maintenance @@ -43909,9 +38090,6 @@ catalog: - id: ma-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review previously approved system maintenance tools {{ insert:\ @@ -43947,21 +38125,6 @@ catalog: - id: ma-3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-03a. class: sp800-53a @@ -44002,21 +38165,6 @@ catalog: - id: ma-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-03b. class: sp800-53a @@ -44091,6 +38239,9 @@ catalog: class: SP800-53-enhancement title: Inspect Tools props: + - name: label + value: MA-03(01) + class: zero-padded - name: label value: MA-3(1) - name: label @@ -44109,10 +38260,6 @@ catalog: parts: - id: ma-3.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Inspect the maintenance tools used by maintenance personnel for improper or unauthorized modifications. - id: ma-3.1_gdn @@ -44126,21 +38273,6 @@ catalog: - id: ma-3.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-03(01) class: sp800-53a @@ -44213,9 +38345,9 @@ catalog: class: SP800-53-enhancement title: Inspect Media props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: MA-03(02) + class: zero-padded - name: label value: MA-3(2) - name: label @@ -44234,10 +38366,6 @@ catalog: parts: - id: ma-3.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Check media containing diagnostic and test programs for malicious code before the media are used in the system. - id: ma-3.2_gdn @@ -44249,21 +38377,6 @@ catalog: - id: ma-3.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-03(02) class: sp800-53a @@ -44342,6 +38455,9 @@ catalog: - prose: personnel or roles who can authorize removal of equipment from the facility is/are defined; props: + - name: label + value: MA-03(03) + class: zero-padded - name: label value: MA-3(3) - name: label @@ -44366,9 +38482,6 @@ catalog: - id: ma-3.3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Verifying that there is no organizational information @@ -44376,27 +38489,18 @@ catalog: - id: ma-3.3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Sanitizing or destroying the equipment; - id: ma-3.3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: Retaining the equipment within the facility; or - id: ma-3.3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (d) prose: "Obtaining an exemption from {{ insert: param, ma-03.03_odp\ @@ -44410,21 +38514,6 @@ catalog: - id: ma-3.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-03(03) class: sp800-53a @@ -44555,6 +38644,9 @@ catalog: class: SP800-53 title: Nonlocal Maintenance props: + - name: label + value: MA-04 + class: zero-padded - name: label value: MA-4 - name: label @@ -44613,18 +38705,12 @@ catalog: - id: ma-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Approve and monitor nonlocal maintenance and diagnostic activities; - id: ma-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Allow the use of nonlocal maintenance and diagnostic tools @@ -44633,9 +38719,6 @@ catalog: - id: ma-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Employ strong authentication in the establishment of nonlocal @@ -44643,9 +38726,6 @@ catalog: - id: ma-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Maintain records for nonlocal maintenance and diagnostic @@ -44653,9 +38733,6 @@ catalog: - id: ma-4_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Terminate session and network connections when nonlocal maintenance @@ -44685,17 +38762,6 @@ catalog: - id: ma-4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-04a. class: sp800-53a @@ -44733,17 +38799,6 @@ catalog: - id: ma-4_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-04b.[01] class: sp800-53a @@ -44755,13 +38810,6 @@ catalog: - id: ma-4_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MA-04b.[02] class: sp800-53a @@ -44776,21 +38824,6 @@ catalog: - id: ma-4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-04c. class: sp800-53a @@ -44802,13 +38835,6 @@ catalog: - id: ma-4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-04d. class: sp800-53a @@ -44820,13 +38846,6 @@ catalog: - id: ma-4_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-04e. class: sp800-53a @@ -44941,6 +38960,9 @@ catalog: class: SP800-53 title: Maintenance Personnel props: + - name: label + value: MA-05 + class: zero-padded - name: label value: MA-5 - name: label @@ -44983,9 +39005,6 @@ catalog: - id: ma-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish a process for maintenance personnel authorization @@ -44994,9 +39013,6 @@ catalog: - id: ma-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Verify that non-escorted personnel performing maintenance @@ -45004,9 +39020,6 @@ catalog: - id: ma-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Designate organizational personnel with required access authorizations @@ -45038,13 +39051,6 @@ catalog: - id: ma-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MA-05a. class: sp800-53a @@ -45077,21 +39083,6 @@ catalog: - id: ma-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-05b. class: sp800-53a @@ -45103,21 +39094,6 @@ catalog: - id: ma-5_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-05c. class: sp800-53a @@ -45207,6 +39183,9 @@ catalog: the event that a system component cannot be sanitized, removed, or disconnected from the system are defined; props: + - name: label + value: MA-05(01) + class: zero-padded - name: label value: MA-5(1) - name: label @@ -45231,9 +39210,6 @@ catalog: - id: ma-5.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Implement procedures for the use of maintenance personnel\ @@ -45266,9 +39242,6 @@ catalog: - id: ma-5.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Develop and implement {{ insert: param, ma-05.01_odp\ @@ -45310,17 +39283,6 @@ catalog: - id: ma-5.1_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-05(01)(a)(01) class: sp800-53a @@ -45337,17 +39299,6 @@ catalog: - id: ma-5.1_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-05(01)(a)(02) class: sp800-53a @@ -45367,21 +39318,6 @@ catalog: - id: ma-5.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-05(01)(b) class: sp800-53a @@ -45499,6 +39435,9 @@ catalog: - prose: time period within which maintenance support and/or spare parts are to be obtained after a failure are defined; props: + - name: label + value: MA-06 + class: zero-padded - name: label value: MA-6 - name: label @@ -45531,10 +39470,6 @@ catalog: parts: - id: ma-6_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Obtain maintenance support and/or spare parts for {{ insert:\ \ param, ma-06_odp.01 }} within {{ insert: param, ma-06_odp.02 }}\ \ of failure." @@ -45548,21 +39483,6 @@ catalog: - id: ma-6_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MA-06 class: sp800-53a @@ -45691,6 +39611,9 @@ catalog: - prose: events that would require media protection procedures to be reviewed and updated are defined; props: + - name: label + value: MP-01 + class: zero-padded - name: label value: MP-1 - name: label @@ -45728,11 +39651,6 @@ catalog: - id: mp-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -45772,9 +39690,6 @@ catalog: - id: mp-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, mp-01_odp.04 }} to manage\ @@ -45783,11 +39698,6 @@ catalog: - id: mp-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current media protection:" @@ -45847,17 +39757,6 @@ catalog: - id: mp-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MP-01a.[01] class: sp800-53a @@ -45868,17 +39767,6 @@ catalog: - id: mp-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MP-01a.[02] class: sp800-53a @@ -45890,13 +39778,6 @@ catalog: - id: mp-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MP-01a.[03] class: sp800-53a @@ -45909,13 +39790,6 @@ catalog: - id: mp-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MP-01a.[04] class: sp800-53a @@ -45934,13 +39808,6 @@ catalog: - id: mp-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MP-01a.01(a) class: sp800-53a @@ -46029,13 +39896,6 @@ catalog: - id: mp-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MP-01a.01(b) class: sp800-53a @@ -46054,17 +39914,6 @@ catalog: - id: mp-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MP-01b. class: sp800-53a @@ -46084,17 +39933,6 @@ catalog: - id: mp-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MP-01c.01 class: sp800-53a @@ -46128,17 +39966,6 @@ catalog: - id: mp-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MP-01c.02 class: sp800-53a @@ -46246,6 +40073,9 @@ catalog: - prose: personnel or roles authorized to access non-digital media is/are defined; props: + - name: label + value: MP-02 + class: zero-padded - name: label value: MP-2 - name: label @@ -46294,10 +40124,6 @@ catalog: parts: - id: mp-2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Restrict access to {{ insert: param, mp-2_prm_1 }} to {{ insert:\ \ param, mp-2_prm_2 }}." - id: mp-2_gdn @@ -46323,21 +40149,6 @@ catalog: - id: mp-2_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-02[01] class: sp800-53a @@ -46349,21 +40160,6 @@ catalog: - id: mp-2_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-02[02] class: sp800-53a @@ -46456,6 +40252,9 @@ catalog: guidelines: - prose: controlled areas where media is exempt from marking are defined; props: + - name: label + value: MP-03 + class: zero-padded - name: label value: MP-3 - name: label @@ -46490,9 +40289,6 @@ catalog: - id: mp-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Mark system media indicating the distribution limitations, @@ -46501,9 +40297,6 @@ catalog: - id: mp-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Exempt {{ insert: param, mp-03_odp.01 }} from marking if\ @@ -46544,13 +40337,6 @@ catalog: - id: mp-3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-03a. class: sp800-53a @@ -46563,13 +40349,6 @@ catalog: - id: mp-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-03b. class: sp800-53a @@ -46682,6 +40461,9 @@ catalog: - prose: controlled areas within which to securely store non-digital media are defined; props: + - name: label + value: MP-04 + class: zero-padded - name: label value: MP-4 - name: label @@ -46744,9 +40526,6 @@ catalog: - id: mp-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Physically control and securely store {{ insert: param,\ @@ -46754,9 +40533,6 @@ catalog: - id: mp-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Protect system media types defined in MP-4a until the media @@ -46809,21 +40585,6 @@ catalog: - id: mp-4_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-04a.[01] class: sp800-53a @@ -46834,21 +40595,6 @@ catalog: - id: mp-4_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-04a.[02] class: sp800-53a @@ -46859,21 +40605,6 @@ catalog: - id: mp-4_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-04a.[03] class: sp800-53a @@ -46885,21 +40616,6 @@ catalog: - id: mp-4_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-04a.[04] class: sp800-53a @@ -46914,21 +40630,6 @@ catalog: - id: mp-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-04b. class: sp800-53a @@ -47032,6 +40733,9 @@ catalog: - prose: controls used to control system media outside of controlled areas are defined; props: + - name: label + value: MP-05 + class: zero-padded - name: label value: MP-5 - name: label @@ -47080,9 +40784,6 @@ catalog: - id: mp-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Protect and control {{ insert: param, mp-05_odp.01 }} during\ @@ -47091,9 +40792,6 @@ catalog: - id: mp-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Maintain accountability for system media during transport @@ -47101,9 +40799,6 @@ catalog: - id: mp-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Document activities associated with the transport of system @@ -47111,9 +40806,6 @@ catalog: - id: mp-5_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Restrict the activities associated with the transport of @@ -47165,21 +40857,6 @@ catalog: - id: mp-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-05a. class: sp800-53a @@ -47214,21 +40891,6 @@ catalog: - id: mp-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-05b. class: sp800-53a @@ -47240,13 +40902,6 @@ catalog: - id: mp-5_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: MP-05c. class: sp800-53a @@ -47265,17 +40920,6 @@ catalog: - id: mp-5_obj.d-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: MP-05d.[01] class: sp800-53a @@ -47287,13 +40931,6 @@ catalog: - id: mp-5_obj.d-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-05d.[02] class: sp800-53a @@ -47415,6 +41052,9 @@ catalog: - prose: sanitization techniques and procedures to be used for sanitization prior to release for reuse are defined; props: + - name: label + value: MP-06 + class: zero-padded - name: label value: MP-6 - name: label @@ -47477,9 +41117,6 @@ catalog: - id: mp-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Sanitize {{ insert: param, mp-6_prm_1 }} prior to disposal,\ @@ -47488,9 +41125,6 @@ catalog: - id: mp-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Employ sanitization mechanisms with the strength and integrity @@ -47533,21 +41167,6 @@ catalog: - id: mp-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-06a. class: sp800-53a @@ -47592,21 +41211,6 @@ catalog: - id: mp-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-06b. class: sp800-53a @@ -47731,6 +41335,9 @@ catalog: - prose: controls to restrict or prohibit the use of specific types of system media on systems or system components are defined; props: + - name: label + value: MP-07 + class: zero-padded - name: label value: MP-7 - name: label @@ -47765,9 +41372,6 @@ catalog: - id: mp-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: " {{ insert: param, mp-07_odp.02 }} the use of {{ insert:\ @@ -47776,9 +41380,6 @@ catalog: - id: mp-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Prohibit the use of portable storage devices in organizational @@ -47818,21 +41419,6 @@ catalog: - id: mp-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-07a. class: sp800-53a @@ -47845,21 +41431,6 @@ catalog: - id: mp-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: MP-07b. class: sp800-53a @@ -47996,6 +41567,9 @@ catalog: - prose: events that would require the physical and environmental protection procedures to be reviewed and updated are defined; props: + - name: label + value: PE-01 + class: zero-padded - name: label value: PE-1 - name: label @@ -48033,11 +41607,6 @@ catalog: - id: pe-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -48078,9 +41647,6 @@ catalog: - id: pe-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, pe-01_odp.04 }} to manage\ @@ -48089,11 +41655,6 @@ catalog: - id: pe-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current physical and environmental\ @@ -48155,17 +41716,6 @@ catalog: - id: pe-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-01a.[01] class: sp800-53a @@ -48177,17 +41727,6 @@ catalog: - id: pe-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-01a.[02] class: sp800-53a @@ -48199,13 +41738,6 @@ catalog: - id: pe-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PE-01a.[03] class: sp800-53a @@ -48219,13 +41751,6 @@ catalog: - id: pe-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PE-01a.[04] class: sp800-53a @@ -48244,13 +41769,6 @@ catalog: - id: pe-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PE-01a.01(a) class: sp800-53a @@ -48340,13 +41858,6 @@ catalog: - id: pe-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PE-01a.01(b) class: sp800-53a @@ -48366,17 +41877,6 @@ catalog: - id: pe-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-01b. class: sp800-53a @@ -48396,17 +41896,6 @@ catalog: - id: pe-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-01c.01 class: sp800-53a @@ -48441,17 +41930,6 @@ catalog: - id: pe-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-01c.02 class: sp800-53a @@ -48540,6 +42018,9 @@ catalog: - prose: frequency at which to review the access list detailing authorized facility access by individuals is defined; props: + - name: label + value: PE-02 + class: zero-padded - name: label value: PE-2 - name: label @@ -48594,9 +42075,6 @@ catalog: - id: pe-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Develop, approve, and maintain a list of individuals with @@ -48604,18 +42082,12 @@ catalog: - id: pe-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Issue authorization credentials for facility access; - id: pe-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Review the access list detailing authorized facility access\ @@ -48623,9 +42095,6 @@ catalog: - id: pe-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Remove individuals from the facility access list when access @@ -48651,17 +42120,6 @@ catalog: - id: pe-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-02a. class: sp800-53a @@ -48705,13 +42163,6 @@ catalog: - id: pe-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-02b. class: sp800-53a @@ -48722,13 +42173,6 @@ catalog: - id: pe-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-02c. class: sp800-53a @@ -48740,13 +42184,6 @@ catalog: - id: pe-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-02d. class: sp800-53a @@ -48894,9 +42331,9 @@ catalog: guidelines: - prose: frequency at which to change keys is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: PE-03 + class: zero-padded - name: label value: PE-3 - name: label @@ -48971,9 +42408,6 @@ catalog: - id: pe-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Enforce physical access authorizations at {{ insert: param,\ @@ -48996,9 +42430,6 @@ catalog: - id: pe-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Maintain physical access audit logs for {{ insert: param,\ @@ -49006,9 +42437,6 @@ catalog: - id: pe-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Control access to areas within the facility designated as\ @@ -49017,9 +42445,6 @@ catalog: - id: pe-3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Escort visitors and control visitor activity {{ insert:\ @@ -49027,18 +42452,12 @@ catalog: - id: pe-3_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Secure keys, combinations, and other physical access devices; - id: pe-3_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Inventory {{ insert: param, pe-03_odp.07 }} every {{ insert:\ @@ -49046,9 +42465,6 @@ catalog: - id: pe-3_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: "Change combinations and keys {{ insert: param, pe-3_prm_9\ @@ -49091,13 +42507,6 @@ catalog: - id: pe-3_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03a.01 class: sp800-53a @@ -49110,17 +42519,6 @@ catalog: - id: pe-3_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03a.02 class: sp800-53a @@ -49136,17 +42534,6 @@ catalog: - id: pe-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-03b. class: sp800-53a @@ -49158,13 +42545,6 @@ catalog: - id: pe-3_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03c. class: sp800-53a @@ -49184,13 +42564,6 @@ catalog: - id: pe-3_obj.d-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03d.[01] class: sp800-53a @@ -49201,17 +42574,6 @@ catalog: - id: pe-3_obj.d-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03d.[02] class: sp800-53a @@ -49233,13 +42595,6 @@ catalog: - id: pe-3_obj.e-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03e.[01] class: sp800-53a @@ -49250,13 +42605,6 @@ catalog: - id: pe-3_obj.e-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03e.[02] class: sp800-53a @@ -49267,13 +42615,6 @@ catalog: - id: pe-3_obj.e-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03e.[03] class: sp800-53a @@ -49287,17 +42628,6 @@ catalog: - id: pe-3_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-03f. class: sp800-53a @@ -49316,13 +42646,6 @@ catalog: - id: pe-3_obj.g-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03g.[01] class: sp800-53a @@ -49335,13 +42658,6 @@ catalog: - id: pe-3_obj.g-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-03g.[02] class: sp800-53a @@ -49453,6 +42769,9 @@ catalog: to system distribution and transmission lines within the organizational facility are defined; props: + - name: label + value: PE-04 + class: zero-padded - name: label value: PE-4 - name: label @@ -49487,10 +42806,6 @@ catalog: parts: - id: pe-4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Control physical access to {{ insert: param, pe-04_odp.01 }}\ \ within organizational facilities using {{ insert: param, pe-04_odp.02\ \ }}." @@ -49506,17 +42821,6 @@ catalog: - id: pe-4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-04 class: sp800-53a @@ -49603,6 +42907,9 @@ catalog: - prose: output devices that require physical access control to output are defined; props: + - name: label + value: PE-05 + class: zero-padded - name: label value: PE-5 - name: label @@ -49627,10 +42934,6 @@ catalog: parts: - id: pe-5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Control physical access to output from {{ insert: param, pe-05_odp\ \ }} to prevent unauthorized individuals from obtaining the output." - id: pe-5_gdn @@ -49645,13 +42948,6 @@ catalog: - id: pe-5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-05 class: sp800-53a @@ -49749,6 +43045,9 @@ catalog: - prose: events or potential indication of events requiring physical access logs to be reviewed are defined; props: + - name: label + value: PE-06 + class: zero-padded - name: label value: PE-6 - name: label @@ -49786,9 +43085,6 @@ catalog: - id: pe-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Monitor physical access to the facility where the system @@ -49796,9 +43092,6 @@ catalog: - id: pe-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review physical access logs {{ insert: param, pe-06_odp.01\ @@ -49807,9 +43100,6 @@ catalog: - id: pe-6_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Coordinate results of reviews and investigations with the @@ -49839,17 +43129,6 @@ catalog: - id: pe-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-06a. class: sp800-53a @@ -49868,13 +43147,6 @@ catalog: - id: pe-6_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-06b.[01] class: sp800-53a @@ -49886,13 +43158,6 @@ catalog: - id: pe-6_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-06b.[02] class: sp800-53a @@ -49914,17 +43179,6 @@ catalog: - id: pe-6_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-06c.[01] class: sp800-53a @@ -49936,17 +43190,6 @@ catalog: - id: pe-6_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-06c.[02] class: sp800-53a @@ -50031,6 +43274,9 @@ catalog: class: SP800-53-enhancement title: Intrusion Alarms and Surveillance Equipment props: + - name: label + value: PE-06(01) + class: zero-padded - name: label value: PE-6(1) - name: label @@ -50050,10 +43296,6 @@ catalog: parts: - id: pe-6.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Monitor physical access to the facility where the system resides using physical intrusion alarms and surveillance equipment. - id: pe-6.1_gdn @@ -50070,13 +43312,6 @@ catalog: - id: pe-6.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-06(01) class: sp800-53a @@ -50204,6 +43439,9 @@ catalog: - prose: personnel to whom visitor access records anomalies are reported to is/are defined; props: + - name: label + value: PE-08 + class: zero-padded - name: label value: PE-8 - name: label @@ -50231,9 +43469,6 @@ catalog: - id: pe-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Maintain visitor access records to the facility where the\ @@ -50241,9 +43476,6 @@ catalog: - id: pe-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review visitor access records {{ insert: param, pe-08_odp.02\ @@ -50251,9 +43483,6 @@ catalog: - id: pe-8_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Report anomalies in visitor access records to {{ insert:\ @@ -50277,17 +43506,6 @@ catalog: - id: pe-8_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-08a. class: sp800-53a @@ -50299,13 +43517,6 @@ catalog: - id: pe-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-08b. class: sp800-53a @@ -50317,17 +43528,6 @@ catalog: - id: pe-8_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-08c. class: sp800-53a @@ -50408,6 +43608,9 @@ catalog: class: SP800-53 title: Power Equipment and Cabling props: + - name: label + value: PE-09 + class: zero-padded - name: label value: PE-9 - name: label @@ -50424,10 +43627,6 @@ catalog: parts: - id: pe-9_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Protect power equipment and power cabling for the system from damage and destruction. - id: pe-9_gdn @@ -50443,13 +43642,6 @@ catalog: - id: pe-9_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-09 class: sp800-53a @@ -50549,6 +43741,9 @@ catalog: - prose: location of emergency shutoff switches or devices by system or system component is defined; props: + - name: label + value: PE-10 + class: zero-padded - name: label value: PE-10 - name: label @@ -50569,9 +43764,6 @@ catalog: - id: pe-10_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Provide the capability of shutting off power to {{ insert:\ @@ -50579,9 +43771,6 @@ catalog: - id: pe-10_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Place emergency shutoff switches or devices in {{ insert:\ @@ -50590,9 +43779,6 @@ catalog: - id: pe-10_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Protect emergency power shutoff capability from unauthorized @@ -50613,17 +43799,6 @@ catalog: - id: pe-10_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-10a. class: sp800-53a @@ -50635,13 +43810,6 @@ catalog: - id: pe-10_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-10b. class: sp800-53a @@ -50653,17 +43821,6 @@ catalog: - id: pe-10_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-10c. class: sp800-53a @@ -50748,6 +43905,9 @@ catalog: - an orderly shutdown of the system - transition of the system to long-term alternate power props: + - name: label + value: PE-11 + class: zero-padded - name: label value: PE-11 - name: label @@ -50768,10 +43928,6 @@ catalog: parts: - id: pe-11_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Provide an uninterruptible power supply to facilitate {{ insert:\ \ param, pe-11_odp }} in the event of a primary power source loss." - id: pe-11_gdn @@ -50792,17 +43948,6 @@ catalog: - id: pe-11_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-11 class: sp800-53a @@ -50875,6 +44020,9 @@ catalog: class: SP800-53 title: Emergency Lighting props: + - name: label + value: PE-12 + class: zero-padded - name: label value: PE-12 - name: label @@ -50893,10 +44041,6 @@ catalog: parts: - id: pe-12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ and maintain automatic emergency lighting for the system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility. @@ -50919,13 +44063,6 @@ catalog: - id: pe-12_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-12[01] class: sp800-53a @@ -50937,13 +44074,6 @@ catalog: - id: pe-12_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-12[02] class: sp800-53a @@ -50955,13 +44085,6 @@ catalog: - id: pe-12_obj-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-12[03] class: sp800-53a @@ -50973,13 +44096,6 @@ catalog: - id: pe-12_obj-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-12[04] class: sp800-53a @@ -51050,6 +44166,9 @@ catalog: class: SP800-53 title: Fire Protection props: + - name: label + value: PE-13 + class: zero-padded - name: label value: PE-13 - name: label @@ -51066,10 +44185,6 @@ catalog: parts: - id: pe-13_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ and maintain fire detection and suppression systems that are supported by an independent energy source. - id: pe-13_gdn @@ -51092,17 +44207,6 @@ catalog: - id: pe-13_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13[01] class: sp800-53a @@ -51113,17 +44217,6 @@ catalog: - id: pe-13_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13[02] class: sp800-53a @@ -51135,17 +44228,6 @@ catalog: - id: pe-13_obj-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13[03] class: sp800-53a @@ -51156,17 +44238,6 @@ catalog: - id: pe-13_obj-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13[04] class: sp800-53a @@ -51177,17 +44248,6 @@ catalog: - id: pe-13_obj-5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13[05] class: sp800-53a @@ -51199,17 +44259,6 @@ catalog: - id: pe-13_obj-6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13[06] class: sp800-53a @@ -51303,6 +44352,9 @@ catalog: - prose: emergency responders to be notified in the event of a fire are defined; props: + - name: label + value: PE-13(01) + class: zero-padded - name: label value: PE-13(1) - name: label @@ -51319,10 +44371,6 @@ catalog: parts: - id: pe-13.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Employ fire detection systems that activate automatically\ \ and notify {{ insert: param, pe-13.01_odp.01 }} and {{ insert:\ \ param, pe-13.01_odp.02 }} in the event of a fire." @@ -51345,13 +44393,6 @@ catalog: - id: pe-13.1_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13(01)[01] class: sp800-53a @@ -51363,17 +44404,6 @@ catalog: - id: pe-13.1_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13(01)[02] class: sp800-53a @@ -51386,17 +44416,6 @@ catalog: - id: pe-13.1_obj-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13(01)[03] class: sp800-53a @@ -51503,6 +44522,9 @@ catalog: - prose: emergency responders to be notified in the event of a fire are defined; props: + - name: label + value: PE-13(02) + class: zero-padded - name: label value: PE-13(2) - name: label @@ -51523,9 +44545,6 @@ catalog: - id: pe-13.2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Employ fire suppression systems that activate automatically\ @@ -51534,9 +44553,6 @@ catalog: - id: pe-13.2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Employ an automatic fire suppression capability when @@ -51567,13 +44583,6 @@ catalog: - id: pe-13.2_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13(02)(a)[01] class: sp800-53a @@ -51585,17 +44594,6 @@ catalog: - id: pe-13.2_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13(02)(a)[02] class: sp800-53a @@ -51607,17 +44605,6 @@ catalog: - id: pe-13.2_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13(02)(a)[03] class: sp800-53a @@ -51632,17 +44619,6 @@ catalog: - id: pe-13.2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-13(02)(b) class: sp800-53a @@ -51766,6 +44742,9 @@ catalog: - prose: frequency at which to monitor environmental control levels is defined; props: + - name: label + value: PE-14 + class: zero-padded - name: label value: PE-14 - name: label @@ -51788,9 +44767,6 @@ catalog: - id: pe-14_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Maintain {{ insert: param, pe-14_odp.01 }} levels within\ @@ -51799,9 +44775,6 @@ catalog: - id: pe-14_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Monitor environmental control levels {{ insert: param, pe-14_odp.04\ @@ -51836,17 +44809,6 @@ catalog: - id: pe-14_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-14a. class: sp800-53a @@ -51859,17 +44821,6 @@ catalog: - id: pe-14_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-14b. class: sp800-53a @@ -51942,6 +44893,9 @@ catalog: class: SP800-53 title: Water Damage Protection props: + - name: label + value: PE-15 + class: zero-padded - name: label value: PE-15 - name: label @@ -51960,10 +44914,6 @@ catalog: parts: - id: pe-15_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Protect the system from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel. @@ -51985,17 +44935,6 @@ catalog: - id: pe-15_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-15[01] class: sp800-53a @@ -52007,17 +44946,6 @@ catalog: - id: pe-15_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-15[02] class: sp800-53a @@ -52028,17 +44956,6 @@ catalog: - id: pe-15_obj-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-15[03] class: sp800-53a @@ -52049,17 +44966,6 @@ catalog: - id: pe-15_obj-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-15[04] class: sp800-53a @@ -52156,6 +45062,9 @@ catalog: - prose: types of system components to be authorized and controlled when exiting the facility are defined; props: + - name: label + value: PE-16 + class: zero-padded - name: label value: PE-16 - name: label @@ -52194,9 +45103,6 @@ catalog: - id: pe-16_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Authorize and control {{ insert: param, pe-16_prm_1 }} entering\ @@ -52204,9 +45110,6 @@ catalog: - id: pe-16_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Maintain records of the system components. @@ -52232,17 +45135,6 @@ catalog: - id: pe-16_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-16a.[01] class: sp800-53a @@ -52254,17 +45146,6 @@ catalog: - id: pe-16_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-16a.[02] class: sp800-53a @@ -52276,17 +45157,6 @@ catalog: - id: pe-16_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-16a.[03] class: sp800-53a @@ -52298,17 +45168,6 @@ catalog: - id: pe-16_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-16a.[04] class: sp800-53a @@ -52323,17 +45182,6 @@ catalog: - id: pe-16_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-16b. class: sp800-53a @@ -52424,6 +45272,9 @@ catalog: guidelines: - prose: controls to be employed at alternate work sites are defined; props: + - name: label + value: PE-17 + class: zero-padded - name: label value: PE-17 - name: label @@ -52450,9 +45301,6 @@ catalog: - id: pe-17_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Determine and document the {{ insert: param, pe-17_odp.01\ @@ -52460,9 +45308,6 @@ catalog: - id: pe-17_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Employ the following controls at alternate work sites: {{\ @@ -52470,9 +45315,6 @@ catalog: - id: pe-17_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Assess the effectiveness of controls at alternate work sites; @@ -52480,9 +45322,6 @@ catalog: - id: pe-17_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Provide a means for employees to communicate with information @@ -52508,17 +45347,6 @@ catalog: - id: pe-17_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-17a. class: sp800-53a @@ -52529,17 +45357,6 @@ catalog: - id: pe-17_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-17b. class: sp800-53a @@ -52551,17 +45368,6 @@ catalog: - id: pe-17_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PE-17c. class: sp800-53a @@ -52573,17 +45379,6 @@ catalog: - id: pe-17_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PE-17d. class: sp800-53a @@ -52735,6 +45530,9 @@ catalog: - prose: events that would require procedures to be reviewed and updated are defined; props: + - name: label + value: PL-01 + class: zero-padded - name: label value: PL-1 - name: label @@ -52774,11 +45572,6 @@ catalog: - id: pl-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -52817,9 +45610,6 @@ catalog: - id: pl-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, pl-01_odp.04 }} to manage\ @@ -52828,11 +45618,6 @@ catalog: - id: pl-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current planning:" @@ -52891,17 +45676,6 @@ catalog: - id: pl-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-01a.[01] class: sp800-53a @@ -52912,17 +45686,6 @@ catalog: - id: pl-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-01a.[02] class: sp800-53a @@ -52934,13 +45697,6 @@ catalog: - id: pl-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-01a.[03] class: sp800-53a @@ -52953,13 +45709,6 @@ catalog: - id: pl-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-01a.[04] class: sp800-53a @@ -52978,13 +45727,6 @@ catalog: - id: pl-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-01a.01(a) class: sp800-53a @@ -53073,13 +45815,6 @@ catalog: - id: pl-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-01a.01(b) class: sp800-53a @@ -53098,17 +45833,6 @@ catalog: - id: pl-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-01b. class: sp800-53a @@ -53128,17 +45852,6 @@ catalog: - id: pl-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-01c.01 class: sp800-53a @@ -53171,17 +45884,6 @@ catalog: - id: pl-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-01c.02 class: sp800-53a @@ -53281,6 +45983,9 @@ catalog: - prose: frequency to review system security and privacy plans is defined; props: + - name: label + value: PL-02 + class: zero-padded - name: label value: PL-2 - name: label @@ -53386,9 +46091,6 @@ catalog: - id: pl-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Develop security and privacy plans for the system that:" @@ -53502,9 +46204,6 @@ catalog: - id: pl-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Distribute copies of the plans and communicate subsequent\ @@ -53512,18 +46211,12 @@ catalog: - id: pl-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Review the plans {{ insert: param, pl-02_odp.03 }};" - id: pl-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Update the plans to address changes to the system and environment @@ -53532,9 +46225,6 @@ catalog: - id: pl-2_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Protect the plans from unauthorized disclosure and modification. @@ -53629,39 +46319,6 @@ catalog: - id: pl-2_obj.a.1-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.01[01] class: sp800-53a @@ -53673,39 +46330,6 @@ catalog: - id: pl-2_obj.a.1-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.01[02] class: sp800-53a @@ -53793,13 +46417,6 @@ catalog: - id: pl-2_obj.a.4-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.04[01] class: sp800-53a @@ -53812,13 +46429,6 @@ catalog: - id: pl-2_obj.a.4-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.04[02] class: sp800-53a @@ -53833,13 +46443,6 @@ catalog: - id: pl-2_obj.a.5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.05 class: sp800-53a @@ -53874,13 +46477,6 @@ catalog: - id: pl-2_obj.a.6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.06 class: sp800-53a @@ -53915,13 +46511,6 @@ catalog: - id: pl-2_obj.a.7 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.07 class: sp800-53a @@ -53956,13 +46545,6 @@ catalog: - id: pl-2_obj.a.8 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.08 class: sp800-53a @@ -53997,17 +46579,6 @@ catalog: - id: pl-2_obj.a.9 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.09 class: sp800-53a @@ -54050,13 +46621,6 @@ catalog: - id: pl-2_obj.a.10-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.10[01] class: sp800-53a @@ -54069,13 +46633,6 @@ catalog: - id: pl-2_obj.a.10-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.10[02] class: sp800-53a @@ -54090,13 +46647,6 @@ catalog: - id: pl-2_obj.a.11 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.11 class: sp800-53a @@ -54137,13 +46687,6 @@ catalog: - id: pl-2_obj.a.12-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.12[01] class: sp800-53a @@ -54157,13 +46700,6 @@ catalog: - id: pl-2_obj.a.12-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-02a.12[02] class: sp800-53a @@ -54186,17 +46722,6 @@ catalog: - id: pl-2_obj.a.13-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.13[01] class: sp800-53a @@ -54209,17 +46734,6 @@ catalog: - id: pl-2_obj.a.13-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.13[02] class: sp800-53a @@ -54242,17 +46756,6 @@ catalog: - id: pl-2_obj.a.14-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-02a.14[01] class: sp800-53a @@ -54266,17 +46769,6 @@ catalog: - id: pl-2_obj.a.14-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-02a.14[02] class: sp800-53a @@ -54300,17 +46792,6 @@ catalog: - id: pl-2_obj.a.15-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.15[01] class: sp800-53a @@ -54323,17 +46804,6 @@ catalog: - id: pl-2_obj.a.15-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-02a.15[02] class: sp800-53a @@ -54352,17 +46822,6 @@ catalog: - id: pl-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-02b. class: sp800-53a @@ -54395,17 +46854,6 @@ catalog: - id: pl-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-02c. class: sp800-53a @@ -54416,17 +46864,6 @@ catalog: - id: pl-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-02d. class: sp800-53a @@ -54470,17 +46907,6 @@ catalog: - id: pl-2_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-02e. class: sp800-53a @@ -54622,6 +47048,9 @@ catalog: - prose: frequency for individuals to read and re-acknowledge the rules of behavior is defined (if selected); props: + - name: label + value: PL-04 + class: zero-padded - name: label value: PL-4 - name: label @@ -54685,9 +47114,6 @@ catalog: - id: pl-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish and provide to individuals requiring access to @@ -54697,9 +47123,6 @@ catalog: - id: pl-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Receive a documented acknowledgment from such individuals, @@ -54709,9 +47132,6 @@ catalog: - id: pl-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Review and update the rules of behavior {{ insert: param,\ @@ -54719,9 +47139,6 @@ catalog: - id: pl-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Require individuals who have acknowledged a previous version\ @@ -54758,17 +47175,6 @@ catalog: - id: pl-4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-04a. class: sp800-53a @@ -54803,17 +47209,6 @@ catalog: - id: pl-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-04b. class: sp800-53a @@ -54827,17 +47222,6 @@ catalog: - id: pl-4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-04c. class: sp800-53a @@ -54849,17 +47233,6 @@ catalog: - id: pl-4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-04d. class: sp800-53a @@ -54944,6 +47317,9 @@ catalog: class: SP800-53-enhancement title: Social Media and External Site/Application Usage Restrictions props: + - name: label + value: PL-04(01) + class: zero-padded - name: label value: PL-4(1) - name: label @@ -54972,9 +47348,6 @@ catalog: - id: pl-4.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Use of social media, social networking sites, and external @@ -54982,9 +47355,6 @@ catalog: - id: pl-4.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Posting organizational information on public websites; @@ -54992,9 +47362,6 @@ catalog: - id: pl-4.1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: Use of organization-provided identifiers (e.g., email @@ -55024,17 +47391,6 @@ catalog: - id: pl-4.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-04(01)(a) class: sp800-53a @@ -55046,17 +47402,6 @@ catalog: - id: pl-4.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-04(01)(b) class: sp800-53a @@ -55068,17 +47413,6 @@ catalog: - id: pl-4.1_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-04(01)(c) class: sp800-53a @@ -55169,6 +47503,9 @@ catalog: - prose: frequency for review and update to reflect changes in the enterprise architecture; props: + - name: label + value: PL-08 + class: zero-padded - name: label value: PL-8 - name: label @@ -55222,9 +47559,6 @@ catalog: - id: pl-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Develop security and privacy architectures for the system\ @@ -55263,9 +47597,6 @@ catalog: - id: pl-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update the architectures {{ insert: param, pl-08_odp\ @@ -55273,9 +47604,6 @@ catalog: - id: pl-8_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Reflect planned architecture changes in security and privacy @@ -55369,17 +47697,6 @@ catalog: - id: pl-8_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08a.01 class: sp800-53a @@ -55392,17 +47709,6 @@ catalog: - id: pl-8_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08a.02 class: sp800-53a @@ -55415,13 +47721,6 @@ catalog: - id: pl-8_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-08a.03 class: sp800-53a @@ -55456,13 +47755,6 @@ catalog: - id: pl-8_obj.a.4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-08a.04 class: sp800-53a @@ -55500,17 +47792,6 @@ catalog: - id: pl-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PL-08b. class: sp800-53a @@ -55530,17 +47811,6 @@ catalog: - id: pl-8_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08c.[01] class: sp800-53a @@ -55552,17 +47822,6 @@ catalog: - id: pl-8_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08c.[02] class: sp800-53a @@ -55574,17 +47833,6 @@ catalog: - id: pl-8_obj.c-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08c.[03] class: sp800-53a @@ -55596,17 +47844,6 @@ catalog: - id: pl-8_obj.c-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08c.[04] class: sp800-53a @@ -55618,17 +47855,6 @@ catalog: - id: pl-8_obj.c-5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08c.[05] class: sp800-53a @@ -55640,17 +47866,6 @@ catalog: - id: pl-8_obj.c-6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-08c.[06] class: sp800-53a @@ -55752,6 +47967,9 @@ catalog: class: SP800-53 title: Baseline Selection props: + - name: label + value: PL-10 + class: zero-padded - name: label value: PL-10 - name: label @@ -55796,10 +48014,6 @@ catalog: parts: - id: pl-10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Select a control baseline for the system. parts: - id: pl-10_fr @@ -55844,13 +48058,6 @@ catalog: - id: pl-10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PL-10 class: sp800-53a @@ -55955,6 +48162,9 @@ catalog: class: SP800-53 title: Baseline Tailoring props: + - name: label + value: PL-11 + class: zero-padded - name: label value: PL-11 - name: label @@ -55999,10 +48209,6 @@ catalog: parts: - id: pl-11_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Tailor the selected control baseline by applying specified tailoring actions. - id: pl-11_gdn @@ -56033,17 +48239,6 @@ catalog: - id: pl-11_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PL-11 class: sp800-53a @@ -56199,6 +48394,9 @@ catalog: - prose: events that would require the personnel security procedures to be reviewed and updated are defined; props: + - name: label + value: PS-01 + class: zero-padded - name: label value: PS-1 - name: label @@ -56234,11 +48432,6 @@ catalog: - id: ps-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -56278,9 +48471,6 @@ catalog: - id: ps-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ps-01_odp.04 }} to manage\ @@ -56289,11 +48479,6 @@ catalog: - id: ps-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current personnel security:" @@ -56353,17 +48538,6 @@ catalog: - id: ps-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-01a.[01] class: sp800-53a @@ -56374,17 +48548,6 @@ catalog: - id: ps-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-01a.[02] class: sp800-53a @@ -56396,13 +48559,6 @@ catalog: - id: ps-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-01a.[03] class: sp800-53a @@ -56415,13 +48571,6 @@ catalog: - id: ps-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-01a.[04] class: sp800-53a @@ -56440,13 +48589,6 @@ catalog: - id: ps-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-01a.01(a) class: sp800-53a @@ -56535,13 +48677,6 @@ catalog: - id: ps-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-01a.01(b) class: sp800-53a @@ -56561,17 +48696,6 @@ catalog: - id: ps-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-01b. class: sp800-53a @@ -56591,17 +48715,6 @@ catalog: - id: ps-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-01c.01 class: sp800-53a @@ -56635,17 +48748,6 @@ catalog: - id: ps-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-01c.02 class: sp800-53a @@ -56736,6 +48838,9 @@ catalog: - prose: the frequency at which to review and update position risk designations is defined; props: + - name: label + value: PS-02 + class: zero-padded - name: label value: PS-2 - name: label @@ -56778,18 +48883,12 @@ catalog: - id: ps-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Assign a risk designation to all organizational positions; - id: ps-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Establish screening criteria for individuals filling those @@ -56797,9 +48896,6 @@ catalog: - id: ps-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Review and update position risk designations {{ insert:\ @@ -56837,17 +48933,6 @@ catalog: - id: ps-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-02a. class: sp800-53a @@ -56858,17 +48943,6 @@ catalog: - id: ps-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-02b. class: sp800-53a @@ -56880,17 +48954,6 @@ catalog: - id: ps-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-02c. class: sp800-53a @@ -56991,6 +49054,9 @@ catalog: - prose: the frequency of rescreening individuals where it is so indicated is defined; props: + - name: label + value: PS-03 + class: zero-padded - name: label value: PS-3 - name: label @@ -57045,9 +49111,6 @@ catalog: - id: ps-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Screen individuals prior to authorizing access to the system; @@ -57055,9 +49118,6 @@ catalog: - id: ps-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Rescreen individuals in accordance with {{ insert: param,\ @@ -57082,17 +49142,6 @@ catalog: - id: ps-3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-03a. class: sp800-53a @@ -57111,17 +49160,6 @@ catalog: - id: ps-3_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-03b.[01] class: sp800-53a @@ -57133,17 +49171,6 @@ catalog: - id: ps-3_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-03b.[02] class: sp800-53a @@ -57216,7 +49243,7 @@ catalog: - id: ps-03.03_odp label: additional personnel screening criteria constraints: - - description: personnel screening criteria - as required by specific + - description: personnel screening criteria – as required by specific information guidelines: - prose: additional personnel screening criteria to be satisfied @@ -57224,6 +49251,9 @@ catalog: transmitting information requiring special protection are defined; props: + - name: label + value: PS-03(03) + class: zero-padded - name: label value: PS-3(3) - name: label @@ -57246,9 +49276,6 @@ catalog: - id: ps-3.3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Have valid access authorizations that are demonstrated @@ -57256,9 +49283,6 @@ catalog: - id: ps-3.3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Satisfy {{ insert: param, ps-03.03_odp }}." @@ -57277,17 +49301,6 @@ catalog: - id: ps-3.3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-03(03)(a) class: sp800-53a @@ -57301,17 +49314,6 @@ catalog: - id: ps-3.3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-03(03)(b) class: sp800-53a @@ -57407,6 +49409,9 @@ catalog: - prose: information security topics to be discussed when conducting exit interviews are defined; props: + - name: label + value: PS-04 + class: zero-padded - name: label value: PS-4 - name: label @@ -57438,9 +49443,6 @@ catalog: - id: ps-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Disable system access within {{ insert: param, ps-04_odp.01\ @@ -57448,9 +49450,6 @@ catalog: - id: ps-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Terminate or revoke any authenticators and credentials associated @@ -57458,9 +49457,6 @@ catalog: - id: ps-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Conduct exit interviews that include a discussion of {{\ @@ -57468,9 +49464,6 @@ catalog: - id: ps-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Retrieve all security-related organizational system-related @@ -57478,9 +49471,6 @@ catalog: - id: ps-4_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Retain access to organizational information and systems formerly @@ -57512,13 +49502,6 @@ catalog: - id: ps-4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-04a. class: sp800-53a @@ -57530,13 +49513,6 @@ catalog: - id: ps-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-04b. class: sp800-53a @@ -57548,17 +49524,6 @@ catalog: - id: ps-4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-04c. class: sp800-53a @@ -57571,17 +49536,6 @@ catalog: - id: ps-4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-04d. class: sp800-53a @@ -57593,17 +49547,6 @@ catalog: - id: ps-4_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-04e. class: sp800-53a @@ -57720,6 +49663,9 @@ catalog: or roles when individuals are reassigned or transferred to other positions within the organization is defined; props: + - name: label + value: PS-05 + class: zero-padded - name: label value: PS-5 - name: label @@ -57750,9 +49696,6 @@ catalog: - id: ps-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Review and confirm ongoing operational need for current logical @@ -57762,9 +49705,6 @@ catalog: - id: ps-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Initiate {{ insert: param, ps-05_odp.01 }} within {{ insert:\ @@ -57772,9 +49712,6 @@ catalog: - id: ps-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Modify access authorization as needed to correspond with @@ -57783,9 +49720,6 @@ catalog: - id: ps-5_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Notify {{ insert: param, ps-05_odp.03 }} within {{ insert:\ @@ -57813,17 +49747,6 @@ catalog: - id: ps-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-05a. class: sp800-53a @@ -57837,17 +49760,6 @@ catalog: - id: ps-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-05b. class: sp800-53a @@ -57859,13 +49771,6 @@ catalog: - id: ps-5_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-05c. class: sp800-53a @@ -57877,17 +49782,6 @@ catalog: - id: ps-5_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-05d. class: sp800-53a @@ -57984,6 +49878,9 @@ catalog: - prose: the frequency at which to re-sign access agreements to maintain access to organizational information is defined; props: + - name: label + value: PS-06 + class: zero-padded - name: label value: PS-6 - name: label @@ -58025,9 +49922,6 @@ catalog: - id: ps-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Develop and document access agreements for organizational @@ -58035,9 +49929,6 @@ catalog: - id: ps-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update the access agreements {{ insert: param,\ @@ -58045,9 +49936,6 @@ catalog: - id: ps-6_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Verify that individuals requiring access to organizational\ @@ -58087,13 +49975,6 @@ catalog: - id: ps-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-06a. class: sp800-53a @@ -58105,17 +49986,6 @@ catalog: - id: ps-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-06b. class: sp800-53a @@ -58134,17 +50004,6 @@ catalog: - id: ps-6_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-06c.01 class: sp800-53a @@ -58157,17 +50016,6 @@ catalog: - id: ps-6_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-06c.02 class: sp800-53a @@ -58289,6 +50137,9 @@ catalog: transfers or terminations of external personnel who possess organizational credentials and/or badges or who have system privileges is defined; props: + - name: label + value: PS-07 + class: zero-padded - name: label value: PS-7 - name: label @@ -58338,9 +50189,6 @@ catalog: - id: ps-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Establish personnel security requirements, including security @@ -58348,9 +50196,6 @@ catalog: - id: ps-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Require external providers to comply with personnel security @@ -58358,18 +50203,12 @@ catalog: - id: ps-7_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Document personnel security requirements; - id: ps-7_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Require external providers to notify {{ insert: param, ps-07_odp.01\ @@ -58380,9 +50219,6 @@ catalog: - id: ps-7_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Monitor provider compliance with personnel security requirements. @@ -58412,17 +50248,6 @@ catalog: - id: ps-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-07a. class: sp800-53a @@ -58434,17 +50259,6 @@ catalog: - id: ps-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-07b. class: sp800-53a @@ -58456,13 +50270,6 @@ catalog: - id: ps-7_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-07c. class: sp800-53a @@ -58473,17 +50280,6 @@ catalog: - id: ps-7_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-07d. class: sp800-53a @@ -58498,17 +50294,6 @@ catalog: - id: ps-7_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-07e. class: sp800-53a @@ -58612,6 +50397,9 @@ catalog: or roles must be notified when a formal employee sanctions process is initiated is defined; props: + - name: label + value: PS-08 + class: zero-padded - name: label value: PS-8 - name: label @@ -58638,9 +50426,6 @@ catalog: - id: ps-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Employ a formal sanctions process for individuals failing @@ -58649,9 +50434,6 @@ catalog: - id: ps-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Notify {{ insert: param, ps-08_odp.01 }} within {{ insert:\ @@ -58676,17 +50458,6 @@ catalog: - id: ps-8_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: PS-08a. class: sp800-53a @@ -58699,17 +50470,6 @@ catalog: - id: ps-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: PS-08b. class: sp800-53a @@ -58807,6 +50567,9 @@ catalog: class: SP800-53 title: Position Descriptions props: + - name: label + value: PS-09 + class: zero-padded - name: label value: PS-9 - name: label @@ -58823,10 +50586,6 @@ catalog: parts: - id: ps-9_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Incorporate security and privacy roles and responsibilities into organizational position descriptions. - id: ps-9_gdn @@ -58838,13 +50597,6 @@ catalog: - id: ps-9_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: PS-09 class: sp800-53a @@ -58993,6 +50745,9 @@ catalog: - prose: events that would require risk assessment procedures to be reviewed and updated are defined; props: + - name: label + value: RA-01 + class: zero-padded - name: label value: RA-1 - name: label @@ -59030,11 +50785,6 @@ catalog: - id: ra-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -59074,9 +50824,6 @@ catalog: - id: ra-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, ra-01_odp.04 }} to manage\ @@ -59085,11 +50832,6 @@ catalog: - id: ra-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current risk assessment:" @@ -59149,17 +50891,6 @@ catalog: - id: ra-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-01a.[01] class: sp800-53a @@ -59170,17 +50901,6 @@ catalog: - id: ra-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-01a.[02] class: sp800-53a @@ -59192,13 +50912,6 @@ catalog: - id: ra-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-01a.[03] class: sp800-53a @@ -59211,13 +50924,6 @@ catalog: - id: ra-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-01a.[04] class: sp800-53a @@ -59236,13 +50942,6 @@ catalog: - id: ra-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-01a.01(a) class: sp800-53a @@ -59331,13 +51030,6 @@ catalog: - id: ra-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-01a.01(b) class: sp800-53a @@ -59357,17 +51049,6 @@ catalog: - id: ra-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-01b. class: sp800-53a @@ -59387,17 +51068,6 @@ catalog: - id: ra-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-01c.01 class: sp800-53a @@ -59430,17 +51100,6 @@ catalog: - id: ra-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-01c.02 class: sp800-53a @@ -59517,6 +51176,9 @@ catalog: class: SP800-53 title: Security Categorization props: + - name: label + value: RA-02 + class: zero-padded - name: label value: RA-2 - name: label @@ -59583,9 +51245,6 @@ catalog: - id: ra-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Categorize the system and information it processes, stores, @@ -59593,9 +51252,6 @@ catalog: - id: ra-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Document the security categorization results, including supporting @@ -59603,9 +51259,6 @@ catalog: - id: ra-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Verify that the authorizing official or authorizing official @@ -59655,13 +51308,6 @@ catalog: - id: ra-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-02a. class: sp800-53a @@ -59673,13 +51319,6 @@ catalog: - id: ra-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-02b. class: sp800-53a @@ -59691,17 +51330,6 @@ catalog: - id: ra-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-02c. class: sp800-53a @@ -59812,6 +51440,9 @@ catalog: guidelines: - prose: the frequency to update the risk assessment is defined; props: + - name: label + value: RA-03 + class: zero-padded - name: label value: RA-3 - name: label @@ -59899,9 +51530,6 @@ catalog: - id: ra-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Conduct a risk assessment, including:" @@ -59932,9 +51560,6 @@ catalog: - id: ra-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Integrate risk assessment results and risk management decisions @@ -59943,9 +51568,6 @@ catalog: - id: ra-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Document risk assessment results in {{ insert: param, ra-03_odp.01\ @@ -59953,9 +51575,6 @@ catalog: - id: ra-3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Review risk assessment results {{ insert: param, ra-03_odp.03\ @@ -59963,9 +51582,6 @@ catalog: - id: ra-3_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: "Disseminate risk assessment results to {{ insert: param,\ @@ -59973,9 +51589,6 @@ catalog: - id: ra-3_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: "Update the risk assessment {{ insert: param, ra-03_odp.05\ @@ -60046,17 +51659,6 @@ catalog: - id: ra-3_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-03a.01 class: sp800-53a @@ -60068,17 +51670,6 @@ catalog: - id: ra-3_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-03a.02 class: sp800-53a @@ -60093,17 +51684,6 @@ catalog: - id: ra-3_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-03a.03 class: sp800-53a @@ -60119,17 +51699,6 @@ catalog: - id: ra-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-03b. class: sp800-53a @@ -60142,13 +51711,6 @@ catalog: - id: ra-3_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: RA-03c. class: sp800-53a @@ -60160,17 +51722,6 @@ catalog: - id: ra-3_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-03d. class: sp800-53a @@ -60182,17 +51733,6 @@ catalog: - id: ra-3_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-03e. class: sp800-53a @@ -60204,17 +51744,6 @@ catalog: - id: ra-3_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-03f. class: sp800-53a @@ -60311,6 +51840,9 @@ catalog: - prose: the frequency at which to update the supply chain risk assessment is defined; props: + - name: label + value: RA-03(01) + class: zero-padded - name: label value: RA-3(1) - name: label @@ -60344,9 +51876,6 @@ catalog: - id: ra-3.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Assess supply chain risks associated with {{ insert:\ @@ -60354,9 +51883,6 @@ catalog: - id: ra-3.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Update the supply chain risk assessment {{ insert: param,\ @@ -60389,17 +51915,6 @@ catalog: - id: ra-3.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-03(01)(a) class: sp800-53a @@ -60411,17 +51926,6 @@ catalog: - id: ra-3.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-03(01)(b) class: sp800-53a @@ -60565,9 +52069,9 @@ catalog: vulnerability scanning process and control assessments is to be shared; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: RA-05 + class: zero-padded - name: label value: RA-5 - name: label @@ -60641,9 +52145,6 @@ catalog: - id: ra-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Monitor and scan for vulnerabilities in the system and hosted\ @@ -60652,9 +52153,6 @@ catalog: - id: ra-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Employ vulnerability monitoring tools and techniques that\ @@ -60682,9 +52180,6 @@ catalog: - id: ra-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Analyze vulnerability scan reports and results from vulnerability @@ -60692,9 +52187,6 @@ catalog: - id: ra-5_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Remediate legitimate vulnerabilities {{ insert: param, ra-05_odp.03\ @@ -60702,9 +52194,6 @@ catalog: - id: ra-5_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: "Share information obtained from the vulnerability monitoring\ @@ -60714,9 +52203,6 @@ catalog: - id: ra-5_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: Employ vulnerability monitoring tools that include the capability @@ -60787,12 +52273,12 @@ catalog: Warnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports - a \"warning\" as part of the compliance scanning of a CSO, - follow guidance surrounding the tracking of compliance findings - during either the assessment phases (initial assessment, annual - assessment or any SCR) or monthly continuous monitoring as - it applies. Guidance on compliance scan findings can be found - by searching on \"Tracking of Compliance Scans\" in FAQs. + a “warning” as part of the compliance scanning of a CSO, follow + guidance surrounding the tracking of compliance findings during + either the assessment phases (initial assessment, annual assessment + or any SCR) or monthly continuous monitoring as it applies. + Guidance on compliance scan findings can be found by searching + on “Tracking of Compliance Scans” in FAQs. - id: ra-5_gdn name: guidance prose: >- @@ -60870,17 +52356,6 @@ catalog: - id: ra-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05a. class: sp800-53a @@ -60915,17 +52390,6 @@ catalog: - id: ra-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-05b. class: sp800-53a @@ -60935,17 +52399,6 @@ catalog: - id: ra-5_obj.b.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05b.01 class: sp800-53a @@ -60959,17 +52412,6 @@ catalog: - id: ra-5_obj.b.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05b.02 class: sp800-53a @@ -60983,17 +52425,6 @@ catalog: - id: ra-5_obj.b.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05b.03 class: sp800-53a @@ -61010,17 +52441,6 @@ catalog: - id: ra-5_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05c. class: sp800-53a @@ -61032,17 +52452,6 @@ catalog: - id: ra-5_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05d. class: sp800-53a @@ -61055,17 +52464,6 @@ catalog: - id: ra-5_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05e. class: sp800-53a @@ -61078,17 +52476,6 @@ catalog: - id: ra-5_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05f. class: sp800-53a @@ -61201,9 +52588,9 @@ catalog: - prose: the frequency for updating the system vulnerabilities to be scanned is defined (if selected); props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: RA-05(02) + class: zero-padded - name: label value: RA-5(2) - name: label @@ -61225,10 +52612,6 @@ catalog: parts: - id: ra-5.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Update the system vulnerabilities to be scanned {{ insert:\ \ param, ra-05.02_odp.01 }}." - id: ra-5.2_gdn @@ -61242,17 +52625,6 @@ catalog: - id: ra-5.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05(02) class: sp800-53a @@ -61338,9 +52710,9 @@ catalog: class: SP800-53-enhancement title: Breadth and Depth of Coverage props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: RA-05(03) + class: zero-padded - name: label value: RA-5(3) - name: label @@ -61360,10 +52732,6 @@ catalog: parts: - id: ra-5.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Define the breadth and depth of vulnerability scanning coverage. - id: ra-5.3_gdn name: guidance @@ -61382,17 +52750,6 @@ catalog: - id: ra-5.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05(03) class: sp800-53a @@ -61490,6 +52847,9 @@ catalog: - prose: vulnerability scanning activities selected for privileged access authorization to system components are defined; props: + - name: label + value: RA-05(05) + class: zero-padded - name: label value: RA-5(5) - name: label @@ -61509,10 +52869,6 @@ catalog: parts: - id: ra-5.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement privileged access authorization to {{ insert:\ \ param, ra-05.05_odp.01 }} for {{ insert: param, ra-05.05_odp.02\ \ }}." @@ -61528,17 +52884,6 @@ catalog: - id: ra-5.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05(05) class: sp800-53a @@ -61646,6 +52991,9 @@ catalog: class: SP800-53-enhancement title: Public Disclosure Program props: + - name: label + value: RA-05(11) + class: zero-padded - name: label value: RA-5(11) - name: label @@ -61665,10 +53013,6 @@ catalog: parts: - id: ra-5.11_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Establish a public reporting channel for receiving reports of vulnerabilities in organizational systems and system components. - id: ra-5.11_gdn @@ -61682,17 +53026,6 @@ catalog: - id: ra-5.11_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-05(11) class: sp800-53a @@ -61786,6 +53119,9 @@ catalog: class: SP800-53 title: Risk Response props: + - name: label + value: RA-07 + class: zero-padded - name: label value: RA-7 - name: label @@ -61829,10 +53165,6 @@ catalog: parts: - id: ra-7_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Respond to findings from security and privacy assessments, monitoring, and audits in accordance with organizational risk tolerance. - id: ra-7_gdn @@ -61852,17 +53184,6 @@ catalog: - id: ra-7_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: RA-07 class: sp800-53a @@ -61989,6 +53310,9 @@ catalog: - prose: decision points in the system development life cycle when a criticality analysis is to be performed are defined; props: + - name: label + value: RA-09 + class: zero-padded - name: label value: RA-9 - name: label @@ -62027,10 +53351,6 @@ catalog: parts: - id: ra-9_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Identify critical system components and functions by performing\ \ a criticality analysis for {{ insert: param, ra-09_odp.01 }} at\ \ {{ insert: param, ra-09_odp.02 }}." @@ -62080,17 +53400,6 @@ catalog: - id: ra-9_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: RA-09 class: sp800-53a @@ -62230,6 +53539,9 @@ catalog: - prose: events that would require the system and services acquisition procedures to be reviewed and updated are defined; props: + - name: label + value: SA-01 + class: zero-padded - name: label value: SA-1 - name: label @@ -62271,11 +53583,6 @@ catalog: - id: sa-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -62316,9 +53623,6 @@ catalog: - id: sa-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, sa-01_odp.04 }} to manage\ @@ -62327,11 +53631,6 @@ catalog: - id: sa-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current system and services acquisition:" @@ -62392,17 +53691,6 @@ catalog: - id: sa-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-01a.[01] class: sp800-53a @@ -62414,17 +53702,6 @@ catalog: - id: sa-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-01a.[02] class: sp800-53a @@ -62436,13 +53713,6 @@ catalog: - id: sa-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-01a.[03] class: sp800-53a @@ -62456,13 +53726,6 @@ catalog: - id: sa-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-01a.[04] class: sp800-53a @@ -62481,13 +53744,6 @@ catalog: - id: sa-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-01a.01(a) class: sp800-53a @@ -62577,13 +53833,6 @@ catalog: - id: sa-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-01a.01(b) class: sp800-53a @@ -62603,17 +53852,6 @@ catalog: - id: sa-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-01b. class: sp800-53a @@ -62633,17 +53871,6 @@ catalog: - id: sa-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-01c.01 class: sp800-53a @@ -62677,17 +53904,6 @@ catalog: - id: sa-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-01c.02 class: sp800-53a @@ -62777,6 +53993,9 @@ catalog: class: SP800-53 title: Allocation of Resources props: + - name: label + value: SA-02 + class: zero-padded - name: label value: SA-2 - name: label @@ -62816,9 +54035,6 @@ catalog: - id: sa-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Determine the high-level information security and privacy @@ -62827,9 +54043,6 @@ catalog: - id: sa-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Determine, document, and allocate the resources required @@ -62838,9 +54051,6 @@ catalog: - id: sa-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Establish a discrete line item for information security and @@ -62867,17 +54077,6 @@ catalog: - id: sa-2_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-02a.[01] class: sp800-53a @@ -62890,17 +54089,6 @@ catalog: - id: sa-2_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-02a.[02] class: sp800-53a @@ -62923,17 +54111,6 @@ catalog: - id: sa-2_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-02b.[01] class: sp800-53a @@ -62946,17 +54123,6 @@ catalog: - id: sa-2_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-02b.[02] class: sp800-53a @@ -62979,17 +54145,6 @@ catalog: - id: sa-2_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-02c.[01] class: sp800-53a @@ -63001,17 +54156,6 @@ catalog: - id: sa-2_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-02c.[02] class: sp800-53a @@ -63120,6 +54264,9 @@ catalog: guidelines: - prose: system development life cycle is defined; props: + - name: label + value: SA-03 + class: zero-padded - name: label value: SA-3 - name: label @@ -63181,9 +54328,6 @@ catalog: - id: sa-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Acquire, develop, and manage the system using {{ insert:\ @@ -63192,9 +54336,6 @@ catalog: - id: sa-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Define and document information security and privacy roles @@ -63202,9 +54343,6 @@ catalog: - id: sa-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Identify individuals having information security and privacy @@ -63212,9 +54350,6 @@ catalog: - id: sa-3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Integrate the organizational information security and privacy @@ -63274,17 +54409,6 @@ catalog: - id: sa-3_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03a.[01] class: sp800-53a @@ -63297,17 +54421,6 @@ catalog: - id: sa-3_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03a.[02] class: sp800-53a @@ -63330,17 +54443,6 @@ catalog: - id: sa-3_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03b.[01] class: sp800-53a @@ -63352,17 +54454,6 @@ catalog: - id: sa-3_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03b.[02] class: sp800-53a @@ -63384,17 +54475,6 @@ catalog: - id: sa-3_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03c.[01] class: sp800-53a @@ -63406,17 +54486,6 @@ catalog: - id: sa-3_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03c.[02] class: sp800-53a @@ -63438,17 +54507,6 @@ catalog: - id: sa-3_obj.d-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03d.[01] class: sp800-53a @@ -63460,17 +54518,6 @@ catalog: - id: sa-3_obj.d-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-03d.[02] class: sp800-53a @@ -63598,6 +54645,9 @@ catalog: guidelines: - prose: contract language is defined (if selected); props: + - name: label + value: SA-04 + class: zero-padded - name: label value: SA-4 - name: label @@ -63693,63 +54743,42 @@ catalog: - id: sa-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Security and privacy functional requirements; - id: sa-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Strength of mechanism requirements; - id: sa-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Security and privacy assurance requirements; - id: sa-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Controls needed to satisfy the security and privacy requirements. - id: sa-4_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Security and privacy documentation requirements; - id: sa-4_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: Requirements for protecting security and privacy documentation; - id: sa-4_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: Description of the system development environment and environment @@ -63757,9 +54786,6 @@ catalog: - id: sa-4_smt.h name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: h. prose: Allocation of responsibility or identification of parties @@ -63768,9 +54794,6 @@ catalog: - id: sa-4_smt.i name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: i. prose: Acceptance criteria. @@ -63862,39 +54885,6 @@ catalog: - id: sa-4_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04a.[01] class: sp800-53a @@ -63908,39 +54898,6 @@ catalog: - id: sa-4_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04a.[02] class: sp800-53a @@ -63957,17 +54914,6 @@ catalog: - id: sa-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04b. class: sp800-53a @@ -64055,17 +55001,6 @@ catalog: - id: sa-4_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04e. class: sp800-53a @@ -64102,17 +55037,6 @@ catalog: - id: sa-4_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04f. class: sp800-53a @@ -64150,17 +55074,6 @@ catalog: - id: sa-4_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04g. class: sp800-53a @@ -64175,17 +55088,6 @@ catalog: - id: sa-4_obj.h name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04h. class: sp800-53a @@ -64237,17 +55139,6 @@ catalog: - id: sa-4_obj.i name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04i. class: sp800-53a @@ -64354,6 +55245,9 @@ catalog: class: SP800-53-enhancement title: Functional Properties of Controls props: + - name: label + value: SA-04(01) + class: zero-padded - name: label value: SA-4(1) - name: label @@ -64373,10 +55267,6 @@ catalog: parts: - id: sa-4.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Require the developer of the system, system component, or system service to provide a description of the functional properties of the controls to be implemented. @@ -64390,17 +55280,6 @@ catalog: - id: sa-4.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04(01) class: sp800-53a @@ -64519,6 +55398,9 @@ catalog: guidelines: - prose: level of detail is defined; props: + - name: label + value: SA-04(02) + class: zero-padded - name: label value: SA-4(2) - name: label @@ -64538,10 +55420,6 @@ catalog: parts: - id: sa-4.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Require the developer of the system, system component, or\ \ system service to provide design and implementation information\ \ for the controls that includes: {{ insert: param, sa-04.02_odp.01\ @@ -64567,17 +55445,6 @@ catalog: - id: sa-4.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04(02) class: sp800-53a @@ -64677,6 +55544,9 @@ catalog: class: SP800-53-enhancement title: Functions, Ports, Protocols, and Services in Use props: + - name: label + value: SA-04(09) + class: zero-padded - name: label value: SA-4(9) - name: label @@ -64700,10 +55570,6 @@ catalog: parts: - id: sa-4.9_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Require the developer of the system, system component, or system service to identify the functions, ports, protocols, and services intended for organizational use. @@ -64727,17 +55593,6 @@ catalog: - id: sa-4.9_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04(09) class: sp800-53a @@ -64874,6 +55729,9 @@ catalog: class: SP800-53-enhancement title: Use of Approved PIV Products props: + - name: label + value: SA-04(10) + class: zero-padded - name: label value: SA-4(10) - name: label @@ -64899,10 +55757,6 @@ catalog: parts: - id: sa-4.10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ only information technology products on the FIPS 201-approved products list for Personal Identity Verification (PIV) capability implemented within organizational systems. @@ -64915,17 +55769,6 @@ catalog: - id: sa-4.10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-04(10) class: sp800-53a @@ -65034,6 +55877,9 @@ catalog: - prose: personnel or roles to distribute system documentation to is/are defined; props: + - name: label + value: SA-05 + class: zero-padded - name: label value: SA-5 - name: label @@ -65095,9 +55941,6 @@ catalog: - id: sa-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Obtain or develop administrator documentation for the system,\ @@ -65127,9 +55970,6 @@ catalog: - id: sa-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Obtain or develop user documentation for the system, system\ @@ -65160,9 +56000,6 @@ catalog: - id: sa-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Document attempts to obtain system, system component, or\ @@ -65172,9 +56009,6 @@ catalog: - id: sa-5_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: "Distribute documentation to {{ insert: param, sa-05_odp.02\ @@ -65216,17 +56050,6 @@ catalog: - id: sa-5_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05a.01 class: sp800-53a @@ -65283,17 +56106,6 @@ catalog: - id: sa-5_obj.a.2-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05a.02[01] class: sp800-53a @@ -65307,17 +56119,6 @@ catalog: - id: sa-5_obj.a.2-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05a.02[02] class: sp800-53a @@ -65331,17 +56132,6 @@ catalog: - id: sa-5_obj.a.2-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05a.02[03] class: sp800-53a @@ -65355,17 +56145,6 @@ catalog: - id: sa-5_obj.a.2-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05a.02[04] class: sp800-53a @@ -65382,17 +56161,6 @@ catalog: - id: sa-5_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05a.03 class: sp800-53a @@ -65446,17 +56214,6 @@ catalog: - id: sa-5_obj.b.1-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.01[01] class: sp800-53a @@ -65469,17 +56226,6 @@ catalog: - id: sa-5_obj.b.1-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.01[02] class: sp800-53a @@ -65493,17 +56239,6 @@ catalog: - id: sa-5_obj.b.1-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.01[03] class: sp800-53a @@ -65516,17 +56251,6 @@ catalog: - id: sa-5_obj.b.1-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.01[04] class: sp800-53a @@ -65550,17 +56274,6 @@ catalog: - id: sa-5_obj.b.2-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.02[01] class: sp800-53a @@ -65574,17 +56287,6 @@ catalog: - id: sa-5_obj.b.2-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.02[02] class: sp800-53a @@ -65609,17 +56311,6 @@ catalog: - id: sa-5_obj.b.3-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.03[01] class: sp800-53a @@ -65633,17 +56324,6 @@ catalog: - id: sa-5_obj.b.3-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-05b.03[02] class: sp800-53a @@ -65670,17 +56350,6 @@ catalog: - id: sa-5_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-05c.[01] class: sp800-53a @@ -65693,17 +56362,6 @@ catalog: - id: sa-5_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-05c.[02] class: sp800-53a @@ -65720,17 +56378,6 @@ catalog: - id: sa-5_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-05d. class: sp800-53a @@ -65850,6 +56497,9 @@ catalog: guidelines: - prose: privacy engineering principles are defined; props: + - name: label + value: SA-08 + class: zero-padded - name: label value: SA-8 - name: label @@ -65923,10 +56573,6 @@ catalog: parts: - id: sa-8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Apply the following systems security and privacy engineering\ \ principles in the specification, design, development, implementation,\ \ and modification of the system and system components: {{ insert:\ @@ -65977,17 +56623,6 @@ catalog: - id: sa-8_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[01] class: sp800-53a @@ -65999,17 +56634,6 @@ catalog: - id: sa-8_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[02] class: sp800-53a @@ -66021,17 +56645,6 @@ catalog: - id: sa-8_obj-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[03] class: sp800-53a @@ -66043,17 +56656,6 @@ catalog: - id: sa-8_obj-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[04] class: sp800-53a @@ -66065,17 +56667,6 @@ catalog: - id: sa-8_obj-5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-08[05] class: sp800-53a @@ -66087,17 +56678,6 @@ catalog: - id: sa-8_obj-6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-08[06] class: sp800-53a @@ -66109,17 +56689,6 @@ catalog: - id: sa-8_obj-7 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-08[07] class: sp800-53a @@ -66131,17 +56700,6 @@ catalog: - id: sa-8_obj-8 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-08[08] class: sp800-53a @@ -66153,17 +56711,6 @@ catalog: - id: sa-8_obj-9 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-08[09] class: sp800-53a @@ -66175,17 +56722,6 @@ catalog: - id: sa-8_obj-10 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-08[10] class: sp800-53a @@ -66310,9 +56846,9 @@ catalog: - prose: processes, methods, and techniques employed to monitor control compliance by external service providers are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SA-09 + class: zero-padded - name: label value: SA-9 - name: label @@ -66368,9 +56904,6 @@ catalog: - id: sa-9_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Require that providers of external system services comply\ @@ -66379,9 +56912,6 @@ catalog: - id: sa-9_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Define and document organizational oversight and user roles @@ -66390,9 +56920,6 @@ catalog: - id: sa-9_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Employ the following processes, methods, and techniques\ @@ -66438,17 +56965,6 @@ catalog: - id: sa-9_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-09a.[01] class: sp800-53a @@ -66460,17 +56976,6 @@ catalog: - id: sa-9_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-09a.[02] class: sp800-53a @@ -66482,13 +56987,6 @@ catalog: - id: sa-9_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-09a.[03] class: sp800-53a @@ -66510,13 +57008,6 @@ catalog: - id: sa-9_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-09b.[01] class: sp800-53a @@ -66528,13 +57019,6 @@ catalog: - id: sa-9_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SA-09b.[02] class: sp800-53a @@ -66549,17 +57033,6 @@ catalog: - id: sa-9_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-09c. class: sp800-53a @@ -66680,6 +57153,9 @@ catalog: - prose: personnel or roles that approve the acquisition or outsourcing of dedicated information security services is/are defined; props: + - name: label + value: SA-09(01) + class: zero-padded - name: label value: SA-9(1) - name: label @@ -66709,9 +57185,6 @@ catalog: - id: sa-9.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Conduct an organizational assessment of risk prior to @@ -66720,9 +57193,6 @@ catalog: - id: sa-9.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Verify that the acquisition or outsourcing of dedicated\ @@ -66745,17 +57215,6 @@ catalog: - id: sa-9.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-09(01)(a) class: sp800-53a @@ -66768,17 +57227,6 @@ catalog: - id: sa-9.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-09(01)(b) class: sp800-53a @@ -66897,6 +57345,9 @@ catalog: - prose: external system services that require the identification of functions, ports, protocols, and other services are defined; props: + - name: label + value: SA-09(02) + class: zero-padded - name: label value: SA-9(2) - name: label @@ -66920,10 +57371,6 @@ catalog: parts: - id: sa-9.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Require providers of the following external system services\ \ to identify the functions, ports, protocols, and other services\ \ required for the use of such services: {{ insert: param, sa-09.02_odp\ @@ -66938,17 +57385,6 @@ catalog: - id: sa-9.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-09(02) class: sp800-53a @@ -67051,6 +57487,9 @@ catalog: - prose: "requirements or conditions for restricting the location\ \ of {{ insert: param, sa-09.05_odp.01 }} are defined;" props: + - name: label + value: SA-09(05) + class: zero-padded - name: label value: SA-9(5) - name: label @@ -67074,10 +57513,6 @@ catalog: parts: - id: sa-9.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Restrict the location of {{ insert: param, sa-09.05_odp.01\ \ }} to {{ insert: param, sa-09.05_odp.02 }} based on {{ insert:\ \ param, sa-09.05_odp.03 }}." @@ -67101,17 +57536,6 @@ catalog: - id: sa-9.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-09(05) class: sp800-53a @@ -67241,6 +57665,9 @@ catalog: - prose: personnel to whom security flaws and flaw resolutions within the system, component, or service are reported is/are defined; props: + - name: label + value: SA-10 + class: zero-padded - name: label value: SA-10 - name: label @@ -67302,9 +57729,6 @@ catalog: - id: sa-10_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Perform configuration management during system, component,\ @@ -67312,9 +57736,6 @@ catalog: - id: sa-10_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Document, manage, and control the integrity of changes to\ @@ -67322,9 +57743,6 @@ catalog: - id: sa-10_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Implement only organization-approved changes to the system, @@ -67332,9 +57750,6 @@ catalog: - id: sa-10_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Document approved changes to the system, component, or service @@ -67343,9 +57758,6 @@ catalog: - id: sa-10_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: "Track security flaws and flaw resolution within the system,\ @@ -67400,17 +57812,6 @@ catalog: - id: sa-10_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-10a. class: sp800-53a @@ -67424,21 +57825,6 @@ catalog: - id: sa-10_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-10b. class: sp800-53a @@ -67485,17 +57871,6 @@ catalog: - id: sa-10_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-10c. class: sp800-53a @@ -67508,17 +57883,6 @@ catalog: - id: sa-10_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-10d. class: sp800-53a @@ -67565,17 +57929,6 @@ catalog: - id: sa-10_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-10e. class: sp800-53a @@ -67736,6 +58089,9 @@ catalog: - prose: "depth and coverage of {{ insert: param, sa-11_odp.01 }}\ \ testing/evaluation is defined;" props: + - name: label + value: SA-11 + class: zero-padded - name: label value: SA-11 - name: label @@ -67796,9 +58152,6 @@ catalog: - id: sa-11_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Develop and implement a plan for ongoing security and privacy @@ -67806,9 +58159,6 @@ catalog: - id: sa-11_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Perform {{ insert: param, sa-11_odp.01 }} testing/evaluation\ @@ -67817,9 +58167,6 @@ catalog: - id: sa-11_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Produce evidence of the execution of the assessment plan @@ -67827,18 +58174,12 @@ catalog: - id: sa-11_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Implement a verifiable flaw remediation process; and - id: sa-11_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Correct flaws identified during testing and evaluation. @@ -67897,21 +58238,6 @@ catalog: - id: sa-11_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11a.[01] class: sp800-53a @@ -67925,21 +58251,6 @@ catalog: - id: sa-11_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11a.[02] class: sp800-53a @@ -67953,21 +58264,6 @@ catalog: - id: sa-11_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11a.[03] class: sp800-53a @@ -67980,21 +58276,6 @@ catalog: - id: sa-11_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11a.[04] class: sp800-53a @@ -68011,17 +58292,6 @@ catalog: - id: sa-11_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11b. class: sp800-53a @@ -68036,17 +58306,6 @@ catalog: - id: sa-11_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-11c. class: sp800-53a @@ -68083,17 +58342,6 @@ catalog: - id: sa-11_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11d. class: sp800-53a @@ -68106,17 +58354,6 @@ catalog: - id: sa-11_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11e. class: sp800-53a @@ -68243,9 +58480,9 @@ catalog: class: SP800-53-enhancement title: Static Code Analysis props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SA-11(01) + class: zero-padded - name: label value: SA-11(1) - name: label @@ -68265,10 +58502,6 @@ catalog: parts: - id: sa-11.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Require the developer of the system, system component, or system service to employ static code analysis tools to identify common flaws and document the results of the analysis. @@ -68313,17 +58546,6 @@ catalog: - id: sa-11.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(01) class: sp800-53a @@ -68509,6 +58731,9 @@ catalog: - prose: acceptance criteria to be met by produced evidence for vulnerability analyses are defined; props: + - name: label + value: SA-11(02) + class: zero-padded - name: label value: SA-11(2) - name: label @@ -68542,9 +58767,6 @@ catalog: - id: sa-11.2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Uses the following contextual information: {{ insert:\ @@ -68552,9 +58774,6 @@ catalog: - id: sa-11.2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Employs the following tools and methods: {{ insert:\ @@ -68562,9 +58781,6 @@ catalog: - id: sa-11.2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: "Conducts the modeling and analyses at the following\ @@ -68572,9 +58788,6 @@ catalog: - id: sa-11.2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (d) prose: "Produces evidence that meets the following acceptance\ @@ -68609,17 +58822,6 @@ catalog: - id: sa-11.2_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(a)[01] class: sp800-53a @@ -68633,17 +58835,6 @@ catalog: - id: sa-11.2_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(a)[02] class: sp800-53a @@ -68658,17 +58849,6 @@ catalog: - id: sa-11.2_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(a)[03] class: sp800-53a @@ -68683,17 +58863,6 @@ catalog: - id: sa-11.2_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(a)[04] class: sp800-53a @@ -68718,17 +58887,6 @@ catalog: - id: sa-11.2_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(b)[01] class: sp800-53a @@ -68742,17 +58900,6 @@ catalog: - id: sa-11.2_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(b)[02] class: sp800-53a @@ -68767,17 +58914,6 @@ catalog: - id: sa-11.2_obj.b-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(b)[03] class: sp800-53a @@ -68792,17 +58928,6 @@ catalog: - id: sa-11.2_obj.b-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(b)[04] class: sp800-53a @@ -68827,17 +58952,6 @@ catalog: - id: sa-11.2_obj.c-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(c)[01] class: sp800-53a @@ -68851,17 +58965,6 @@ catalog: - id: sa-11.2_obj.c-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-11(02)(c)[02] class: sp800-53a @@ -68886,17 +58989,6 @@ catalog: - id: sa-11.2_obj.d-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-11(02)(d)[01] class: sp800-53a @@ -68911,17 +59003,6 @@ catalog: - id: sa-11.2_obj.d-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-11(02)(d)[02] class: sp800-53a @@ -68936,17 +59017,6 @@ catalog: - id: sa-11.2_obj.d-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-11(02)(d)[03] class: sp800-53a @@ -68961,17 +59031,6 @@ catalog: - id: sa-11.2_obj.d-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-11(02)(d)[04] class: sp800-53a @@ -69114,6 +59173,9 @@ catalog: - prose: privacy requirements to be satisfied by the process, standards, tools, tool options, and tool configurations are defined; props: + - name: label + value: SA-15 + class: zero-padded - name: label value: SA-15 - name: label @@ -69161,9 +59223,6 @@ catalog: - id: sa-15_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Require the developer of the system, system component, or\ @@ -69199,9 +59258,6 @@ catalog: - id: sa-15_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review the development process, standards, tools, tool options,\ @@ -69243,17 +59299,6 @@ catalog: - id: sa-15_obj.a.1-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-15a.01[01] class: sp800-53a @@ -69266,17 +59311,6 @@ catalog: - id: sa-15_obj.a.1-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-15a.01[02] class: sp800-53a @@ -69292,17 +59326,6 @@ catalog: - id: sa-15_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-15a.02 class: sp800-53a @@ -69339,17 +59362,6 @@ catalog: - id: sa-15_obj.a.3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-15a.03 class: sp800-53a @@ -69386,21 +59398,6 @@ catalog: - id: sa-15_obj.a.4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-15a.04 class: sp800-53a @@ -69424,17 +59421,6 @@ catalog: - id: sa-15_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-15b.[01] class: sp800-53a @@ -69451,17 +59437,6 @@ catalog: - id: sa-15_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-15b.[02] class: sp800-53a @@ -69600,6 +59575,9 @@ catalog: guidelines: - prose: the depth of criticality analysis is defined; props: + - name: label + value: SA-15(03) + class: zero-padded - name: label value: SA-15(3) - name: label @@ -69627,9 +59605,6 @@ catalog: - id: sa-15.3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "At the following decision points in the system development\ @@ -69637,9 +59612,6 @@ catalog: - id: sa-15.3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "At the following level of rigor: {{ insert: param, sa-15.3_prm_2\ @@ -69662,17 +59634,6 @@ catalog: - id: sa-15.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-15(03) class: sp800-53a @@ -69841,6 +59802,9 @@ catalog: guidelines: - prose: support from external providers is defined (if selected); props: + - name: label + value: SA-22 + class: zero-padded - name: label value: SA-22 - name: label @@ -69866,9 +59830,6 @@ catalog: - id: sa-22_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Replace system components when support for the components @@ -69877,9 +59838,6 @@ catalog: - id: sa-22_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Provide the following options for alternative sources for\ @@ -69924,17 +59882,6 @@ catalog: - id: sa-22_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SA-22a. class: sp800-53a @@ -69946,17 +59893,6 @@ catalog: - id: sa-22_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SA-22b. class: sp800-53a @@ -70102,6 +60038,9 @@ catalog: - prose: events that would require the system and communications protection procedures to be reviewed and updated are defined; props: + - name: label + value: SC-01 + class: zero-padded - name: label value: SC-1 - name: label @@ -70137,11 +60076,6 @@ catalog: - id: sc-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -70182,9 +60116,6 @@ catalog: - id: sc-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, sc-01_odp.04 }} to manage\ @@ -70193,11 +60124,6 @@ catalog: - id: sc-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current system and communications\ @@ -70259,17 +60185,6 @@ catalog: - id: sc-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-01a.[01] class: sp800-53a @@ -70281,17 +60196,6 @@ catalog: - id: sc-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-01a.[02] class: sp800-53a @@ -70303,13 +60207,6 @@ catalog: - id: sc-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SC-01a.[03] class: sp800-53a @@ -70323,13 +60220,6 @@ catalog: - id: sc-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SC-01a.[04] class: sp800-53a @@ -70348,13 +60238,6 @@ catalog: - id: sc-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SC-01a.01(a) class: sp800-53a @@ -70444,13 +60327,6 @@ catalog: - id: sc-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SC-01a.01(b) class: sp800-53a @@ -70470,17 +60346,6 @@ catalog: - id: sc-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-01b. class: sp800-53a @@ -70500,17 +60365,6 @@ catalog: - id: sc-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-01c.01 class: sp800-53a @@ -70545,17 +60399,6 @@ catalog: - id: sc-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-01c.02 class: sp800-53a @@ -70640,6 +60483,9 @@ catalog: class: SP800-53 title: Separation of System and User Functionality props: + - name: label + value: SC-02 + class: zero-padded - name: label value: SC-2 - name: label @@ -70673,10 +60519,6 @@ catalog: parts: - id: sc-2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Separate user functionality, including user interface services, from system management functionality. - id: sc-2_gdn @@ -70702,17 +60544,6 @@ catalog: - id: sc-2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-02 class: sp800-53a @@ -70781,6 +60612,9 @@ catalog: class: SP800-53 title: Information in Shared System Resources props: + - name: label + value: SC-04 + class: zero-padded - name: label value: SC-4 - name: label @@ -70801,10 +60635,6 @@ catalog: parts: - id: sc-4_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Prevent unauthorized and unintended information transfer via shared system resources. - id: sc-4_gdn @@ -70828,17 +60658,6 @@ catalog: - id: sc-4_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-04 class: sp800-53a @@ -70957,6 +60776,9 @@ catalog: - prose: controls to achieve the denial-of-service objective by type of denial-of-service event are defined; props: + - name: label + value: SC-05 + class: zero-padded - name: label value: SC-5 - name: label @@ -70987,9 +60809,6 @@ catalog: - id: sc-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: " {{ insert: param, sc-05_odp.02 }} the effects of the following\ @@ -70998,9 +60817,6 @@ catalog: - id: sc-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Employ the following controls to achieve the denial-of-service\ @@ -71029,17 +60845,6 @@ catalog: - id: sc-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-05a. class: sp800-53a @@ -71051,13 +60856,6 @@ catalog: - id: sc-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-05b. class: sp800-53a @@ -71153,9 +60951,9 @@ catalog: - physically - logically props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-07 + class: zero-padded - name: label value: SC-7 - name: label @@ -71236,9 +61034,6 @@ catalog: - id: sc-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Monitor and control communications at the external managed @@ -71247,9 +61042,6 @@ catalog: - id: sc-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Implement subnetworks for publicly accessible system components\ @@ -71258,9 +61050,6 @@ catalog: - id: sc-7_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Connect to external networks or systems only through managed @@ -71323,17 +61112,6 @@ catalog: - id: sc-7_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-07a.[01] class: sp800-53a @@ -71345,17 +61123,6 @@ catalog: - id: sc-7_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-07a.[02] class: sp800-53a @@ -71367,17 +61134,6 @@ catalog: - id: sc-7_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-07a.[03] class: sp800-53a @@ -71389,17 +61145,6 @@ catalog: - id: sc-7_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-07a.[04] class: sp800-53a @@ -71414,21 +61159,6 @@ catalog: - id: sc-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07b. class: sp800-53a @@ -71441,21 +61171,6 @@ catalog: - id: sc-7_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07c. class: sp800-53a @@ -71538,9 +61253,9 @@ catalog: class: SP800-53-enhancement title: Access Points props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-07(03) + class: zero-padded - name: label value: SC-7(3) - name: label @@ -71557,10 +61272,6 @@ catalog: parts: - id: sc-7.3_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Limit the number of external network connections to the system. - id: sc-7.3_gdn name: guidance @@ -71578,21 +61289,6 @@ catalog: - id: sc-7.3_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(03) class: sp800-53a @@ -71691,9 +61387,9 @@ catalog: - prose: the frequency at which to review exceptions to traffic flow policy is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-07(04) + class: zero-padded - name: label value: SC-7(4) - name: label @@ -71724,9 +61420,6 @@ catalog: - id: sc-7.4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Implement a managed interface for each external telecommunication @@ -71734,18 +61427,12 @@ catalog: - id: sc-7.4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: Establish a traffic flow policy for each managed interface; - id: sc-7.4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (c) prose: Protect the confidentiality and integrity of the information @@ -71753,9 +61440,6 @@ catalog: - id: sc-7.4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (d) prose: Document each exception to the traffic flow policy with @@ -71764,9 +61448,6 @@ catalog: - id: sc-7.4_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (e) prose: "Review exceptions to the traffic flow policy {{ insert:\ @@ -71775,9 +61456,6 @@ catalog: - id: sc-7.4_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (f) prose: Prevent unauthorized exchange of control plane traffic @@ -71785,9 +61463,6 @@ catalog: - id: sc-7.4_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (g) prose: Publish information to enable remote networks to detect @@ -71796,9 +61471,6 @@ catalog: - id: sc-7.4_smt.h name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (h) prose: Filter unauthorized control plane traffic from external @@ -71822,21 +61494,6 @@ catalog: - id: sc-7.4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(04)(a) class: sp800-53a @@ -71848,17 +61505,6 @@ catalog: - id: sc-7.4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-07(04)(b) class: sp800-53a @@ -71870,17 +61516,6 @@ catalog: - id: sc-7.4_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(04)(c) class: sp800-53a @@ -71913,17 +61548,6 @@ catalog: - id: sc-7.4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-07(04)(d) class: sp800-53a @@ -71936,17 +61560,6 @@ catalog: - id: sc-7.4_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-07(04)(e) class: sp800-53a @@ -71980,21 +61593,6 @@ catalog: - id: sc-7.4_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(04)(f) class: sp800-53a @@ -72006,21 +61604,6 @@ catalog: - id: sc-7.4_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(04)(g) class: sp800-53a @@ -72032,21 +61615,6 @@ catalog: - id: sc-7.4_obj.h name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(04)(h) class: sp800-53a @@ -72169,9 +61737,9 @@ catalog: by default and network communications traffic is allowed by exception are defined (if selected). props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-07(05) + class: zero-padded - name: label value: SC-7(5) - name: label @@ -72188,10 +61756,6 @@ catalog: parts: - id: sc-7.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Deny network communications traffic by default and allow\ \ network communications traffic by exception {{ insert: param,\ \ sc-07.05_odp.01 }}." @@ -72218,21 +61782,6 @@ catalog: - id: sc-7.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(05) class: sp800-53a @@ -72338,9 +61887,9 @@ catalog: - prose: safeguards to securely provision split tunneling are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-07(07) + class: zero-padded - name: label value: SC-7(7) - name: label @@ -72357,10 +61906,6 @@ catalog: parts: - id: sc-7.7_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Prevent split tunneling for remote devices connecting to\ \ organizational systems unless the split tunnel is securely provisioned\ \ using {{ insert: param, sc-07.07_odp }}." @@ -72389,21 +61934,6 @@ catalog: - id: sc-7.7_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(07) class: sp800-53a @@ -72505,9 +62035,9 @@ catalog: - prose: external networks to which internal communications traffic is to be routed are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-07(08) + class: zero-padded - name: label value: SC-7(8) - name: label @@ -72526,10 +62056,6 @@ catalog: parts: - id: sc-7.8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Route {{ insert: param, sc-07.08_odp.01 }} to {{ insert:\ \ param, sc-07.08_odp.02 }} through authenticated proxy servers\ \ at managed interfaces." @@ -72555,21 +62081,6 @@ catalog: - id: sc-7.8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(08) class: sp800-53a @@ -72669,9 +62180,9 @@ catalog: - prose: system components where host-based boundary protection mechanisms are to be implemented are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-07(12) + class: zero-padded - name: label value: SC-7(12) - name: label @@ -72688,10 +62199,6 @@ catalog: parts: - id: sc-7.12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement {{ insert: param, sc-07.12_odp.01 }} at {{ insert:\ \ param, sc-07.12_odp.02 }}." - id: sc-7.12_gdn @@ -72703,21 +62210,6 @@ catalog: - id: sc-7.12_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(12) class: sp800-53a @@ -72799,9 +62291,9 @@ catalog: class: SP800-53-enhancement title: Fail Secure props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-07(18) + class: zero-padded - name: label value: SC-7(18) - name: label @@ -72827,10 +62319,6 @@ catalog: parts: - id: sc-7.18_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Prevent systems from entering unsecure states in the event of an operational failure of a boundary protection device. - id: sc-7.18_gdn @@ -72848,21 +62336,6 @@ catalog: - id: sc-7.18_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-07(18) class: sp800-53a @@ -72952,9 +62425,9 @@ catalog: - confidentiality - integrity props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-08 + class: zero-padded - name: label value: SC-8 - name: label @@ -73015,10 +62488,6 @@ catalog: parts: - id: sc-8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Protect the {{ insert: param, sc-08_odp }} of transmitted information." parts: - id: sc-8_fr @@ -73055,7 +62524,7 @@ catalog: * From a load balancer to a compute instance - * Flows from management tools required for their work - e.g. + * Flows from management tools required for their work – e.g. log collection, scanning, etc. @@ -73100,10 +62569,10 @@ catalog: Controlled Access Area (CAA): Data will be considered physically - protected, and in a CAA if it meets Section 2.3 of the DHS's + protected, and in a CAA if it meets Section 2.3 of the DHS’s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet - Section 2.3 of the DHS' recommended practice by satisfactory + Section 2.3 of the DHS’ recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3). @@ -73163,21 +62632,6 @@ catalog: - id: sc-8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-08 class: sp800-53a @@ -73264,6 +62718,9 @@ catalog: - prevent unauthorized disclosure of information - detect changes to information props: + - name: label + value: SC-08(01) + class: zero-padded - name: label value: SC-8(1) - name: label @@ -73284,10 +62741,6 @@ catalog: parts: - id: sc-8.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement cryptographic mechanisms to {{ insert: param,\ \ sc-08.01_odp }} during transmission." parts: @@ -73347,21 +62800,6 @@ catalog: - id: sc-8.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-08(01) class: sp800-53a @@ -73456,6 +62894,9 @@ catalog: a network connection associated with a communication session is defined; props: + - name: label + value: SC-10 + class: zero-padded - name: label value: SC-10 - name: label @@ -73474,10 +62915,6 @@ catalog: parts: - id: sc-10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Terminate the network connection associated with a communications\ \ session at the end of the session or after {{ insert: param, sc-10_odp\ \ }} of inactivity." @@ -73494,21 +62931,6 @@ catalog: - id: sc-10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-10 class: sp800-53a @@ -73589,9 +63011,9 @@ catalog: - prose: requirements for key generation, distribution, storage, access, and destruction are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-12 + class: zero-padded - name: label value: SC-12 - name: label @@ -73650,8 +63072,6 @@ catalog: rel: related - href: "#sc-11" rel: related - - href: "#sc-12" - rel: related - href: "#sc-13" rel: related - href: "#sc-17" @@ -73669,10 +63089,6 @@ catalog: parts: - id: sc-12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Establish and manage cryptographic keys when cryptography is\ \ employed within the system in accordance with the following key\ \ management requirements: {{ insert: param, sc-12_odp }}." @@ -73720,21 +63136,6 @@ catalog: - id: sc-12_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-12 class: sp800-53a @@ -73849,9 +63250,9 @@ catalog: - prose: types of cryptography for each specified cryptographic use are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-13 + class: zero-padded - name: label value: SC-13 - name: label @@ -73930,18 +63331,12 @@ catalog: - id: sc-13_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Determine the {{ insert: param, sc-13_odp.01 }} ; and" - id: sc-13_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Implement the following types of cryptography required for\ @@ -74057,17 +63452,6 @@ catalog: - id: sc-13_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-13a. class: sp800-53a @@ -74078,21 +63462,6 @@ catalog: - id: sc-13_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-13b. class: sp800-53a @@ -74179,6 +63548,9 @@ catalog: guidelines: - prose: exceptions where remote activation is to be allowed are defined; props: + - name: label + value: SC-15 + class: zero-padded - name: label value: SC-15 - name: label @@ -74201,9 +63573,6 @@ catalog: - id: sc-15_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Prohibit remote activation of collaborative computing devices\ @@ -74212,9 +63581,6 @@ catalog: - id: sc-15_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Provide an explicit indication of use to users physically @@ -74247,17 +63613,6 @@ catalog: - id: sc-15_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-15a. class: sp800-53a @@ -74270,21 +63625,6 @@ catalog: - id: sc-15_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-15b. class: sp800-53a @@ -74374,6 +63714,9 @@ catalog: - prose: a certificate policy for issuing public key certificates is defined; props: + - name: label + value: SC-17 + class: zero-padded - name: label value: SC-17 - name: label @@ -74411,9 +63754,6 @@ catalog: - id: sc-17_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Issue public key certificates under an {{ insert: param,\ @@ -74422,9 +63762,6 @@ catalog: - id: sc-17_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Include only approved trust anchors in trust stores or certificate @@ -74449,17 +63786,6 @@ catalog: - id: sc-17_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-17a. class: sp800-53a @@ -74472,21 +63798,6 @@ catalog: - id: sc-17_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-17b. class: sp800-53a @@ -74561,6 +63872,9 @@ catalog: class: SP800-53 title: Mobile Code props: + - name: label + value: SC-18 + class: zero-padded - name: label value: SC-18 - name: label @@ -74591,9 +63905,6 @@ catalog: - id: sc-18_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Define acceptable and unacceptable mobile code and mobile @@ -74601,9 +63912,6 @@ catalog: - id: sc-18_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Authorize, monitor, and control the use of mobile code within @@ -74634,13 +63942,6 @@ catalog: - id: sc-18_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SC-18a. class: sp800-53a @@ -74691,17 +63992,6 @@ catalog: - id: sc-18_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-18b. class: sp800-53a @@ -74819,6 +64109,9 @@ catalog: class: SP800-53 title: Secure Name/Address Resolution Service (Authoritative Source) props: + - name: label + value: SC-20 + class: zero-padded - name: label value: SC-20 - name: label @@ -74855,9 +64148,6 @@ catalog: - id: sc-20_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Provide additional data origin authentication and integrity @@ -74867,9 +64157,6 @@ catalog: - id: sc-20_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Provide the means to indicate the security status of child @@ -74937,21 +64224,6 @@ catalog: - id: sc-20_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-20a. class: sp800-53a @@ -74993,21 +64265,6 @@ catalog: - id: sc-20_obj.b-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-20b.[01] class: sp800-53a @@ -75021,21 +64278,6 @@ catalog: - id: sc-20_obj.b-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-20b.[02] class: sp800-53a @@ -75116,9 +64358,9 @@ catalog: class: SP800-53 title: Secure Name/Address Resolution Service (Recursive or Caching Resolver) props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-21 + class: zero-padded - name: label value: SC-21 - name: label @@ -75139,10 +64381,6 @@ catalog: parts: - id: sc-21_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Request and perform data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources. @@ -75210,21 +64448,6 @@ catalog: - id: sc-21_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-21 class: sp800-53a @@ -75348,6 +64571,9 @@ catalog: class: SP800-53 title: Architecture and Provisioning for Name/Address Resolution Service props: + - name: label + value: SC-22 + class: zero-padded - name: label value: SC-22 - name: label @@ -75372,10 +64598,6 @@ catalog: parts: - id: sc-22_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Ensure the systems that collectively provide name/address resolution service for an organization are fault-tolerant and implement internal and external role separation. @@ -75398,21 +64620,6 @@ catalog: - id: sc-22_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-22 class: sp800-53a @@ -75527,6 +64734,9 @@ catalog: class: SP800-53 title: Session Authenticity props: + - name: label + value: SC-23 + class: zero-padded - name: label value: SC-23 - name: label @@ -75557,10 +64767,6 @@ catalog: parts: - id: sc-23_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Protect the authenticity of communications sessions. - id: sc-23_gdn name: guidance @@ -75574,21 +64780,6 @@ catalog: - id: sc-23_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-23 class: sp800-53a @@ -75666,9 +64857,9 @@ catalog: guidelines: - prose: information at rest requiring protection is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-28 + class: zero-padded - name: label value: SC-28 - name: label @@ -75739,10 +64930,6 @@ catalog: parts: - id: sc-28_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Protect the {{ insert: param, sc-28_odp.01 }} of the following\ \ information at rest: {{ insert: param, sc-28_odp.02 }}." parts: @@ -75798,21 +64985,6 @@ catalog: - id: sc-28_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-28 class: sp800-53a @@ -75907,6 +65079,9 @@ catalog: - prose: system components or media requiring cryptographic protection is/are defined; props: + - name: label + value: SC-28(01) + class: zero-padded - name: label value: SC-28(1) - name: label @@ -75929,10 +65104,6 @@ catalog: parts: - id: sc-28.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement cryptographic mechanisms to prevent unauthorized\ \ disclosure and modification of the following information at\ \ rest on {{ insert: param, sc-28.01_odp.02 }}: {{ insert: param,\ @@ -75983,21 +65154,6 @@ catalog: - id: sc-28.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-28(01) class: sp800-53a @@ -76099,6 +65255,9 @@ catalog: class: SP800-53 title: Process Isolation props: + - name: label + value: SC-39 + class: zero-padded - name: label value: SC-39 - name: label @@ -76134,10 +65293,6 @@ catalog: parts: - id: sc-39_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Maintain a separate execution domain for each executing system process. - id: sc-39_gdn @@ -76158,21 +65313,6 @@ catalog: - id: sc-39_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-39 class: sp800-53a @@ -76234,6 +65374,9 @@ catalog: class: SP800-53 title: System Time Synchronization props: + - name: label + value: SC-45 + class: zero-padded - name: label value: SC-45 - name: label @@ -76258,10 +65401,6 @@ catalog: parts: - id: sc-45_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Synchronize system clocks within and between systems and system components. - id: sc-45_gdn @@ -76284,21 +65423,6 @@ catalog: - id: sc-45_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-45 class: sp800-53a @@ -76391,9 +65515,9 @@ catalog: - prose: the time period to compare the internal system clocks with the authoritative time source is defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SC-45(01) + class: zero-padded - name: label value: SC-45(1) - name: label @@ -76414,9 +65538,6 @@ catalog: - id: sc-45.1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: "Compare the internal system clocks {{ insert: param,\ @@ -76425,9 +65546,6 @@ catalog: - id: sc-45.1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Synchronize the internal system clocks to the authoritative\ @@ -76477,17 +65595,6 @@ catalog: - id: sc-45.1_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SC-45(01)(a) class: sp800-53a @@ -76500,13 +65607,6 @@ catalog: - id: sc-45.1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SC-45(01)(b) class: sp800-53a @@ -76642,6 +65742,9 @@ catalog: - prose: events that would require the system and information integrity procedures to be reviewed and updated are defined; props: + - name: label + value: SI-01 + class: zero-padded - name: label value: SI-1 - name: label @@ -76677,11 +65780,6 @@ catalog: - id: si-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -76722,9 +65820,6 @@ catalog: - id: si-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, si-01_odp.04 }} to manage\ @@ -76733,11 +65828,6 @@ catalog: - id: si-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current system and information integrity:" @@ -76798,17 +65888,6 @@ catalog: - id: si-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-01a.[01] class: sp800-53a @@ -76820,17 +65899,6 @@ catalog: - id: si-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-01a.[02] class: sp800-53a @@ -76842,13 +65910,6 @@ catalog: - id: si-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SI-01a.[03] class: sp800-53a @@ -76862,13 +65923,6 @@ catalog: - id: si-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SI-01a.[04] class: sp800-53a @@ -76887,13 +65941,6 @@ catalog: - id: si-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SI-01a.01(a) class: sp800-53a @@ -76983,13 +66030,6 @@ catalog: - id: si-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SI-01a.01(b) class: sp800-53a @@ -77009,17 +66049,6 @@ catalog: - id: si-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-01b. class: sp800-53a @@ -77039,17 +66068,6 @@ catalog: - id: si-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-01c.01 class: sp800-53a @@ -77084,17 +66102,6 @@ catalog: - id: si-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-01c.02 class: sp800-53a @@ -77183,6 +66190,9 @@ catalog: - prose: time period within which to install security-relevant software updates after the release of the updates is defined; props: + - name: label + value: SI-02 + class: zero-padded - name: label value: SI-2 - name: label @@ -77245,18 +66255,12 @@ catalog: - id: si-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Identify, report, and correct system flaws; - id: si-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Test software and firmware updates related to flaw remediation @@ -77264,9 +66268,6 @@ catalog: - id: si-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Install security-relevant software and firmware updates\ @@ -77275,9 +66276,6 @@ catalog: - id: si-2_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Incorporate flaw remediation into the organizational configuration @@ -77324,21 +66322,6 @@ catalog: - id: si-2_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-02a. class: sp800-53a @@ -77379,17 +66362,6 @@ catalog: - id: si-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-02b. class: sp800-53a @@ -77444,17 +66416,6 @@ catalog: - id: si-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-02c. class: sp800-53a @@ -77487,17 +66448,6 @@ catalog: - id: si-2_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-02d. class: sp800-53a @@ -77628,6 +66578,9 @@ catalog: software and firmware updates are installed on system components is defined; props: + - name: label + value: SI-02(02) + class: zero-padded - name: label value: SI-2(2) - name: label @@ -77648,10 +66601,6 @@ catalog: parts: - id: si-2.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Determine if system components have applicable security-relevant\ \ software and firmware updates installed using {{ insert: param,\ \ si-02.02_odp.01 }} {{ insert: param, si-02.02_odp.02 }}." @@ -77662,21 +66611,6 @@ catalog: - id: si-2.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-02(02) class: sp800-53a @@ -77769,6 +66703,9 @@ catalog: guidelines: - prose: the benchmarks for taking corrective actions are defined; props: + - name: label + value: SI-02(03) + class: zero-padded - name: label value: SI-2(3) - name: label @@ -77789,9 +66726,6 @@ catalog: - id: si-2.3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Measure the time between flaw identification and flaw @@ -77799,9 +66733,6 @@ catalog: - id: si-2.3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Establish the following benchmarks for taking corrective\ @@ -77824,21 +66755,6 @@ catalog: - id: si-2.3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-02(03)(a) class: sp800-53a @@ -77850,17 +66766,6 @@ catalog: - id: si-2.3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-02(03)(b) class: sp800-53a @@ -78001,9 +66906,9 @@ catalog: - prose: personnel or roles to be alerted when malicious code is detected is/are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-03 + class: zero-padded - name: label value: SI-3 - name: label @@ -78069,9 +66974,6 @@ catalog: - id: si-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Implement {{ insert: param, si-03_odp.01 }} malicious code\ @@ -78080,9 +66982,6 @@ catalog: - id: si-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Automatically update malicious code protection mechanisms @@ -78091,9 +66990,6 @@ catalog: - id: si-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Configure malicious code protection mechanisms to:" @@ -78119,9 +67015,6 @@ catalog: - id: si-3_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Address the receipt of false positives during malicious code @@ -78182,17 +67075,6 @@ catalog: - id: si-3_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-03a. class: sp800-53a @@ -78227,17 +67109,6 @@ catalog: - id: si-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-03b. class: sp800-53a @@ -78264,17 +67135,6 @@ catalog: - id: si-3_obj.c.1-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-03c.01[01] class: sp800-53a @@ -78287,17 +67147,6 @@ catalog: - id: si-3_obj.c.1-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-03c.01[02] class: sp800-53a @@ -78322,17 +67171,6 @@ catalog: - id: si-3_obj.c.2-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-03c.02[01] class: sp800-53a @@ -78345,17 +67183,6 @@ catalog: - id: si-3_obj.c.2-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-03c.02[02] class: sp800-53a @@ -78374,17 +67201,6 @@ catalog: - id: si-3_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-03d. class: sp800-53a @@ -78535,6 +67351,9 @@ catalog: - prose: a frequency for providing system monitoring to personnel or roles is defined (if selected); props: + - name: label + value: SI-04 + class: zero-padded - name: label value: SI-4 - name: label @@ -78651,9 +67470,6 @@ catalog: - id: si-4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Monitor the system to detect:" @@ -78675,9 +67491,6 @@ catalog: - id: si-4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Identify unauthorized use of the system through the following\ @@ -78685,9 +67498,6 @@ catalog: - id: si-4_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Invoke internal monitoring capabilities or deploy monitoring\ @@ -78710,18 +67520,12 @@ catalog: - id: si-4_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Analyze detected events and anomalies; - id: si-4_smt.e name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: e. prose: Adjust the level of system monitoring activity when there @@ -78730,9 +67534,6 @@ catalog: - id: si-4_smt.f name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: f. prose: Obtain legal opinion regarding system monitoring activities; @@ -78740,9 +67541,6 @@ catalog: - id: si-4_smt.g name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: g. prose: "Provide {{ insert: param, si-04_odp.03 }} to {{ insert:\ @@ -78820,21 +67618,6 @@ catalog: - id: si-4_obj.a.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04a.01 class: sp800-53a @@ -78847,21 +67630,6 @@ catalog: - id: si-4_obj.a.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04a.02 class: sp800-53a @@ -78908,17 +67676,6 @@ catalog: - id: si-4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04b. class: sp800-53a @@ -78937,21 +67694,6 @@ catalog: - id: si-4_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04c.01 class: sp800-53a @@ -78964,21 +67706,6 @@ catalog: - id: si-4_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04c.02 class: sp800-53a @@ -78995,17 +67722,6 @@ catalog: - id: si-4_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04d. class: sp800-53a @@ -79036,17 +67752,6 @@ catalog: - id: si-4_obj.e name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04e. class: sp800-53a @@ -79059,17 +67764,6 @@ catalog: - id: si-4_obj.f name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04f. class: sp800-53a @@ -79081,21 +67775,6 @@ catalog: - id: si-4_obj.g name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04g. class: sp800-53a @@ -79194,9 +67873,9 @@ catalog: class: SP800-53-enhancement title: System-wide Intrusion Detection System props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-04(01) + class: zero-padded - name: label value: SI-4(1) - name: label @@ -79219,10 +67898,6 @@ catalog: parts: - id: si-4.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Connect and configure individual intrusion detection tools into a system-wide intrusion detection system. - id: si-4.1_gdn @@ -79242,17 +67917,6 @@ catalog: - id: si-4.1_obj-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04(01)[01] class: sp800-53a @@ -79264,17 +67928,6 @@ catalog: - id: si-4.1_obj-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04(01)[02] class: sp800-53a @@ -79372,9 +68025,9 @@ catalog: class: SP800-53-enhancement title: Automated Tools and Mechanisms for Real-time Analysis props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-04(02) + class: zero-padded - name: label value: SI-4(2) - name: label @@ -79398,10 +68051,6 @@ catalog: parts: - id: si-4.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Employ automated tools and mechanisms to support near real-time analysis of events. - id: si-4.2_gdn @@ -79420,21 +68069,6 @@ catalog: - id: si-4.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04(02) class: sp800-53a @@ -79579,6 +68213,9 @@ catalog: are to be monitored in outbound communications traffic are defined; props: + - name: label + value: SI-04(04) + class: zero-padded - name: label value: SI-4(4) - name: label @@ -79602,9 +68239,6 @@ catalog: - id: si-4.4_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (a) prose: Determine criteria for unusual or unauthorized activities @@ -79612,9 +68246,6 @@ catalog: - id: si-4.4_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: (b) prose: "Monitor inbound and outbound communications traffic\ @@ -79641,17 +68272,6 @@ catalog: - id: si-4.4_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04(04)(a) class: sp800-53a @@ -79684,21 +68304,6 @@ catalog: - id: si-4.4_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04(04)(b) class: sp800-53a @@ -79836,6 +68441,9 @@ catalog: guidelines: - prose: compromise indicators are defined; props: + - name: label + value: SI-04(05) + class: zero-padded - name: label value: SI-4(5) - name: label @@ -79861,10 +68469,6 @@ catalog: parts: - id: si-4.5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Alert {{ insert: param, si-04.05_odp.01 }} when the following\ \ system-generated indications of compromise or potential compromise\ \ occur: {{ insert: param, si-04.05_odp.02 }}." @@ -79898,21 +68502,6 @@ catalog: - id: si-4.5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04(05) class: sp800-53a @@ -80025,9 +68614,9 @@ catalog: class: SP800-53-enhancement title: Correlate Monitoring Information props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-04(16) + class: zero-padded - name: label value: SI-4(16) - name: label @@ -80052,10 +68641,6 @@ catalog: parts: - id: si-4.16_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Correlate information from monitoring tools and mechanisms employed throughout the system. - id: si-4.16_gdn @@ -80076,17 +68661,6 @@ catalog: - id: si-4.16_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04(16) class: sp800-53a @@ -80194,6 +68768,9 @@ catalog: - prose: interior points within the system where communications traffic is to be analyzed are defined; props: + - name: label + value: SI-04(18) + class: zero-padded - name: label value: SI-4(18) - name: label @@ -80216,10 +68793,6 @@ catalog: parts: - id: si-4.18_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Analyze outbound communications traffic at external interfaces\ \ to the system and at the following interior points to detect\ \ covert exfiltration of information: {{ insert: param, si-04.18_odp\ @@ -80232,17 +68805,6 @@ catalog: - id: si-4.18_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-04(18) class: sp800-53a @@ -80380,9 +68942,9 @@ catalog: - prose: system components where host-based monitoring is to be implemented are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-04(23) + class: zero-padded - name: label value: SI-4(23) - name: label @@ -80406,10 +68968,6 @@ catalog: parts: - id: si-4.23_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement the following host-based monitoring mechanisms\ \ at {{ insert: param, si-04.23_odp.02 }}: {{ insert: param, si-04.23_odp.01\ \ }}." @@ -80423,21 +68981,6 @@ catalog: - id: si-4.23_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-04(23) class: sp800-53a @@ -80573,6 +69116,9 @@ catalog: - prose: external organizations to whom security alerts, advisories, and directives are to be disseminated are defined (if selected); props: + - name: label + value: SI-05 + class: zero-padded - name: label value: SI-5 - name: label @@ -80602,9 +69148,6 @@ catalog: - id: si-5_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Receive system security alerts, advisories, and directives\ @@ -80612,9 +69155,6 @@ catalog: - id: si-5_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Generate internal security alerts, advisories, and directives @@ -80622,9 +69162,6 @@ catalog: - id: si-5_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Disseminate security alerts, advisories, and directives\ @@ -80632,9 +69169,6 @@ catalog: - id: si-5_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: Implement security directives in accordance with established @@ -80673,21 +69207,6 @@ catalog: - id: si-5_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-05a. class: sp800-53a @@ -80699,17 +69218,6 @@ catalog: - id: si-5_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-05b. class: sp800-53a @@ -80721,21 +69229,6 @@ catalog: - id: si-5_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-05c. class: sp800-53a @@ -80747,17 +69240,6 @@ catalog: - id: si-5_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-05d. class: sp800-53a @@ -80907,9 +69389,9 @@ catalog: - prose: alternative action(s) to be performed when anomalies are discovered are defined (if selected); props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-06 + class: zero-padded - name: label value: SI-6 - name: label @@ -80941,9 +69423,6 @@ catalog: - id: si-6_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Verify the correct operation of {{ insert: param, si-6_prm_1\ @@ -80951,9 +69430,6 @@ catalog: - id: si-6_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Perform the verification of the functions specified in SI-6a\ @@ -80961,9 +69437,6 @@ catalog: - id: si-6_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Alert {{ insert: param, si-06_odp.06 }} to failed security\ @@ -80971,9 +69444,6 @@ catalog: - id: si-6_smt.d name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: d. prose: " {{ insert: param, si-06_odp.07 }} when anomalies are discovered." @@ -80996,17 +69466,6 @@ catalog: - id: si-6_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-06a. class: sp800-53a @@ -81039,17 +69498,6 @@ catalog: - id: si-6_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-06b. class: sp800-53a @@ -81082,17 +69530,6 @@ catalog: - id: si-6_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-06c. class: sp800-53a @@ -81125,17 +69562,6 @@ catalog: - id: si-6_obj.d name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-06d. class: sp800-53a @@ -81276,9 +69702,9 @@ catalog: - prose: actions to be taken when unauthorized changes to information are detected are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-07 + class: zero-padded - name: label value: SI-7 - name: label @@ -81363,9 +69789,6 @@ catalog: - id: si-7_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Employ integrity verification tools to detect unauthorized\ @@ -81374,9 +69797,6 @@ catalog: - id: si-7_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Take the following actions when unauthorized changes to\ @@ -81404,17 +69824,6 @@ catalog: - id: si-7_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-07a. class: sp800-53a @@ -81458,17 +69867,6 @@ catalog: - id: si-7_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-07b. class: sp800-53a @@ -81683,9 +70081,9 @@ catalog: - prose: frequency with which to perform an integrity check (of information) is defined (if selected); props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-07(01) + class: zero-padded - name: label value: SI-7(1) - name: label @@ -81705,10 +70103,6 @@ catalog: parts: - id: si-7.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Perform an integrity check of {{ insert: param, si-7.1_prm_1\ \ }} {{ insert: param, si-7.1_prm_2 }}." - id: si-7.1_gdn @@ -81720,21 +70114,6 @@ catalog: - id: si-7.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-07(01) class: sp800-53a @@ -81858,6 +70237,9 @@ catalog: guidelines: - prose: security-relevant changes to the system are defined; props: + - name: label + value: SI-07(07) + class: zero-padded - name: label value: SI-7(7) - name: label @@ -81887,10 +70269,6 @@ catalog: parts: - id: si-7.7_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Incorporate the detection of the following unauthorized\ \ changes into the organizational incident response capability:\ \ {{ insert: param, si-07.07_odp }}." @@ -81906,17 +70284,6 @@ catalog: - id: si-7.7_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-07(07) class: sp800-53a @@ -82014,6 +70381,9 @@ catalog: class: SP800-53 title: Spam Protection props: + - name: label + value: SI-08 + class: zero-padded - name: label value: SI-8 - name: label @@ -82048,9 +70418,6 @@ catalog: - id: si-8_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Employ spam protection mechanisms at system entry and exit @@ -82058,9 +70425,6 @@ catalog: - id: si-8_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: Update spam protection mechanisms when new releases are available @@ -82113,17 +70477,6 @@ catalog: - id: si-8_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-08a. class: sp800-53a @@ -82178,17 +70531,6 @@ catalog: - id: si-8_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-08b. class: sp800-53a @@ -82282,6 +70624,9 @@ catalog: - prose: the frequency at which to automatically update spam protection mechanisms is defined; props: + - name: label + value: SI-08(02) + class: zero-padded - name: label value: SI-8(2) - name: label @@ -82298,10 +70643,6 @@ catalog: parts: - id: si-8.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Automatically update spam protection mechanisms {{ insert:\ \ param, si-08.02_odp }}." - id: si-8.2_gdn @@ -82312,17 +70653,6 @@ catalog: - id: si-8.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SI-08(02) class: sp800-53a @@ -82420,9 +70750,9 @@ catalog: - prose: information inputs to the system requiring validity checks are defined; props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" + - name: label + value: SI-10 + class: zero-padded - name: label value: SI-10 - name: label @@ -82442,10 +70772,6 @@ catalog: parts: - id: si-10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Check the validity of the following information inputs: {{ insert:\ \ param, si-10_odp }}." parts: @@ -82486,13 +70812,6 @@ catalog: - id: si-10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-10 class: sp800-53a @@ -82596,6 +70915,9 @@ catalog: - prose: personnel or roles to whom error messages are to be revealed is/are defined; props: + - name: label + value: SI-11 + class: zero-padded - name: label value: SI-11 - name: label @@ -82624,9 +70946,6 @@ catalog: - id: si-11_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Generate error messages that provide information necessary @@ -82635,9 +70954,6 @@ catalog: - id: si-11_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Reveal error messages only to {{ insert: param, si-11_odp\ @@ -82664,13 +70980,6 @@ catalog: - id: si-11_obj.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-11a. class: sp800-53a @@ -82683,13 +70992,6 @@ catalog: - id: si-11_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-11b. class: sp800-53a @@ -82785,6 +71087,9 @@ catalog: class: SP800-53 title: Information Management and Retention props: + - name: label + value: SI-12 + class: zero-padded - name: label value: SI-12 - name: label @@ -82865,10 +71170,6 @@ catalog: parts: - id: si-12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: Manage and retain information within the system and information output from the system in accordance with applicable laws, executive orders, directives, regulations, policies, standards, guidelines and @@ -82901,17 +71202,6 @@ catalog: - id: si-12_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-12 class: sp800-53a @@ -83076,6 +71366,9 @@ catalog: - prose: controls to be implemented to protect the system memory from unauthorized code execution are defined; props: + - name: label + value: SI-16 + class: zero-padded - name: label value: SI-16 - name: label @@ -83099,10 +71392,6 @@ catalog: parts: - id: si-16_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Implement the following controls to protect the system memory\ \ from unauthorized code execution: {{ insert: param, si-16_odp }}." - id: si-16_gdn @@ -83116,17 +71405,6 @@ catalog: - id: si-16_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SI-16 class: sp800-53a @@ -83271,6 +71549,9 @@ catalog: - prose: events that require the supply chain risk management procedures to be reviewed and updated are defined; props: + - name: label + value: SR-01 + class: zero-padded - name: label value: SR-1 - name: label @@ -83318,11 +71599,6 @@ catalog: - id: sr-1_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: a. prose: "Develop, document, and disseminate to {{ insert: param,\ @@ -83363,9 +71639,6 @@ catalog: - id: sr-1_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Designate an {{ insert: param, sr-01_odp.04 }} to manage\ @@ -83374,11 +71647,6 @@ catalog: - id: sr-1_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement - requirements. - name: label value: c. prose: "Review and update the current supply chain risk management:" @@ -83440,17 +71708,6 @@ catalog: - id: sr-1_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-01a.[01] class: sp800-53a @@ -83462,17 +71719,6 @@ catalog: - id: sr-1_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-01a.[02] class: sp800-53a @@ -83484,13 +71730,6 @@ catalog: - id: sr-1_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-01a.[03] class: sp800-53a @@ -83504,13 +71743,6 @@ catalog: - id: sr-1_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-01a.[04] class: sp800-53a @@ -83529,13 +71761,6 @@ catalog: - id: sr-1_obj.a.1.a name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-01a.01(a) class: sp800-53a @@ -83625,13 +71850,6 @@ catalog: - id: sr-1_obj.a.1.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-01a.01(b) class: sp800-53a @@ -83651,17 +71869,6 @@ catalog: - id: sr-1_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-01b. class: sp800-53a @@ -83681,17 +71888,6 @@ catalog: - id: sr-1_obj.c.1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-01c.01 class: sp800-53a @@ -83726,17 +71922,6 @@ catalog: - id: sr-1_obj.c.2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-01c.02 class: sp800-53a @@ -83836,6 +72021,9 @@ catalog: - prose: the frequency at which to review and update the supply chain risk management plan is defined; props: + - name: label + value: SR-02 + class: zero-padded - name: label value: SR-2 - name: label @@ -83905,9 +72093,6 @@ catalog: - id: sr-2_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Develop a plan for managing supply chain risks associated\ @@ -83918,9 +72103,6 @@ catalog: - id: sr-2_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Review and update the supply chain risk management plan\ @@ -83929,9 +72111,6 @@ catalog: - id: sr-2_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: Protect the supply chain risk management plan from unauthorized @@ -84001,17 +72180,6 @@ catalog: - id: sr-2_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-02a.[01] class: sp800-53a @@ -84022,13 +72190,6 @@ catalog: - id: sr-2_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[02] class: sp800-53a @@ -84041,13 +72202,6 @@ catalog: - id: sr-2_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[03] class: sp800-53a @@ -84060,13 +72214,6 @@ catalog: - id: sr-2_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[04] class: sp800-53a @@ -84079,13 +72226,6 @@ catalog: - id: sr-2_obj.a-5 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[05] class: sp800-53a @@ -84098,13 +72238,6 @@ catalog: - id: sr-2_obj.a-6 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[06] class: sp800-53a @@ -84117,13 +72250,6 @@ catalog: - id: sr-2_obj.a-7 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[07] class: sp800-53a @@ -84136,13 +72262,6 @@ catalog: - id: sr-2_obj.a-8 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[08] class: sp800-53a @@ -84155,13 +72274,6 @@ catalog: - id: sr-2_obj.a-9 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - name: label value: SR-02a.[09] class: sp800-53a @@ -84177,17 +72289,6 @@ catalog: - id: sr-2_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-02b. class: sp800-53a @@ -84200,17 +72301,6 @@ catalog: - id: sr-2_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SR-02c. class: sp800-53a @@ -84375,6 +72465,9 @@ catalog: guidelines: - prose: supply chain risk management activities are defined; props: + - name: label + value: SR-02(01) + class: zero-padded - name: label value: SR-2(1) - name: label @@ -84394,10 +72487,6 @@ catalog: parts: - id: sr-2.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Establish a supply chain risk management team consisting\ \ of {{ insert: param, sr-02.01_odp.01 }} to lead and support\ \ the following SCRM activities: {{ insert: param, sr-02.01_odp.02\ @@ -84426,17 +72515,6 @@ catalog: - id: sr-2.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-02(01) class: sp800-53a @@ -84541,6 +72619,9 @@ catalog: - prose: the document identifying the selected and implemented supply chain processes and controls is defined (if selected); props: + - name: label + value: SR-03 + class: zero-padded - name: label value: SR-3 - name: label @@ -84625,9 +72706,6 @@ catalog: - id: sr-3_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: "Establish a process or processes to identify and address\ @@ -84637,9 +72715,6 @@ catalog: - id: sr-3_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Employ the following controls to protect against supply\ @@ -84649,9 +72724,6 @@ catalog: - id: sr-3_smt.c name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: c. prose: "Document the selected and implemented supply chain processes\ @@ -84704,17 +72776,6 @@ catalog: - id: sr-3_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-03a.[01] class: sp800-53a @@ -84728,17 +72789,6 @@ catalog: - id: sr-3_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-03a.[02] class: sp800-53a @@ -84755,17 +72805,6 @@ catalog: - id: sr-3_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SR-03b. class: sp800-53a @@ -84779,17 +72818,6 @@ catalog: - id: sr-3_obj.c name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SR-03c. class: sp800-53a @@ -84904,6 +72932,9 @@ catalog: to protect against, identify, and mitigate supply chain risks are defined; props: + - name: label + value: SR-05 + class: zero-padded - name: label value: SR-5 - name: label @@ -84965,10 +72996,6 @@ catalog: parts: - id: sr-5_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Employ the following acquisition strategies, contract tools,\ \ and procurement methods to protect against, identify, and mitigate\ \ supply chain risks: {{ insert: param, sr-05_odp }}." @@ -84998,21 +73025,6 @@ catalog: - id: sr-5_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SR-05 class: sp800-53a @@ -85163,6 +73175,9 @@ catalog: risks associated with suppliers or contractors and the systems, system components, or system services they provide is defined; props: + - name: label + value: SR-06 + class: zero-padded - name: label value: SR-6 - name: label @@ -85210,10 +73225,6 @@ catalog: parts: - id: sr-6_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Assess and review the supply chain-related risks associated\ \ with suppliers or contractors and the system, system component,\ \ or system service they provide {{ insert: param, sr-06_odp }}." @@ -85251,17 +73262,6 @@ catalog: - id: sr-6_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - name: label value: SR-06 class: sp800-53a @@ -85364,6 +73364,9 @@ catalog: - prose: information for which agreements and procedures are to be established are defined (if selected); props: + - name: label + value: SR-08 + class: zero-padded - name: label value: SR-8 - name: label @@ -85401,10 +73404,6 @@ catalog: parts: - id: sr-8_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Establish agreements and procedures with entities involved in\ \ the supply chain for the system, system component, or system service\ \ for the {{ insert: param, sr-08_odp.01 }}." @@ -85435,17 +73434,6 @@ catalog: - id: sr-8_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-08 class: sp800-53a @@ -85556,6 +73544,9 @@ catalog: - prose: indications of the need for an inspection of systems or system components are defined (if selected); props: + - name: label + value: SR-10 + class: zero-padded - name: label value: SR-10 - name: label @@ -85593,10 +73584,6 @@ catalog: parts: - id: sr-10_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Inspect the following systems or system components {{ insert:\ \ param, sr-10_odp.02 }} to detect tampering: {{ insert: param, sr-10_odp.01\ \ }}." @@ -85611,17 +73598,6 @@ catalog: - id: sr-10_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-10 class: sp800-53a @@ -85737,6 +73713,9 @@ catalog: - prose: personnel or roles to whom counterfeit system components are to be reported is/are defined (if selected); props: + - name: label + value: SR-11 + class: zero-padded - name: label value: SR-11 - name: label @@ -85770,9 +73749,6 @@ catalog: - id: sr-11_smt.a name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: a. prose: Develop and implement anti-counterfeit policy and procedures @@ -85781,9 +73757,6 @@ catalog: - id: sr-11_smt.b name: item props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - name: label value: b. prose: "Report counterfeit system components to {{ insert: param,\ @@ -85824,17 +73797,6 @@ catalog: - id: sr-11_obj.a-1 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11a.[01] class: sp800-53a @@ -85845,17 +73807,6 @@ catalog: - id: sr-11_obj.a-2 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11a.[02] class: sp800-53a @@ -85866,17 +73817,6 @@ catalog: - id: sr-11_obj.a-3 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11a.[03] class: sp800-53a @@ -85888,17 +73828,6 @@ catalog: - id: sr-11_obj.a-4 name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11a.[04] class: sp800-53a @@ -85913,17 +73842,6 @@ catalog: - id: sr-11_obj.b name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11b. class: sp800-53a @@ -86050,6 +73968,9 @@ catalog: system components (including hardware, software, and firmware) is/are defined; props: + - name: label + value: SR-11(01) + class: zero-padded - name: label value: SR-11(1) - name: label @@ -86071,10 +73992,6 @@ catalog: parts: - id: sr-11.1_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Train {{ insert: param, sr-11.01_odp }} to detect counterfeit\ \ system components (including hardware, software, and firmware)." - id: sr-11.1_gdn @@ -86083,17 +74000,6 @@ catalog: - id: sr-11.1_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11(01) class: sp800-53a @@ -86196,6 +74102,9 @@ catalog: - prose: system components requiring configuration control are defined; props: + - name: label + value: SR-11(02) + class: zero-padded - name: label value: SR-11(2) - name: label @@ -86223,10 +74132,6 @@ catalog: parts: - id: sr-11.2_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Maintain configuration control over the following system\ \ components awaiting service or repair and serviced or repaired\ \ components awaiting return to service: {{ insert: param, sr-11.02_odp\ @@ -86237,17 +74142,6 @@ catalog: - id: sr-11.2_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-11(02) class: sp800-53a @@ -86360,6 +74254,9 @@ catalog: - prose: techniques and methods for disposing of data, documentation, tools, or system components are defined; props: + - name: label + value: SR-12 + class: zero-padded - name: label value: SR-12 - name: label @@ -86379,10 +74276,6 @@ catalog: parts: - id: sr-12_smt name: statement - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. prose: "Dispose of {{ insert: param, sr-12_odp.01 }} using the following\ \ techniques and methods: {{ insert: param, sr-12_odp.02 }}." - id: sr-12_gdn @@ -86403,17 +74296,6 @@ catalog: - id: sr-12_obj name: assessment-objective props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - name: label value: SR-12 class: sp800-53a diff --git a/dist/content/rev5/baselines/yaml/FedRAMP_rev5_MODERATE-baseline_profile.yaml b/dist/content/rev5/baselines/yaml/FedRAMP_rev5_MODERATE-baseline_profile.yaml index f05b57da2..9d5dbe096 100644 --- a/dist/content/rev5/baselines/yaml/FedRAMP_rev5_MODERATE-baseline_profile.yaml +++ b/dist/content/rev5/baselines/yaml/FedRAMP_rev5_MODERATE-baseline_profile.yaml @@ -1,11 +1,11 @@ --- profile: - uuid: b3d53132-0160-417a-ae1b-c9da8385d698 + uuid: 048f1842-3232-4908-b673-41cfa246e465 metadata: title: FedRAMP Rev 5 Moderate Baseline published: 2023-08-31T00:00:00Z - last-modified: 2024-01-11T23:40:17Z - version: 5.1.1+fedramp-20240111-0 + last-modified: 2023-12-18T15:21:26Z + version: 5.1.1+20231218-1 oscal-version: 1.1.1 roles: - id: prepared-by @@ -900,7 +900,7 @@ profile: positions - param-id: ps-03.03_odp constraints: - - description: personnel screening criteria - as required by specific information + - description: personnel screening criteria – as required by specific information - param-id: ps-04_odp.01 constraints: - description: four (4) hours @@ -1165,992 +1165,6 @@ profile: constraints: - description: all alters: - - control-id: ac-1 - adds: - - position: starting - by-id: ac-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ac-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: ac-11 - adds: - - position: starting - by-id: ac-11_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-11_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-11_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-11_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-11.1 - adds: - - position: starting - by-id: ac-11.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-11.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-12 - adds: - - position: starting - by-id: ac-12_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-14 - adds: - - position: starting - by-id: ac-14_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-14_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-14_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-14_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-17 - adds: - - position: starting - by-id: ac-17_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-17_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-17_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-17_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-17.1 - adds: - - position: starting - by-id: ac-17.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-17.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-17.2 - adds: - - position: starting - by-id: ac-17.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-17.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-17.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-17.3 - adds: - - position: starting - by-id: ac-17.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-17.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-17.4 - adds: - - position: starting - by-id: ac-17.4_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-17.4_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-17.4_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-17.4_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-17.4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-17.4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-17.4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-18 - adds: - - position: starting - by-id: ac-18_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-18_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-18_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-18_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-18.1 - adds: - - position: starting - by-id: ac-18.1_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-18.1_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-18.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-18.3 - adds: - - position: starting - by-id: ac-18.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-18.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-19 - adds: - - position: starting - by-id: ac-19_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-19_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-19_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-19_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-19.5 - adds: - - position: starting - by-id: ac-19.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-19.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-2 - adds: - - position: starting - by-id: ac-2_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-2_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-2_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.i.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.i.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.i.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.j - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.k-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.k-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2_obj.l - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.i - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.j - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.k - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2_smt.l - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-2.1 - adds: - - position: starting - by-id: ac-2.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-2.13 - adds: - - position: starting - by-id: ac-2.13_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.13_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.13 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-2.2 - adds: - - position: starting - by-id: ac-2.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ac-2.3 adds: - position: ending @@ -2184,120 +1198,6 @@ profile: value: "Guidance:" prose: For DoD clouds, see DoD cloud website for specific DoD requirements that go above and beyond FedRAMP https://public.cyber.mil/dccs/. - - position: starting - by-id: ac-2.3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.3_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.3_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-2.4 - adds: - - position: starting - by-id: ac-2.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.4 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ac-2.5 adds: - position: ending @@ -2313,120 +1213,6 @@ profile: - name: label value: "Guidance:" prose: Should use a shorter timeframe than AC-12. - - position: starting - by-id: ac-2.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-2.7 - adds: - - position: starting - by-id: ac-2.7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.7_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.7_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.7_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.7_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.7 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ac-2.9 adds: - position: ending @@ -2442,32 +1228,6 @@ profile: - name: label value: "Requirement:" prose: Required if shared/group accounts are deployed. - - position: starting - by-id: ac-2.9_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-2.9_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.9 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ac-2.12 adds: - position: ending @@ -2489,312 +1249,6 @@ profile: - name: label value: "(b) Requirement:" prose: Required for privileged accounts. - - position: starting - by-id: ac-2.12_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.12_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-2.12_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.12_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-2.12 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-20.1 - adds: - - position: starting - by-id: ac-20.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-20.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-20.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-20.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-20.2 - adds: - - position: starting - by-id: ac-20.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-20.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-21 - adds: - - position: starting - by-id: ac-21_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-21_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-21_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-21_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-22 - adds: - - position: starting - by-id: ac-22_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-22_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-22_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-22_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-22_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-22_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-22_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-22_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-3 - adds: - - position: starting - by-id: ac-3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-4 - adds: - - position: starting - by-id: ac-4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-4.21 - adds: - - position: starting - by-id: ac-4.21_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-4.21_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ac-5 adds: - position: ending @@ -2811,136 +1265,6 @@ profile: value: "Guidance:" prose: CSPs have the option to provide a separation of duties matrix as an attachment to the SSP. - - position: starting - by-id: ac-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-6 - adds: - - position: starting - by-id: ac-6_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-6_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-6 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-6.1 - adds: - - position: starting - by-id: ac-6.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-6.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-6.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-6.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-6.10 - adds: - - position: starting - by-id: ac-6.10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-6.10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-6.10 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ac-6.2 adds: - position: ending @@ -2960,124 +1284,6 @@ profile: \ (i.e., permissions, privileges), setting events to be audited,\ \ and setting intrusion detection parameters, system programming,\ \ system and security administration, other privileged functions." - - position: starting - by-id: ac-6.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-6.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-6.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-6.5 - adds: - - position: starting - by-id: ac-6.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-6.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-6.5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ac-6.7 - adds: - - position: starting - by-id: ac-6.7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-6.7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-6.7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-6.7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ac-6.9 - adds: - - position: starting - by-id: ac-6.9_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-6.9_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ac-7 adds: - position: ending @@ -3093,46 +1299,6 @@ profile: - name: label value: "Requirement:" prose: In alignment with NIST SP 800-63B - - position: starting - by-id: ac-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ac-8 adds: - position: ending @@ -3179,102 +1345,6 @@ profile: prose: If performed as part of a Configuration Baseline check, then the % of items requiring setting that are checked and that pass (or fail) check can be provided. - - position: starting - by-id: ac-8_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-8_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-8_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-8_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-8_obj.a.4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-8_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ac-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-8_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ac-20 adds: - position: ending @@ -3305,662 +1375,6 @@ profile: SA-9 describes the responsibilities of external system owners. These responsibilities would typically be captured in the agreement required by CA-3. - - position: starting - by-id: ac-20_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ac-20_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ac-20_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ac-20_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: at-1 - adds: - - position: starting - by-id: at-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: at-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: at-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: at-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: at-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: at-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: at-2 - adds: - - position: starting - by-id: at-2_obj.a.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_obj.a.1-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_obj.a.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_obj.a.1-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: at-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: at-2.2 - adds: - - position: starting - by-id: at-2.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: at-2.3 - adds: - - position: starting - by-id: at-2.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-2.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: at-3 - adds: - - position: starting - by-id: at-3_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-3_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: at-3_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: at-4 - adds: - - position: starting - by-id: at-4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: at-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: at-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: at-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: au-1 - adds: - - position: starting - by-id: au-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: au-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: au-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: au-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: au-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: au-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: au-12 - adds: - - position: starting - by-id: au-12_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-12_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-12_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-12_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-12_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-12_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-12 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: au-2 adds: - position: ending @@ -3984,176 +1398,6 @@ profile: value: "(e) Guidance:" prose: Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO. - - position: starting - by-id: au-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-2_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-2_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: au-2_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-2_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-3 - adds: - - position: starting - by-id: au-3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: au-3.1 adds: - position: ending @@ -4171,108 +1415,6 @@ profile: prose: For client-server transactions, the number of bytes sent and received gives bidirectional transfer information that can be helpful during an investigation or inquiry. - - position: starting - by-id: au-3.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-3.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-3.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-4 - adds: - - position: starting - by-id: au-4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-4 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-5 - adds: - - position: starting - by-id: au-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: au-6 adds: - position: ending @@ -4291,72 +1433,6 @@ profile: be documented and accepted by the JAB/AO. In multi-tenant environments, capability and means for providing review, analysis, and reporting to consumer for data pertaining to consumer shall be documented. - - position: starting - by-id: au-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-6_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-6_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-6 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: au-11 adds: - position: ending @@ -4388,400 +1464,6 @@ profile: value: "Guidance:" prose: The service provider is encouraged to align with M-21-31 where possible - - position: starting - by-id: au-11_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-11_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-11 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-6.1 - adds: - - position: starting - by-id: au-6.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-6.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-6.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-6.3 - adds: - - position: starting - by-id: au-6.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-6.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-6.3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-7 - adds: - - position: starting - by-id: au-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: au-7.1 - adds: - - position: starting - by-id: au-7.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-7.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: au-8 - adds: - - position: starting - by-id: au-8_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-8 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: au-9 - adds: - - position: starting - by-id: au-9_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-9_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-9_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: au-9_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: au-9.4 - adds: - - position: starting - by-id: au-9.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: au-9.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ca-1 - adds: - - position: starting - by-id: ca-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ca-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - control-id: ca-2 adds: - position: ending @@ -4797,142 +1479,6 @@ profile: - name: label value: "Guidance:" prose: Reference FedRAMP Annual Assessment Guidance. - - position: starting - by-id: ca-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-2_obj.b.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2_obj.b.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2_obj.b.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-2_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-2_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-2_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ca-2.1 adds: - position: ending @@ -4948,106 +1494,6 @@ profile: - name: label value: "Requirement:" prose: For JAB Authorization, must use an accredited 3PAO. - - position: starting - by-id: ca-2.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ca-2.3 - adds: - - position: starting - by-id: ca-2.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-2.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ca-3 - adds: - - position: starting - by-id: ca-3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-3_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ca-5 adds: - position: ending @@ -5069,46 +1515,6 @@ profile: - name: label value: "Guidance:" prose: Reference FedRAMP-POAM-Template - - position: starting - by-id: ca-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ca-6 adds: - position: ending @@ -5129,116 +1535,6 @@ profile: the types of changes to the information system or the environment of operations that would impact the risk posture. The types of changes are approved and accepted by the JAB/AO. - - position: starting - by-id: ca-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-6_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-6_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-6_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-6_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-6_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-6_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-6_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ca-7 adds: - position: ending @@ -5277,272 +1573,6 @@ profile: Monitoring Plan. CSPs should reference the FedRAMP Continuous Monitoring Strategy Guide when developing the Continuous Monitoring Plan. - - position: starting - by-id: ca-7_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ca-7.1 - adds: - - position: starting - by-id: ca-7.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ca-7.4 - adds: - - position: starting - by-id: ca-7.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7.4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7.4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7.4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-7.4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7.4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-7.4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ca-8 adds: - position: ending @@ -5558,48 +1588,6 @@ profile: - name: label value: "Guidance:" prose: Reference the FedRAMP Penetration Test Guidance. - - position: starting - by-id: ca-8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ca-8.1 - adds: - - position: starting - by-id: ca-8.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-8.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ca-8.2 adds: - position: ending @@ -5607,7 +1595,7 @@ profile: parts: - id: ca-8.2_fr name: item - title: CA-8(2) Additional FedRAMP Requirements and Guidance + title: CM-2 Additional FedRAMP Requirements and Guidance parts: - id: ca-8.2_fr_gdn.1 name: guidance @@ -5618,362 +1606,6 @@ profile: See the FedRAMP Documents page> Penetration Test Guidance https://www.FedRAMP.gov/documents/ - - position: starting - by-id: ca-8.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-8.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-8.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ca-9 - adds: - - position: starting - by-id: ca-9_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-9_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ca-9_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-9_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ca-9_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-9_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-9_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ca-9_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-1 - adds: - - position: starting - by-id: cm-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: cm-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: cm-10 - adds: - - position: starting - by-id: cm-10_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-10_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-10_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-10_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-10_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-10_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-11 - adds: - - position: starting - by-id: cm-11_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-11_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-11_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-11_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-11_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-11_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cm-2 adds: - position: ending @@ -5990,152 +1622,6 @@ profile: value: "(b) (1) Guidance:" prose: Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F. - - position: starting - by-id: cm-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-2_obj.b.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-2_obj.b.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-2_obj.b.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-2.2 - adds: - - position: starting - by-id: cm-2.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-2.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-2.3 - adds: - - position: starting - by-id: cm-2.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-2.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-2.7 - adds: - - position: starting - by-id: cm-2.7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-2.7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-2.7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-2.7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cm-3 adds: - position: ending @@ -6162,344 +1648,6 @@ profile: - name: label value: "(e) Guidance:" prose: In accordance with record retention policies and procedures. - - position: starting - by-id: cm-3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-3_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-3_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3_obj.g-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3_obj.g-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-3_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-3_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-3_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-3.2 - adds: - - position: starting - by-id: cm-3.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-3.4 - adds: - - position: starting - by-id: cm-3.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-3.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-4 - adds: - - position: starting - by-id: cm-4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-4.2 - adds: - - position: starting - by-id: cm-4.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-4.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-5 - adds: - - position: starting - by-id: cm-5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: cm-5.1 - adds: - - position: starting - by-id: cm-5.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-5.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-5.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-5.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-5.5 - adds: - - position: starting - by-id: cm-5.5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-5.5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-5.5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-5.5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cm-6 adds: - position: ending @@ -6544,7 +1692,7 @@ profile: of the controls assessment. Where a direct mapping exists, the 3PAO must document additional findings per control in the corresponding SAR Risk Exposure Table (RET), which are - then documented in the CSP's Plan of Action and Milestones + then documented in the CSP’s Plan of Action and Milestones (POA&M). This will likely result in the details of individual control findings overlapping with those in the combined CM-6 finding, which is acceptable. @@ -6555,112 +1703,6 @@ profile: CSPs are not required to map the findings to specific controls because controls are only assessed during initial assessments, annual assessments, and significant change requests. - - position: starting - by-id: cm-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-6_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-6_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-6_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-6_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-6 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: cm-6.1 - adds: - - position: starting - by-id: cm-6.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-6.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-6.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: cm-7 adds: - position: ending @@ -6680,96 +1722,6 @@ profile: ports, protocols, and/or services or establishes its own list of prohibited or restricted functions, ports, protocols, and/or services if STIGs or CIS is not available. - - position: starting - by-id: cm-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-7 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: cm-7.1 - adds: - - position: starting - by-id: cm-7.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-7.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-7.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-7.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-7.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: cm-7.2 adds: - position: ending @@ -6792,92 +1744,6 @@ profile: (i.e. allow-listing). This control is not to be based off of strictly written policy on what is allowed or not allowed to run. - - position: starting - by-id: cm-7.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-7.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-7.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: cm-7.5 - adds: - - position: starting - by-id: cm-7.5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-7.5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-7.5_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-7.5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-7.5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-7.5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-7.5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: cm-8 adds: - position: ending @@ -6893,164 +1759,6 @@ profile: - name: label value: "Requirement:" prose: must be provided at least monthly or when there is a change. - - position: starting - by-id: cm-8_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8_obj.a.4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8_obj.a.5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-8 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: cm-8.1 - adds: - - position: starting - by-id: cm-8.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-8.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cm-8.3 - adds: - - position: starting - by-id: cm-8.3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-8.3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-8.3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-8.3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cm-9 adds: - position: ending @@ -7066,124 +1774,6 @@ profile: Management of Information Systems, provides guidelines for the implementation of CM controls as well as a sample CMP outline in Appendix D of the Guide - - position: starting - by-id: cm-9_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-9_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-9_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-9_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-9_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-9_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cm-9_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-9_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-9_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-9_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-9_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-9_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-9_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cm-12 adds: - position: ending @@ -7199,94 +1789,6 @@ profile: - name: label value: "Requirement:" prose: According to FedRAMP Authorization Boundary Guidance - - position: starting - by-id: cm-12_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-12_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-12_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-12_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-12_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cm-12_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-12_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cm-12_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cm-12.1 adds: - position: ending @@ -7302,206 +1804,6 @@ profile: - name: label value: "Requirement:" prose: According to FedRAMP Authorization Boundary Guidance. - - position: starting - by-id: cm-12.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cm-12.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-1 - adds: - - position: starting - by-id: cp-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: cp-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: cp-10 - adds: - - position: starting - by-id: cp-10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-10.2 - adds: - - position: starting - by-id: cp-10.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-10.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cp-2 adds: - position: ending @@ -7525,320 +1827,6 @@ profile: value: "Requirement:" prose: "CSPs must use the FedRAMP Information System Contingency\ \ Plan (ISCP) Template (available on the fedramp.gov: https://www.fedramp.gov/assets/resources/templates/SSP-A06-FedRAMP-ISCP-Template.docx)." - - position: starting - by-id: cp-2_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.a.4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.a.5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.a.6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.a.7 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: cp-2_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.e-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.e-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2_obj.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-2_smt.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-2.1 - adds: - - position: starting - by-id: cp-2.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-2.3 - adds: - - position: starting - by-id: cp-2.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-2.8 - adds: - - position: starting - by-id: cp-2.8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-2.8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cp-3 adds: - position: ending @@ -7861,88 +1849,6 @@ profile: applies to their respective level. Newly hired critical contingency personnel must take this more in-depth training within 60 days of hire date when the training will have more impact. - - position: starting - by-id: cp-3_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-3_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-3_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-3_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-3_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cp-4 adds: - position: ending @@ -7969,268 +1875,6 @@ profile: test results with the security package within the Contingency Plan-designated appendix (Appendix G, Contingency Plan Test Report). - - position: starting - by-id: cp-4_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-4_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-4_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-4 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: cp-4.1 - adds: - - position: starting - by-id: cp-4.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-4.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-6 - adds: - - position: starting - by-id: cp-6_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-6_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-6.1 - adds: - - position: starting - by-id: cp-6.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-6.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-6.3 - adds: - - position: starting - by-id: cp-6.3_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-6.3_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-6.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cp-7 adds: - position: ending @@ -8247,96 +1891,6 @@ profile: value: "(a) Requirement:" prose: The service provider defines a time period consistent with the recovery time objectives and business impact analysis. - - position: starting - by-id: cp-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-7_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-7_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-7_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-7_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cp-7.1 adds: - position: ending @@ -8357,84 +1911,6 @@ profile: concern. For one particular type of threat (i.e., hostile cyber attack), the degree of separation between sites will be less relevant. - - position: starting - by-id: cp-7.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-7.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-7.2 - adds: - - position: starting - by-id: cp-7.2_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-7.2_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-7.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-7.3 - adds: - - position: starting - by-id: cp-7.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-7.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cp-8 adds: - position: ending @@ -8451,102 +1927,6 @@ profile: value: "Requirement:" prose: The service provider defines a time period consistent with the recovery time objectives and business impact analysis. - - position: starting - by-id: cp-8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-8.1 - adds: - - position: starting - by-id: cp-8.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-8.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-8.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-8.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-8.2 - adds: - - position: starting - by-id: cp-8.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: cp-8.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cp-9 adds: - position: ending @@ -8591,124 +1971,6 @@ profile: of information system documentation including security information (at least one of which is available online) or provides an equivalent alternative. - - position: starting - by-id: cp-9_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-9_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-9_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: cp-9_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: cp-9.1 - adds: - - position: starting - by-id: cp-9.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: cp-9.8 adds: - position: ending @@ -8726,210 +1988,6 @@ profile: prose: Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13.) - - position: starting - by-id: cp-9.8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: cp-9.8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-1 - adds: - - position: starting - by-id: ia-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ia-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ia-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ia-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ia-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ia-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ia-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ia-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ia-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ia-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ia-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: ia-12.2 - adds: - - position: starting - by-id: ia-12.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-12.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-12.3 - adds: - - position: starting - by-id: ia-12.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-12.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ia-2 adds: - position: ending @@ -8971,54 +2029,6 @@ profile: processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system. - - position: starting - by-id: ia-2_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ia-2.1 adds: - position: ending @@ -9048,28 +2058,6 @@ profile: value: "Guidance:" prose: Multi-factor authentication to subsequent components in the same user domain is not required. - - position: starting - by-id: ia-2.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ia-2.2 adds: - position: ending @@ -9099,52 +2087,6 @@ profile: value: "Guidance:" prose: Multi-factor authentication to subsequent components in the same user domain is not required. - - position: starting - by-id: ia-2.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ia-2.5 - adds: - - position: starting - by-id: ia-2.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2.5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ia-2.6 adds: - position: ending @@ -9168,52 +2110,6 @@ profile: value: "Guidance:" prose: See SC-13 Guidance for more information on FIPS-validated or NSA-approved cryptography. - - position: starting - by-id: ia-2.6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2.6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2.6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2.6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2.6 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ia-2.12 adds: - position: ending @@ -9230,192 +2126,6 @@ profile: value: "Guidance:" prose: Include Common Access Card (CAC), i.e., the DoD technical implementation of PIV/FIPS 201/HSPD-12. - - position: starting - by-id: ia-2.12_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2.12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2.12 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ia-2.8 - adds: - - position: starting - by-id: ia-2.8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-2.8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-2.8 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ia-3 - adds: - - position: starting - by-id: ia-3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-4 - adds: - - position: starting - by-id: ia-4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-4 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ia-4.4 - adds: - - position: starting - by-id: ia-4.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-4.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ia-5 adds: - position: ending @@ -9442,206 +2152,6 @@ profile: parties, such as a browser. For example, a SAML assertion can be encrypted using XML-Encryption, or an OpenID Connect ID Token can be encrypted using JSON Web Encryption (JWE). - - position: starting - by-id: ia-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.h-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.h-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_obj.i - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5_smt.i - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: ia-5.1 adds: - position: ending @@ -9667,7 +2177,7 @@ profile: - name: label value: "(h) Requirement:" prose: >- - For cases where technology doesn't allow multi-factor + For cases where technology doesn’t allow multi-factor authentication, these rules should be enforced: must have a minimum length of 14 characters and must support all printable ASCII characters. @@ -9685,218 +2195,6 @@ profile: prose: Note that (c) and (d) require the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13). - - position: starting - by-id: ia-5.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_obj.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.1_smt.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-5.2 - adds: - - position: starting - by-id: ia-5.2_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.2_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.2_obj.b.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.2_obj.b.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-5.2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-5.6 - adds: - - position: starting - by-id: ia-5.6_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.6_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ia-5.7 adds: - position: ending @@ -9914,22 +2212,6 @@ profile: prose: In this context, prohibited static storage refers to any storage where unencrypted authenticators, such as passwords, persist beyond the time required to complete the access process. - - position: starting - by-id: ia-5.7_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-5.7_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ia-11 adds: - position: ending @@ -9951,30 +2233,6 @@ profile: * AAL2 (moderate baseline) * 12 hours or * 30 minutes of inactivity - - position: starting - by-id: ia-11_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-11_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ia-12 adds: - position: ending @@ -9991,70 +2249,6 @@ profile: value: "Guidance:" prose: In accordance with NIST SP 800-63A Enrollment and Identity Proofing - - position: starting - by-id: ia-12_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-12_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-12_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-12_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-12_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-12_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ia-12.5 adds: - position: ending @@ -10071,386 +2265,6 @@ profile: value: "Guidance:" prose: In accordance with NIST SP 800-63A Enrollment and Identity Proofing - - position: starting - by-id: ia-12.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-12.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-6 - adds: - - position: starting - by-id: ia-6_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-6_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-7 - adds: - - position: starting - by-id: ia-7_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-7_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-8 - adds: - - position: starting - by-id: ia-8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-8.1 - adds: - - position: starting - by-id: ia-8.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-8.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-8.2 - adds: - - position: starting - by-id: ia-8.2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-8.2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-8.2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ia-8.2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ia-8.4 - adds: - - position: starting - by-id: ia-8.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ia-8.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-1 - adds: - - position: starting - by-id: ir-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ir-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: ir-2 - adds: - - position: starting - by-id: ir-2_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-2_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-2_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-2_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-2_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ir-3 adds: - position: ending @@ -10472,54 +2286,6 @@ profile: tests (see CA-8). The service provider provides test plans to the JAB/AO annually. Test plans are approved and accepted by the JAB/AO prior to test commencing. - - position: starting - by-id: ir-3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ir-3.2 - adds: - - position: starting - by-id: ir-3.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-3.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ir-4 adds: - position: ending @@ -10549,170 +2315,6 @@ profile: incident handling meet personnel security requirements commensurate with the criticality/sensitivity of the information being processed, stored, and transmitted by the information system. - - position: starting - by-id: ir-4_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-4 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ir-4.1 - adds: - - position: starting - by-id: ir-4.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-4.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-4.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ir-5 - adds: - - position: starting - by-id: ir-5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ir-6 adds: - position: ending @@ -10729,156 +2331,6 @@ profile: value: "Requirement:" prose: Reports security incident information according to FedRAMP Incident Communications Procedure. - - position: starting - by-id: ir-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-6.1 - adds: - - position: starting - by-id: ir-6.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-6.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-6.3 - adds: - - position: starting - by-id: ir-6.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-6.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-7 - adds: - - position: starting - by-id: ir-7_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-7_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-7_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-7.1 - adds: - - position: starting - by-id: ir-7.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-7.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ir-8 adds: - position: ending @@ -10906,956 +2358,6 @@ profile: personnel (identified by name and/or by role) and organizational elements. The incident response list includes designated FedRAMP personnel. - - position: starting - by-id: ir-8_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.7 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.8 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.9 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.a.10 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-8_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-8_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-8_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-8_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-8_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-8_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-9 - adds: - - position: starting - by-id: ir-9_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-9_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ir-9_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-9_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-9_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-9_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-9_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-9_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-9_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-9_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-9_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-9_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-9_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ir-9_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-9.2 - adds: - - position: starting - by-id: ir-9.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-9.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-9.3 - adds: - - position: starting - by-id: ir-9.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ir-9.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ir-9.4 - adds: - - position: starting - by-id: ir-9.4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ir-9.4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-1 - adds: - - position: starting - by-id: ma-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ma-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ma-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ma-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ma-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ma-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: ma-2 - adds: - - position: starting - by-id: ma-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ma-2_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-2_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-2_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-2_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-3 - adds: - - position: starting - by-id: ma-3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-3.1 - adds: - - position: starting - by-id: ma-3.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-3.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-3.2 - adds: - - position: starting - by-id: ma-3.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-3.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-3.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ma-3.3 - adds: - - position: starting - by-id: ma-3.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-3.3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-3.3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-3.3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-3.3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-4 - adds: - - position: starting - by-id: ma-4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-4_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-4_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ma-4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-4_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-4_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-5 - adds: - - position: starting - by-id: ma-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ma-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-5_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ma-5.1 adds: - position: ending @@ -11871,266 +2373,6 @@ profile: - name: label value: "Requirement:" prose: Only MA-5 (1) (a) (1) is required by FedRAMP Moderate Baseline - - position: starting - by-id: ma-5.1_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-5.1_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-5.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-5.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ma-5.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ma-6 - adds: - - position: starting - by-id: ma-6_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ma-6_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: mp-1 - adds: - - position: starting - by-id: mp-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: mp-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: mp-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: mp-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: mp-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: mp-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: mp-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: mp-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: mp-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: mp-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: mp-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: mp-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: mp-2 - adds: - - position: starting - by-id: mp-2_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-2_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: mp-3 adds: - position: ending @@ -12146,38 +2388,6 @@ profile: - name: label value: "(b) Guidance:" prose: Second parameter not-applicable - - position: starting - by-id: mp-3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: mp-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: mp-4 adds: - position: ending @@ -12194,108 +2404,6 @@ profile: value: "(a) Requirement:" prose: The service provider defines controlled areas within facilities where the information and information system reside. - - position: starting - by-id: mp-4_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-4_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-4_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-4_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: mp-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: mp-5 adds: - position: ending @@ -12313,664 +2421,6 @@ profile: prose: The service provider defines security measures to protect digital and non-digital media in transport. The security measures are approved and accepted by the JAB/AO. - - position: starting - by-id: mp-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-5_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: mp-5_obj.d-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: mp-5_obj.d-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: mp-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: mp-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: mp-5_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: mp-6 - adds: - - position: starting - by-id: mp-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: mp-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: mp-7 - adds: - - position: starting - by-id: mp-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: mp-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: mp-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-1 - adds: - - position: starting - by-id: pe-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pe-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pe-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pe-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pe-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: pe-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: pe-10 - adds: - - position: starting - by-id: pe-10_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-10_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-10_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-10_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-10_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-10_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-11 - adds: - - position: starting - by-id: pe-11_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-11_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-12 - adds: - - position: starting - by-id: pe-12_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-12_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-12_obj-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-12_obj-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-13 - adds: - - position: starting - by-id: pe-13_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13_obj-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13_obj-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13_obj-5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13_obj-6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-13.1 - adds: - - position: starting - by-id: pe-13.1_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13.1_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13.1_obj-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-13.2 - adds: - - position: starting - by-id: pe-13.2_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13.2_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13.2_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13.2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-13.2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-13.2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: pe-14 adds: - position: ending @@ -12987,1426 +2437,6 @@ profile: value: "(a) Requirement:" prose: The service provider measures temperature at server inlets and humidity levels by dew point. - - position: starting - by-id: pe-14_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-14_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-14_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-14_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-15 - adds: - - position: starting - by-id: pe-15_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-15_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-15_obj-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-15_obj-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-15_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-16 - adds: - - position: starting - by-id: pe-16_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-16_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-16_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-16_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-16_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-16_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-16_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-17 - adds: - - position: starting - by-id: pe-17_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-17_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-17_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-17_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-17_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-17_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-17_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-17_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-2 - adds: - - position: starting - by-id: pe-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-3 - adds: - - position: starting - by-id: pe-3_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-3_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.d-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.d-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.e-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.e-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.e-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-3_obj.g-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_obj.g-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: pe-4 - adds: - - position: starting - by-id: pe-4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-5 - adds: - - position: starting - by-id: pe-5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-6 - adds: - - position: starting - by-id: pe-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-6_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-6_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-6_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-6_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-6_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-6.1 - adds: - - position: starting - by-id: pe-6.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-6.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-8 - adds: - - position: starting - by-id: pe-8_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-8_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pe-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pe-8_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pe-9 - adds: - - position: starting - by-id: pe-9_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pe-9_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pl-1 - adds: - - position: starting - by-id: pl-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: pl-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: pl-11 - adds: - - position: starting - by-id: pl-11_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-11_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pl-2 - adds: - - position: starting - by-id: pl-2_obj.a.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.4-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.4-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.7 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.8 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.9 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.10-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.10-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.11 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.12-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.12-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-2_obj.a.13-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.13-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.14-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-2_obj.a.14-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-2_obj.a.15-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.a.15-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-2_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-2_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pl-4 - adds: - - position: starting - by-id: pl-4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: pl-4.1 - adds: - - position: starting - by-id: pl-4.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-4.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-4.1_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-4.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-4.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-4.1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: pl-8 adds: - position: ending @@ -14423,170 +2453,6 @@ profile: value: "(b) Guidance:" prose: Significant change is defined in NIST Special Publication 800-37 Revision 2, Appendix F. - - position: starting - by-id: pl-8_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-8_obj.a.4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: pl-8_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.c-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.c-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.c-5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_obj.c-6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: pl-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: pl-8_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: pl-10 adds: - position: ending @@ -14602,902 +2468,6 @@ profile: - name: label value: "Requirement:" prose: Select the appropriate FedRAMP Baseline - - position: starting - by-id: pl-10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: pl-10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-1 - adds: - - position: starting - by-id: ps-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ps-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: ps-2 - adds: - - position: starting - by-id: ps-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-3 - adds: - - position: starting - by-id: ps-3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-3_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-3_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-3.3 - adds: - - position: starting - by-id: ps-3.3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-3.3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-3.3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-3.3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-4 - adds: - - position: starting - by-id: ps-4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-4_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-4_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-5 - adds: - - position: starting - by-id: ps-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-5_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-5_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-5_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-6 - adds: - - position: starting - by-id: ps-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-6_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-6_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-6_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-7 - adds: - - position: starting - by-id: ps-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-7_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-7_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-7_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-7_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-7_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-7_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-8 - adds: - - position: starting - by-id: ps-8_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ps-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ps-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ps-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ps-9 - adds: - - position: starting - by-id: ps-9_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ps-9_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ra-1 - adds: - - position: starting - by-id: ra-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: ra-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: ra-2 - adds: - - position: starting - by-id: ra-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ra-3 adds: - position: ending @@ -15521,192 +2491,6 @@ profile: value: "(e) Requirement:" prose: Include all Authorizing Officials; for JAB authorizations to include FedRAMP. - - position: starting - by-id: ra-3_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-3_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-3_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-3_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: ra-3_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-3_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-3_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-3_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-3_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ra-3.1 - adds: - - position: starting - by-id: ra-3.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-3.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-3.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-3.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: ra-5 adds: - position: ending @@ -15776,1266 +2560,12 @@ profile: Warnings are commonly associated with scanning solutions that also perform compliance scans, and if the scanner reports a - \"warning\" as part of the compliance scanning of a CSO, follow + “warning” as part of the compliance scanning of a CSO, follow guidance surrounding the tracking of compliance findings during either the assessment phases (initial assessment, annual assessment or any SCR) or monthly continuous monitoring as it applies. Guidance on compliance scan findings can be found by searching - on \"Tracking of Compliance Scans\" in FAQs. - - position: starting - by-id: ra-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-5_obj.b.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.b.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.b.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ra-5.11 - adds: - - position: starting - by-id: ra-5.11_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5.11_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ra-5.2 - adds: - - position: starting - by-id: ra-5.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ra-5.3 - adds: - - position: starting - by-id: ra-5.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: ra-5.3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: ra-5.5 - adds: - - position: starting - by-id: ra-5.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-5.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ra-7 - adds: - - position: starting - by-id: ra-7_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: ra-7_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: ra-9 - adds: - - position: starting - by-id: ra-9_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: ra-9_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-1 - adds: - - position: starting - by-id: sa-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: sa-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: sa-11 - adds: - - position: starting - by-id: sa-11_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-11_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-11_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-11_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-11_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-11_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-11.2 - adds: - - position: starting - by-id: sa-11.2_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.b-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.b-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.2_obj.d-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-11.2_obj.d-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-11.2_obj.d-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-11.2_obj.d-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-11.2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-11.2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-11.2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-11.2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-15 - adds: - - position: starting - by-id: sa-15_obj.a.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-15_obj.a.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-15_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-15_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-15_obj.a.4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-15_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-15_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-15_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-15_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-15.3 - adds: - - position: starting - by-id: sa-15.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-15.3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-15.3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-2 - adds: - - position: starting - by-id: sa-2_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-2_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-2_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-2_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-2_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-2_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-22 - adds: - - position: starting - by-id: sa-22_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-22_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-22_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-22_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-3 - adds: - - position: starting - by-id: sa-3_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.d-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_obj.d-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. + on “Tracking of Compliance Scans” in FAQs. - control-id: sa-4 adds: - position: ending @@ -17067,228 +2597,6 @@ profile: See https://www.niap-ccevs.org/Product/index.cfm or https://www.commoncriteriaportal.org/products/. - - position: starting - by-id: sa-4_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_obj.i - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-4_smt.i - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sa-10 adds: - position: ending @@ -17306,110 +2614,6 @@ profile: prose: track security flaws and flaw resolution within the system, component, or service and report findings to organization-defined personnel, to include FedRAMP. - - position: starting - by-id: sa-10_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-10_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-10_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-10_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-10_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-10_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-10_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-10_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-10_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-10_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sa-11.1 adds: - position: ending @@ -17433,1144 +2637,6 @@ profile: If Static code analysis cannot be performed (for example, when the source code is not available), then dynamic code analysis must be performed (see SA-11 (8)) - - position: starting - by-id: sa-11.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-11.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-11.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: sa-4.1 - adds: - - position: starting - by-id: sa-4.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-4.10 - adds: - - position: starting - by-id: sa-4.10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4.10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-4.2 - adds: - - position: starting - by-id: sa-4.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-4.9 - adds: - - position: starting - by-id: sa-4.9_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-4.9_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-5 - adds: - - position: starting - by-id: sa-5_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.a.2-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.a.2-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.a.2-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.a.2-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.a.3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.1-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.1-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.2-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.2-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.3-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.b.3-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-5_obj.c-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-5_obj.c-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-5_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-5_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-8 - adds: - - position: starting - by-id: sa-8_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-8_obj-6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-8_obj-7 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-8_obj-8 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-8_obj-9 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-8_obj-10 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-9 - adds: - - position: starting - by-id: sa-9_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-9_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-9_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-9_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-9_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sa-9_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-9_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-9_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-9_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-9 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: sa-9.1 - adds: - - position: starting - by-id: sa-9.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-9.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sa-9.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sa-9.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-9.2 - adds: - - position: starting - by-id: sa-9.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-9.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sa-9.5 - adds: - - position: starting - by-id: sa-9.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sa-9.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-1 - adds: - - position: starting - by-id: sc-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sc-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sc-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sc-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sc-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: sc-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: sc-10 - adds: - - position: starting - by-id: sc-10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-17 - adds: - - position: starting - by-id: sc-17_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-17_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-17_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-17_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-18 - adds: - - position: starting - by-id: sc-18_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sc-18_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-18_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-18_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-2 - adds: - - position: starting - by-id: sc-2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-22 - adds: - - position: starting - by-id: sc-22_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-22_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-23 - adds: - - position: starting - by-id: sc-23_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-23_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-39 - adds: - - position: starting - by-id: sc-39_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-39_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-4 - adds: - - position: starting - by-id: sc-4_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-4_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-45 - adds: - - position: starting - by-id: sc-45_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-45_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sc-5 - adds: - - position: starting - by-id: sc-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sc-7 adds: - position: ending @@ -18594,402 +2660,6 @@ profile: to satisfy SC-7 part b and other controls. See the FedRAMP Subnets White Paper (https://www.fedramp.gov/assets/resources/documents/FedRAMP_subnets_white_paper.pdf) for additional information. - - position: starting - by-id: sc-7_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-7_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-7_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-7_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: sc-7.12 - adds: - - position: starting - by-id: sc-7.12_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.12 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: sc-7.18 - adds: - - position: starting - by-id: sc-7.18_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.18_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.18 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: sc-7.3 - adds: - - position: starting - by-id: sc-7.3_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.3_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: sc-7.4 - adds: - - position: starting - by-id: sc-7.4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-7.4_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-7.4_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-7.4_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.4_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.4_obj.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.4_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.4_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.4_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.4_smt.h - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.4 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-7.5 adds: - position: ending @@ -19006,100 +2676,6 @@ profile: value: "Guidance:" prose: For JAB Authorization, CSPs shall include details of this control in their Architecture Briefing - - position: starting - by-id: sc-7.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.5 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: sc-7.7 - adds: - - position: starting - by-id: sc-7.7_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.7_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.7 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: sc-7.8 - adds: - - position: starting - by-id: sc-7.8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-7.8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-7.8 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-8 adds: - position: ending @@ -19139,7 +2715,7 @@ profile: * From a load balancer to a compute instance - * Flows from management tools required for their work - e.g. + * Flows from management tools required for their work – e.g. log collection, scanning, etc. @@ -19184,10 +2760,10 @@ profile: Controlled Access Area (CAA): Data will be considered physically - protected, and in a CAA if it meets Section 2.3 of the DHS's + protected, and in a CAA if it meets Section 2.3 of the DHS’s Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. CSPs can meet Section 2.3 - of the DHS' recommended practice by satisfactory implementation + of the DHS’ recommended practice by satisfactory implementation of the following controls PE-2 (1), PE-2 (2), PE-2 (3), PE-3 (2), PE-3 (3), PE-6 (2), and PE-6 (3). @@ -19214,36 +2790,6 @@ profile: https://us-cert.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_Defense_in_Depth_Strategies_S508C.pdf - - position: starting - by-id: sc-8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-8 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-8.1 adds: - position: ending @@ -19292,30 +2838,6 @@ profile: \ many require encryption to be configured, and enabled by the\ \ customer. The CSP has the responsibility to verify encryption\ \ is properly configured." - - position: starting - by-id: sc-8.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-8.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sc-12 adds: - position: ending @@ -19346,36 +2868,6 @@ profile: prose: Wildcard certificates may be used internally within the system, but are not permitted for external customer access to the system. - - position: starting - by-id: sc-12_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-12 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-13 adds: - position: ending @@ -19465,56 +2957,6 @@ profile: prose: "At a minimum, this control applies to cryptography in\ \ use for the following controls: AU-9(3), CP-9(8), IA-2(6),\ \ IA-5(1), MP-5, SC-8(1), and SC-28(1)." - - position: starting - by-id: sc-13_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-13_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-13_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-13_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-13 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-15 adds: - position: ending @@ -19532,50 +2974,6 @@ profile: prose: The information system provides disablement (instead of physical disconnect) of collaborative computing devices in a manner that supports ease of use. - - position: starting - by-id: sc-15_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-15_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-15_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-15_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sc-20 adds: - position: ending @@ -19616,72 +3014,6 @@ profile: prose: CSPs are recommended to self-check DNSSEC configuration through one of many available analyzers such as Sandia National Labs (https://dnsviz.net) - - position: starting - by-id: sc-20_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-20_obj.b-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-20_obj.b-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-20_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-20_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sc-21 adds: - position: ending @@ -19733,36 +3065,6 @@ profile: * DNSSEC resolution to access a component inside the boundary is excluded. - - position: starting - by-id: sc-21_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-21_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-21 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-28 adds: - position: ending @@ -19796,36 +3098,6 @@ profile: value: "Guidance:" prose: Note that this enhancement requires the use of cryptography in accordance with SC-13. - - position: starting - by-id: sc-28_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-28_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-28 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: sc-28.1 adds: - position: ending @@ -19862,30 +3134,6 @@ profile: C. For a database application housing data for multiple customers, encryption with unique keys for each customer at the database record level may be more appropriate. - - position: starting - by-id: sc-28.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-28.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sc-45.1 adds: - position: ending @@ -19920,546 +3168,6 @@ profile: value: "Guidance:" prose: Synchronization of system clocks improves the accuracy of log analysis. - - position: starting - by-id: sc-45.1_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sc-45.1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sc-45.1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-45.1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sc-45.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-1 - adds: - - position: starting - by-id: si-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: si-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: si-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: si-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: si-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: si-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: si-11 - adds: - - position: starting - by-id: si-11_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-11_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-11_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-11_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-12 - adds: - - position: starting - by-id: si-12_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-16 - adds: - - position: starting - by-id: si-16_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-16_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-2 - adds: - - position: starting - by-id: si-2_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-2_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-2_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-2.2 - adds: - - position: starting - by-id: si-2.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-2.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-2.3 - adds: - - position: starting - by-id: si-2.3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-2.3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-2.3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-2.3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-3 - adds: - - position: starting - by-id: si-3_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-3_obj.c.1-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-3_obj.c.1-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-3_obj.c.2-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-3_obj.c.2-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-3_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-3_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-3 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - control-id: si-4 adds: - position: ending @@ -20475,396 +3183,6 @@ profile: - name: label value: "Guidance:" prose: See US-CERT Incident Response Reporting Guidelines. - - position: starting - by-id: si-4_obj.a.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4_obj.a.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4_obj.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4_obj.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4_obj.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4_smt.e - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4_smt.f - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4_smt.g - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-4.1 - adds: - - position: starting - by-id: si-4.1_obj-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4.1_obj-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-4.16 - adds: - - position: starting - by-id: si-4.16_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4.16_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4.16 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-4.18 - adds: - - position: starting - by-id: si-4.18_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4.18_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-4.2 - adds: - - position: starting - by-id: si-4.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4.2 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-4.23 - adds: - - position: starting - by-id: si-4.23_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4.23_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4.23 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-4.4 - adds: - - position: starting - by-id: si-4.4_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-4.4_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4.4_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-4.4_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: si-4.5 adds: - position: ending @@ -20880,30 +3198,6 @@ profile: - name: label value: "Guidance:" prose: In accordance with the incident response plan. - - position: starting - by-id: si-4.5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-4.5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: si-5 adds: - position: ending @@ -20919,284 +3213,6 @@ profile: Operational Directives applicable to their cloud service offering per FedRAMP guidance. This includes listing the applicable directives and stating compliance status. - - position: starting - by-id: si-5_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-5_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-5_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-5_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-5_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-5_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-5_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-5_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: si-6 - adds: - - position: starting - by-id: si-6_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-6_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-6_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-6_obj.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-6_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-6_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-6_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-6_smt.d - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-6 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-7 - adds: - - position: starting - by-id: si-7_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-7_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-7_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-7_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-7 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-7.1 - adds: - - position: starting - by-id: si-7.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-7.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-7.1 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-7.7 - adds: - - position: starting - by-id: si-7.7_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-7.7_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: si-8 adds: - position: ending @@ -21231,46 +3247,6 @@ profile: \ reports@dmarc.cyber.dhs.gov. DMARC compliance should be documented\ \ in the SI-08 control implementation solution description,\ \ and list the FROM: domain(s) that will be seen by email recipients." - - position: starting - by-id: si-8_obj.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-8_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-8_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-8_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: si-10 adds: - position: ending @@ -21286,434 +3262,6 @@ profile: - name: label value: "Requirement:" prose: Validate all information inputs and document any exceptions - - position: starting - by-id: si-10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: si-10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: si-10 - props: - - name: CORE - ns: https://fedramp.gov/ns/oscal - value: "true" - - control-id: si-8.2 - adds: - - position: starting - by-id: si-8.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: si-8.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-1 - adds: - - position: starting - by-id: sr-1_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-1_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-1_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-1_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-1_obj.a.1.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-1_obj.a.1.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-1_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-1_obj.c.1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-1_obj.c.2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-1_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - position: starting - by-id: sr-1_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sr-1_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - remarks: This response must address all control sub-statement requirements. - - control-id: sr-10 - adds: - - position: starting - by-id: sr-10_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-10_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-11.1 - adds: - - position: starting - by-id: sr-11.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-11.2 - adds: - - position: starting - by-id: sr-11.2_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11.2_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-12 - adds: - - position: starting - by-id: sr-12_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-12_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-2 - adds: - - position: starting - by-id: sr-2_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-2_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-5 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-6 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-7 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-8 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.a-9 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - position: starting - by-id: sr-2_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-2_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sr-2_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sr-2_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sr-2_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-2.1 - adds: - - position: starting - by-id: sr-2.1_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-2.1_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sr-3 adds: - position: ending @@ -21731,106 +3279,6 @@ profile: prose: CSO must document and maintain the supply chain custody, including replacement devices, to ensure the integrity of the devices before being introduced to the boundary. - - position: starting - by-id: sr-3_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-3_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-3_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sr-3_obj.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sr-3_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sr-3_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sr-3_smt.c - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - control-id: sr-5 - adds: - - position: starting - by-id: sr-5_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sr-5_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sr-6 adds: - position: ending @@ -21850,26 +3298,6 @@ profile: a commensurate security and compliance framework. CSOs must ensure that vendors are compliant with physical facility access and logical access controls to supplied products. - - position: starting - by-id: sr-6_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: TEST - class: fedramp - - position: starting - by-id: sr-6_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sr-8 adds: - position: ending @@ -21887,26 +3315,6 @@ profile: prose: CSOs must ensure and document how they receive notifications from their supply chain vendor of newly discovered vulnerabilities including zero-day vulnerabilities. - - position: starting - by-id: sr-8_obj - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-8_smt - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - control-id: sr-11 adds: - position: ending @@ -21924,88 +3332,6 @@ profile: prose: CSOs must ensure that their supply chain vendors provide authenticity of software and patches and the vendor must have a plan to protect the development pipeline. - - position: starting - by-id: sr-11_obj.a-1 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11_obj.a-2 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11_obj.a-3 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11_obj.a-4 - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11_obj.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - name: method - ns: https://fedramp.gov/ns/oscal - value: EXAMINE - class: fedramp - - name: method - ns: https://fedramp.gov/ns/oscal - value: INTERVIEW - class: fedramp - - position: starting - by-id: sr-11_smt.a - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. - - position: starting - by-id: sr-11_smt.b - props: - - name: response-point - ns: https://fedramp.gov/ns/oscal - value: You must fill in this response point. back-matter: resources: - uuid: 985475ee-d4d6-4581-8fdf-d84d3d8caa48 @@ -22020,10 +3346,10 @@ profile: rlinks: - href: https://www.fedramp.gov/assets/img/logo-main-fedramp.png - uuid: 051a77c1-b61d-4995-8275-dacfe688d510 - title: NIST Special Publication (SP) 800-53 + title: NIST Special Publication (SP) 800-53 revision 5 props: - name: version value: 5.1.1 rlinks: - - href: https://raw.githubusercontent.com/usnistgov/oscal-content/v1.2.0/nist.gov/SP800-53/rev5/yaml/NIST_SP-800-53_rev5_catalog.yaml - media-type: application/yaml + - href: NIST_SP-800-53_rev5_catalog.yaml + media-type: application/oscal+yaml